Why we must stop the plot to ban encryption

AnchorDesk

Why we must stop the plot to ban encryption

Robert Vamosi
Senior Editor, Reviews
Monday, February 24, 2003

Add your opinion

Forward in

Format for

There's a bumper sticker I often see that reads: "Play an accordion, go to jail. It's the law." It's a joke, of course. No such law exists. But the bumper sticker makes me think of U.S. Attorney General John Ashcroft's current effort to create a "use encryption, go to jail" law. Only I'm not laughing.

Encryption is one of the pillars of Internet security. Along with antivirus software and firewalls, the ability to encode data is essential for anyone who wants to keep information private. Without encryption, identity and intellectual property theft would occur far more often than they do today.

Yet, in an apparent effort to prevent U.S. citizens from keeping secrets from the government, the attorney general is pushing to include anti-encryption laws in a new round of homeland security legislation.

THIS IS NOT the first--nor, I expect, the last--time that the U.S. government has sought to regulate the use of encryption. But I believe we must oppose any attempts--backdoor or otherwise--to restrict or ban its use. Encryption is a basic element of our right to online privacy and, as such, must be protected.

This new piece of legislation--the Domestic Security Enhancement Act of 2003 (also known as Patriot Act II)--has not yet been made officially available to the public. But you can get a copy of the confidential document from the Center for Public Integrity. A hard copy obtained by Bill Moyers for PBS television indicated that the draft had already been sent to House Speaker Dennis Hastert and Vice President Dick Cheney for comment, although no members of Congress have been briefed on its contents.

Many of the proposed laws in the new act do not involve the Internet or high tech. For example, it calls for establishing a DNA database of "known terrorists," denying the release of detainees' names or alleged crimes (which is currently guaranteed in the Freedom of Information Act), and the automatic expatriation of U.S. citizens who join terrorist organizations.

But one section, titled "Use of encryption to conceal criminal activity," does relate to technology. It makes the use of encryption to conceal a federal crime or an attempted federal crime an offense punishable by five to ten years in prison (in addition to the sentence imposed for the crime itself). I imagine they're thinking about high-profile terrorism-related crimes, not your garden-variety copyright violators.

ENCRYPTION HAS LONG BEEN a contentious issue for the U.S. government. Even though the National Security Agency was responsible for refining encryption during the Cold War, it seems the feds don't want that technology getting into the hands of the average person. In the 1990s, the government tried and failed to stop Phil Zimmerman from selling the first user-friendly encryption software, PGP, either domestically or abroad. Once PGP was available, pretty much any computer user could make a file unreadable to anyone else--including the feds--who didn't have the encryption key.

With the recent commercial rerelease of PGP, and with encryption slowly finding its way into mainstream compression products such as PKZip and CuteZip, the government is once again bent out of shape. Its justification for regulating encryption? That a handful of bad people could use the technology to deceive the government.

Fact is, many technologies are used by bad people to do evil things. Take, for example, steganography, another technology that securely hides data. It's so good that law enforcement can't detect whether a file's been altered by steganographic means or not. Two years ago there was a rumor that Osama bin Laden was using steganography to communicate with his associates by hiding detailed plans within commonly available MP3 and pornographic images on the Internet. Whether or not this is true remains to be seen. But even if it were true, would that be reason to ban the use of this powerful and potentially beneficial technology?

I SAY: No! We've already made using the Internet to commit certain crimes punishable by a maximum sentence of life in prison--longer than the sentences for manslaughter or rape. If we allow this small restriction, it could set a precedent that would embolden the government to whittle away at our right to use encryption in other ways, too.

Of course, it's possible the draft report itself is a red herring. Who knows whether this proposed legislation will actually include the encryption restrictions when--and if--it is made public. Here's what I hope: News of this anti-encryption law will spread, and, before long, we'll see "Use encryption, go to jail" bumper stickers. Such an effort would certainly boost encryption's use and acceptance in the mainstream population, and secure the Internet at the same time. Maybe that's what Mr. Ashcroft intended all along. You think?

What do you think of the proposed laws regulating the use of encryption? Should encryption ever be illegal? Why or why not? TalkBack to me!

Special sponsor stores

Dell Home

Virtualization

How to Harness the "Cheap Computing" Revolution: Utility Computing.The Fundamental Shift in Data Center Economics Read the whitepaper on TechRepublic
Virtualize and Optimize Your IT Infrastructure It is not how much you invest, but the strategy behind your investments that optimize your IT infrastructure. View the on-demand webcast to learn more
From our sponsors
Server Virtualization
Deciding What You Need to Purchase What type of virtualization do you need? Click here to find out more