Crypto debate likely to be revived

Attempts to give government agents cybersurveillance tools and better access to the keys that decrypt sophisticated private networks are likely to reignite on Capitol Hill as the subject of terrorism captivates lawmakers.
Written by Doug Brown, Contributor

Attempts to give government agents cybersurveillance tools and better access to the keys that decrypt sophisticated private networks are likely to reignite on Capitol Hill as the subject of terrorism captivates lawmakers.

Privacy, free speech, even the competitiveness of the domestic software industry could be greatly affected by the outcome of any new policy approaches aimed at preventing further violence and catching terrorists, experts said.

Indeed, the man who championed the FBI's fight during the Clinton years to keep tight restrictions on the export of strong encryption and to impose a domestic third-party key recovery system promises to renew the debate in the House.

In coming days "we'll have more to say" about the degree to which U.S. companies can freely sell encrypted software, a spokesperson for Rep. Mike Oxley, an Ohio Republican and former FBI agent, said last week.

Another Congressional member, Senator Judd Gregg, R-N.H., last week called for a global prohibition of encryption products that lack a back door for government surveillance.

After a tough fight that pitted privacy advocates and the technology industry against defense and law enforcement officials concerned that strong encryption helps terrorists hide their communications, President Bill Clinton last year put in place regulations that let U.S. software companies export encrypted products without such restrictions.

The issue has remained dormant since the new regulations were administered, but now civil liberties and industry groups are fearful that as members of Congress wade through the policy implications of terrorism, they will revisit the encryption debate.

"Oxley has been the lead in that for some time, and it's conceivable that it will get a second look," said Stewart Baker, a partner in the Washington law firm of Steptoe & Johnson and former general counsel for the National Security Agency.

"That fight has been over for a while and the Bush administration seems not to want to revive it, so I'm not sure whether his proposal will have legs. But it could if we discover that a lot of these communications between some 50 terrorists were aided by encrypted communications. . . . Obviously after an event [like Sept. 11], there will be some reconsideration of that."

But opponents said they will watch any new encryption proposals closely to make sure privacy, free speech and the ability of software companies to compete globally are not violated.

"I think the privacy and civil liberties community will be prepared to respond to specific proposals, and the burden is going to be on the proponents to show why we should upset a very careful balance that we have developed in this country," said David Sobel, general counsel for the Electronic Privacy and Information Center. "I'm hopeful that once the passions of the moment recede, these proposals are not likely to advance."

Baker, however, said new crypto-cracking tools and cybersurveillance systems like the Carnivore could — and should — be given more attention.

"We'll probably find some lessons [from the attacks] and those will lead to changes in the law, and they will likely lead to changes that restrict privacy, rather than respect it," Baker said. "I think the NSA and our intelligence gathering capabilities have been frozen in time and funding has been sparse for a decade, and support for risky or embarrassing intelligence gathering has been near zero." Now, Baker said, "we have to be more supportive of that kind of aggressive intelligence gathering."

Technology policy partisans in Washington are also preparing for what they believe will be inevitable scrutiny of issues with at least tangential relationships to terrorism, such as privacy and free speech.

"I can expect that members of Congress might want to say that people are using the Internet to communicate and terrorists are out there using it, but they are also on the phone network and they also send mail. Many things we learn about the situation we learn through the open marketplace of ideas," said Jerry Berman, executive director of the Center for Democracy and Technology. "The marketplace has rough speech, but it also has the only communication link some people had during this tragedy."

It's time for civil libertarians to stand and fight, although there will be pressure to shrink from the debate, said Robert Ellis Smith, publisher of Privacy Journal and a respected authority on privacy law and policy.

"It's a very dangerous time we're in right now," said Leslie Weinstein, moderator of an online discussion group called Privacy Forum and co-founder of People for Internet Responsibility, a cyberspace civil liberties activist group, "not just in terms of the terrorists, but how we react to them."

Editorial standards