In Internet Age, Who'll Eavesdrop?
US crimefighters and privacy advocates take steps to end stalemate, but dispute runs deep.
San Francisco — Secret codes have been used in the military arena for centuries. Now they're about to wash into routine aspects of daily life as the civilian world goes digital.
Whether a phone call to Mom, a credit-card purchase, or the transfer of sensitive personnel files, the Internet and other electronic networks will hum with sensitive information scrambled for protection.
Feel safe? Before answering, factor in that this same coding technology helped the World Trade Center bomber mask terrorist plans he had outlined on his laptop computer.
It's proving to be a central conundrum of the Information Age: Electronically coded - or encrypted - information can protect your privacy, but it can also help shield crooks from the law.
In recent days, there have been some steps toward resolving what has become a protracted dispute between privacy advocates on one side, and law-enforcement and national-security officials on the other. Last week the Clinton administration eased its national-security stance somewhat, allowing American companies to sell encryption software to financial institutions in select countries.
And on July 13, a group of those companies, led by Cisco Systems, announced a new type of system that would give law enforcement access to coded messages under special conditions.
But most analysts depict these moves as small steps, a sign of how deep the stalemate goes on the broader issue.
"The Information Age is built on openness, and this dispute hits at the very core of this new culture," says Frank Cilluffo, senior analyst at the Center for Strategic and International Studies in Washington. While the explosion in information - and access to it - has created legitimate security concerns, attempts to impose controls that worked in the past are probably futile, he says.
Encoded messages are meant to be decipherable only by the sender and the receiver. But national-security and law-enforcement officials are adamant that they must have guaranteed access to that data to do their job. The Federal Bureau of Investigation wants to tighten domestic controls so it can penetrate, under the normal judicial restraints, any encrypted information used within the United States. And internationally, the Clinton administration has prohibited export of powerful encoding software unless the product has a "key" that will allow government access. This usually means a third party holding the decoding key so it is available to authorities.
Privacy advocates are horrified at the implications of the government's key-access policy, fearing the "keys" could too easily fall into the wrong hands, proving to be more dangerous than the original threat. They're joined by many in the software industry that sees foreign firms gaining a competitive advantage in the encryption-software market.
Industry is also eager to develop strong encryption so consumers feel comfortable buying products online. They worry that back-door access to encrypted material undermines consumer confidence.
Cisco's announcement earlier this week may address some government concerns because the new technology would have access built in. But civil libertarians are concerned that if approved for export, it would put government - as opposed to consumers - in the position of dictating the evolution of a key technology.
"I don't believe there is a way to compromise this issue," says Jerry Berman, director of the Center for Democracy and Technology, who has helped hammer out legislative compromises on privacy issues for many years in Washington.
The problem, as he sees it, is that the FBI and the emerging world of digital information and communication operate with different paradigms. "They want to be able to interrupt and have the kind of access to information they had under the current communications network. We're saying the requirements of the new digital world are fundamentally different."
Barry Smith, an FBI encryption specialist, says law enforcement must retain its ability to search and wiretap. "The technology now precludes us from getting what we're entitled to," he says. "Nonbreakable encryption is a safe haven for criminal activity."
Most privacy advocates don't dispute law enforcement's right to access, just its requirement that every product contain access, which creates other security threats.
"The level of crime will go up if the government wins," predicts Richard Epstein, a University of Chicago law professor.
Several analysts say the gravest initial concerns about strong encryption came from the National Security Agency. But with more than 800 encryption products now readily available on the world market, these analysts say the agency has softened its opposition to exports, recognizing the genie is already out of the bottle.
Domestically, though, opposition to software that doesn't come with back-door access remains strong from FBI Director Louis Freeh and his boss, US Attorney General Janet Reno. Mr. Smith says the FBI doesn't insist on "keys," but is firm in wanting industry to come up with some form of guaranteed access.
The issue has created an eclectic group of opponents to government policy: liberal Sen. Barbara Boxer (D) of California, conservative Rep. Tom DeLay (R) of Texas, and Jack Quinn, a former member of Vice President Al Gore's staff and now counsel to Americans for Computer Privacy. But Mr. Quinn says discussions are under way about establishing a public-private center sharing industry's best encryption expertise with government.