This work is licensed under a Creative Commons Attribution 4.0 International License.
August 12, 1997
CAMBRIDGE, MASS.—Like the Colt revolver, the computer is a great equalizer. It brings instant, unbreakable encryption within everyone’s reach, so that we can protect our communications in ways that used to be available only to governments and large corporations.
For the same reasons, computers equalize the ability to wiretap. If a secret encryption key is short enough to be cracked by national law enforcement agencies responsible for tracking terrorists, it is short enough to be cracked by the average schmo. Individually, your computing power and mine may be too small to try all possible combinations and crack the key during our lifetimes, but we can combine together with thousands of other average schmoes to do it.
That was what a team of computer users did recently under a challenge from the RSA software company, to prove that the maximum encryption allowed for export by the U.S. Commerce Department is too weak to protect anyone. The U.S. government wants the ability to crack codes used by foreigners, but anything it can crack is also wide open to a large company or foreign government—anybody who can afford a supercomputer.
My advice to governments is to look for other ways to stop crime—informants, the collection of evidence—and let us have our strong encryption. But most governments are not going to passively give up their ability to wiretap and read mail.
It is impossible to ban encryption entirely. People determined to use it would resort to hidden messages, following a long and honorable discipline called steganography. Here’s how it might work: I could send you a 200 Megabyte image in which the every 32nd bit (the first bit of every fourth byte) spelled out a message. Nobody could detect anything wrong with the image by viewing it, because 31 of every 32 bits would be normal. Only you would know how to extract the real message.
Furthermore, governments know that encryption is critical to promoting commerce on the Internet. It is needed to sign contracts, ensure the correct reception of payments, and protect trade secrets and market data being sent from one company employee to another. Encryption is becoming more and more part of the Internet infrastructure. For instance, future versions of the Domain Name System, which is queried by user programs whenever they try to reach a remote computer system by name, might use encryption to assure that users reach the right servers.
So several governments, led by the U.S., are searching for a compromise that allows them to snoop on criminals while protecting the general public from crackers.
Unfortunately, the government proposals, such as the U.S. Clipper chip and the current McCain-Kerrey bill (S. 909) in the Senate, are not real compromises. Called “key escrow” or “key recovery” systems, they weaken the safety of encryption too much. They require everyone to leave their keys in centralized databases where the government can gain access through a court warrant. These databases will make delicious targets for crackers, who have proven that they can get in anywhere (including secret military sites).
Even the government is not totally to be trusted. Electronic snooping is so much easier than physically wire-tapping phones that we can expect burgeoning surveillance under various pretexts like terrorism.
Centralized systems also add an undetermined (but possibly prohibitive) cost that will be passed on to the consumer—who never wanted key recovery in the first place!
The government does not directly challenge user choice by making encryption mandatory. Instead, it tries to introduce its system into widespread use by requiring its use on government networks and for government business. They expect that the public will adopt their system universally rather than juggle one system for government business and another for private use.
A real compromise has been offered by British barrister Alistair Kelman. He attacks the scariest aspect of key recovery: that we don’t know when our keys are being released or to whom. He suggests the same centralized database, with the provision that every time a key is released, the owner is notified and the key is declared invalid. Law enforcement officials could demand keys only after a suspect has been arrested and charged with a crime.
This would permit the government to store messages from suspicious individuals and decrypt them later to use as evidence during a criminal trial. It would rule out wide-ranging surveillance of suspects and undesirables, a limitation that law enforcement will complain about but that eliminates the worst abuses wiretapping has been known for.
Kelman’s solution is not ideal. It preserves the centralized databases that have been criticized for their vulnerability and their cost. But it offers governments a chance to show their respect for privacy. Let us see whether anyone in government takes up his thread.
This work is licensed under a Creative Commons Attribution 4.0 International License.
Editor, O’Reilly Media
Author’s home page
Other articles in
chronological order
Index to other articles