Disputes on Electronic Message Encryption Take On New Urgency John Schwartz September 25, 2001 The attacks on the World Trade Center have reawakened a debate on how strongly the public -- and by extension terrorists and other criminals -- should be able to encrypt their electronic messages. The technology of scrambling data and messages has become a crucial element of computer security for businesses and consumers alike. Officials of law enforcement and intelligence agencies have long warned lawmakers that they were unable to break the strongest encryption products, and that crimes eventually would be committed that might otherwise have been prevented. "We can give our codebreakers all the money in the world, but the technology has outstripped the codebreakers," said Senator Judd Gregg, Republican of New Hampshire, who has met with Attorney General John Ashcroft and other officials to get encryption limits on the legislative agenda. The F.B.I. has not said publicly whether the hijackers who attacked the World Trade Center and the Pentagon even used encryption to cloak their communications. But Philip R. Zimmermann, the creator of one of the most popular encryption programs, known as P.G.P., for Pretty Good Privacy, said that he would be surprised if this were not the case. "I just assumed somebody planning something so diabolical would want to hide their activities using encryption," Mr. Zimmermann said. Senator Gregg said he will not make a specific legislative proposal until he sees what Attorney General Ashcroft includes in the final version of his broad anti-terrorism bill. But he said he wanted to see legislation to order encryption companies that sell products in the United States to include a back door that would allow government access when "a bad guy or a terrorist" uses encryption. "Law enforcement agencies, after pursuing proper law enforcement restrictions, will have access" to the encrypted data, he said. Proposals for such systems, known as "key escrow" because a key that unlocks encrypted messages would be stored and made available to law enforcement, were the subject of bitter debate in the mid- 1990's. The Clinton administration proposed a technology popularly known as the "Clipper Chip" that would provide back- door access for law enforcement, and also restricted the export of strong encryption products by American firms. Over time, however, the administration's two-pronged encryption initiative failed. Companies and consumers said they would not use a product that had government access built in, and argued that criminals surely would not; the trove of escrowed keys, they argued, would itself become a prime target of hackers and spies. Also, encryption companies were able to show that foreign competitors were already producing strong encryption products that rendered any export ban useless. By the end of the Clinton administration, the Clipper proposal was dead and the export controls were largely lifted. To experts like Dorothy E. Denning, a professor of computer science at Georgetown University who supported the Clinton administration's key escrow efforts, the issue was properly settled and should not be reopened. "We had all those debates a few years ago at a time when we could rationally debate it -- the consensus really emerged," said Professor Denning, "that regulating encryption wasn't the right thing to do." But Senator Gregg argued that the issue should, in fact, be reopened. "This is an attempt to find a functional approach to this that both sides can agree with," he said. He is recommending that Congress create a "quasi-judicial" body appointed by the Supreme Court that would handle subpoenas for encryption keys to avoid one of the objections to the original Clinton administration plan. But he also acknowledged that criminals and terrorists would find alternatives to any escrowed system. "Nothing's ever perfect," he said. "If you don't try, you're never going to accomplish it. If you do try, you've at least got some opportunity for accomplishing it." For Mr. Zimmermann and many other programmers who have brought encryption products to market, the Sept. 11 attacks brought reflection on the balance between the good uses of encryption and the bad. "Did I reexamine the question? Of course I did," he said. "But after some reflection, the conclusion is still the same." "I have no regrets," said Mr. Zimmermann, whose product was distributed free of charge via the Internet. "I did this for human rights 10 years ago, and today every human rights group uses it. And I feel very good about that." A newspaper article last week suggested that Mr. Zimmermann felt guilty about P.G.P., but he said the account, which appeared in The Washington Post (news/quote), misrepresented his views; he had only said that he felt bad that his technology might have been used for evil ends, "the way that the Boeing (news/quote) engineers felt bad that their airplanes were used" to commit the attacks, he said. Last week a group of 150 civil liberties organizations from across the political spectrum urged lawmakers to consider with caution any measures that might reduce the rights of citizens. The coalition stressed what, in a statement, it called the "need to consider proposals calmly and deliberately with a determination not to erode the liberties and freedoms that are at the core of the American way of life." Source: http://www.nytimes.com/2001/09/25/technology/25CODE.html