Civil Rights Activists Say, "Sniff This!" 
Encryption is one solution to Net censorship 
By Denise Caruso

May 1996 -- Magazine Column
Copyright © 1996 Mac Publishing, L.L.C. 


On February 8, President Clinton lifted his pen to sign the scabrous 
Telecommunications Reform Act of 1996. Under cover of increasing market 
competition for telephone and cable services, this law makes the most 
sweeping attack on free speech in U.S. history. In banning so-called indecent 
material, it is also likely to make illegal safe-sex discussion groups and any 
discussion of abortion--which, last I heard, was still a legal medical procedure.

The law is just one example of how our personal freedoms are fast eroding as 
digital technologies make it feasible to monitor electronic communications. 
Remember last year's half-billion-dollar "digital telephony" bill? It gave 
federal law-enforcement officials the power to force every phone company to 
ready its networks for surveillance. In short, data sniffers and their masters--
whoever they may be--are finding ways to find out what you're up to, 
whoever you are and whatever you're doing, whether you're on the phone, 
sending E-mail, or surfing the Web. 

Jim Warren, an industry activist and a founder of the annual Computers, 
Freedom, & Privacy conference, suggests that journalists and activists fight 
back by encrypting all their electronic communications--both E-mail and 
telephone conversations. But why stop with journalists and activists? Maybe 
it's time for us all to start encrypting what we say and write.


PGP Privacy Is Better Than None

Digital encryption uses a mathematical key to scramble a message so that 
neither human nor electronic snoopers can read it. The encryption 
technology that Warren proposes is called PGP, or Pretty Good Privacy, 
written by programmer Phil Zimmerman using a patented technique called 
public-key encryption (RSA Data Security holds the patent).

Voice mail provides the closest analogy for how PGP works. Just as I can give 
you my phone number, publish it in a directory, or even broadcast it on TV, I 
can give you my public key, which you then use to encrypt a message to me. I 
can only retrieve your message by using my private key, which in the case of 
voice mail is my password. Unlike voice mail, PGP also scrambles the 
message so that if some outsider intercepts it in transit or finds it in my 
mailbox, he or she still can't read it. And, if I use my private key to send you a 
message, I've effectively signed it, so you know that the message is mine, 
unaltered by anyone else.

Encryption is entirely legal for use inside U.S. borders. Yet encryption 
technologies, long used for protecting secret military and government 
communications, are legally regarded as munitions, as dangerous as a truck 
full of artillery shells, so are subject to strict export control. A few years ago 
someone anonymously published PGP on the global Internet, and 
Zimmerman was subjected to a three-year criminal investigation. (In early 
1996 the government decided not to prosecute.)


Cause for Concern

Government security specialists are terrified of the widespread use of 
encryption, and with reason. Strong encryption widely available for free lets 
criminals of all stripes--child pornographers, terrorists, drug dealers, you 
name it--make their communications private and untappable.

And just imagine the weird stuff that could happen in the business world if 
disgruntled employees started encrypting corporate databases and throwing 
away the keys or holding them hostage. And since you can also use 
encryption to scramble files on your hard disk, you could accidentally inflict 
upon yourself a pretty horrible day/week/life if you ever forgot where you 
put the key. 

In a perfect world, we wouldn't need to think about these things. We would 
not worry about who or what was sniffing our E-mail or listening to our 
phone calls or cruising our hard disks. Our elected officials would respect the 
primacy of the Constitution and the rights of the citizenry they serve, and 
address the real social ills from which criminal acts spring.

But since the world is far from perfect, anyone who uses a computer and the 
Internet should hear all sides of the encryption debate. The decision to 
encrypt personal communication within this country is a political act that we 
still have the luxury to practice today. It is already illegal in many countries to 
use encryption for any reason without a license from the government.

Comprehensive archives on encryption can be found at the Web site of the 
Electronic Frontier Foundation (http://www.eff.org), and through the 
Electronic Privacy Information Center (http://www.epic.org). You can 
download PGP and PGPfone (to encrypt voice communication) for 
noncommercial (domestic) use from the Web at http://www-
swiss.ai.mit.edu/~bal/pks-toplev.html.
________

Denise Caruso is a journalist, analyst, and commentator on technology in 
society. Her Digital Commerce column appears in the New York Times.

May 1996 page: 244