Back to index
Levy, Steven. Trying to find the key: how do you keep a secret on the
Internet? (use of cryptography to protect information in
cyberspace)(Column). In Newsweek Oct 14 1996, v128, n16, p91(1).
How do you keep a secret on the Internet? The government and business
can't seem to agree.
AT FIRST BLUSH IT SEEMS ALmost wacky that an esoteric subject like
cryptography-the use of secret codes that scramble information so
eavesdroppers can't read it--would wind up becoming a political flash
point. Yet policy in this area has proved to be a constant
bedevilment to the current administration, "the Bosnia of
telecommunications," as a Clinton staffer once moaned. The
administration has been forced to choose between two sides: the
anti-crypto intelligence and lawenforcement agencies, driven mainly
by a concern that uncrackable scrambling technology will curtail
their legal surveillance activities. And the pro-crypto business
interests, allied with civilliberties groups and Internet
enthusiasts, who want encryption used far and wide to provide privacy
to individuals and to promote safe electronic commerce. So far, the
administration has favored the anti-crypto forces, in the process
outraging its high-tech constituency. But last week Vice President Al
Gore offered some compromises. Despite this, he hasn't cracked the
code. That's unfortunate, because if we fail to come up with a smart
approach to this seemingly obscure issue, we will all wind up for the
worse.
Here's why this matters: the information explosion has given us not
one but two doomsday clocks, both ticking inexorably toward midnight
disaster. First is the Crypto Anarchy Clock. This presumes that if
the government doesn't step in and do something, strong cryptography
will flourish. If that happens, all our messages will fly around the
world in a scrambled form where no snoopers can ever divine their
content. What's wrong with that? Terrorists, kiddie pornographers,
money launderers and kidnappers will embrace these technologies,
creating information safe havens where they can gleefully plan their
evil deeds without fear that cops or spies are listening in.
On the other hand, there is a second deadly timepiece: the Insecurity
Clock. This takes into account that with every passing day we entrust
more and more of our lives to information accessible to computer
networks, everything from medical data to financial transactions to
steamy love letters. These networks are perilously vulnerable, and
will remain so until we widely implement the best tool available to
secure them: cryptography, built into the system so everyone uses it.
We've grown accustomed to the barrage of small compromises by hackers
and crooks, but unless we move faster to unleash crypro solutions, we
may soon face major incidents of sabotage that could shut down the
engines of commerce or even imperil lives. After all, everything from
air-traffic control to the electric grid is now run on computers.
It's the tolling of that second clock that we should dread the most,
but the administration has put a higher priority on holding back the
hands of the first clock. To do so, it has cooked up a series of
schemes, beginning with the ignominious Clipper Chip. Though details
vary, all focus on one grand yet untested solution: a means by which
the government would be able to escrow the "keys" that keep the
information secret. (Think of it this way: the Feds will allow you to
own a safe, but only if they have a way to get the combination.) This
approach has been savaged by the privacy activists and spurned by the
companies asked to sell it. After all, the point of cryptography is
to keep a secret. Why choose a system that admits an outsider?
Pushed to the wall, Gore last week announced the new, gentler policy.
In a way, it's sort of a Hail Mary pass in which the government has
made every compromise it feels possible in order to sweeten the
bitter idea that people should adopt crypro systems with back doors
for legally authorized cops and spies. In part it exploits a new
approach from IBM called key recovery, which grants government
snoopers the same sort of access as with the escrow schemes, but
prevents potential abuse. If computer companies agree to begin
devising a key-recovery system, the United States will let them
export a stronger form of cryptography immediately, for up to two
years.
Some companies have taken encouragement at this conciliatory action.
(Microsoft, for instance, expressed reservations but applauded it as
a"first step forward.") But other companies are not at all mollified:
Netscape's CEO James Barksdale not only claims the new policy "won't
work," but says it has led him to endorse Bob Dole, who promises a
lighter hand in regulating codes. Privacy activists still chafe at
the idea that the FBI and the NSA claim a voice in setting
communications policy. Congressional critics, who have already
introduced bills to dramatically ease the export restrictions, don't
think it will solve the problem, either. "If the government continues
on this path, people will really say to Europe and Japan, 'What do
you have to offer?'" says Sen. Patrick Leary. Jim Bidzos, head of the
influential crypto company RSA, says that it's quite possible that
within two years, such foreign competitors, not bound by U.S. export
laws, will steal the market from American companies. Meanwhile, the
clocks--both of them--keep ticking.
Technologies can be like rivers, insisting on their natural course.
It is possible to alter their directions, at great expense, by
damming them. But you can't make them flow in the opposite direction.
With honorable intentions, that's what the Clinton administration is
attempting to do with cryptography, and that's why its officials find
themselves neck deep in Big Muddy. Instead of fighting the crypto
revolution, we should embrace it. Why not try to fully exploit the
protection this technology offers us, while at the same time figuring
out strategies to mitigate its inevitable abuses? Wise heads
understand: the best thing to do with a river is build a city
alongside it.
COPYRIGHT 1996 Newsweek Inc.