Canada Flag . . . . . Blue Ribbon . . . . . Any Browser :-)

"WW III? No thanks...!" On-Line Library

What is an appropropriate response?
Political and philosophical considerations after the attack on the Word Trade Center 

Disputes on Electronic Message Encryption Take On New Urgency

John Schwartz
September 25, 2001

The attacks on the World Trade Center have reawakened a debate on how 
strongly the public -- and by extension terrorists and other criminals -- 
should be able to encrypt their electronic messages.

The technology of scrambling data and messages has become a crucial 
element of computer security for businesses and consumers alike. Officials
of law enforcement and intelligence agencies have long warned lawmakers 
that they were unable to break the strongest encryption products, and that
crimes eventually would be committed that might otherwise have been 
prevented.

"We can give our codebreakers all the money in the world, but the 
technology has outstripped the codebreakers," said Senator Judd Gregg, 
Republican of New Hampshire, who has met with Attorney General John 
Ashcroft and other officials to get encryption limits on the legislative 
agenda.

The F.B.I. has not said publicly whether the hijackers who attacked the 
World Trade Center and the Pentagon even used encryption to cloak their 
communications. But Philip R. Zimmermann, the creator of one of the most 
popular encryption programs, known as P.G.P., for Pretty Good Privacy, 
said that he would be surprised if this were not the case.

"I just assumed somebody planning something so diabolical would want to 
hide their activities using encryption," Mr. Zimmermann said.

Senator Gregg said he will not make a specific legislative proposal until 
he sees what Attorney General Ashcroft includes in the final version of 
his broad anti-terrorism bill. But he said he wanted to see legislation to
order encryption companies that sell products in the United States to 
include a back door that would allow government access when "a bad guy or 
a terrorist" uses encryption. "Law enforcement agencies, after pursuing 
proper law enforcement restrictions, will have access" to the encrypted 
data, he said.

Proposals for such systems, known as "key escrow" because a key that 
unlocks encrypted messages would be stored and made available to law 
enforcement, were the subject of bitter debate in the mid- 1990's. The 
Clinton administration proposed a technology popularly known as the
"Clipper Chip" that would provide back- door access for law enforcement, 
and also restricted the export of strong encryption products by American 
firms.

Over time, however, the administration's two-pronged encryption initiative
failed. Companies and consumers said they would not use a product that had 
government access built in, and argued that criminals surely would not; 
the trove of escrowed keys, they argued, would itself become a prime 
target of hackers and spies.

Also, encryption companies were able to show that foreign competitors were
already producing strong encryption products that rendered any export ban 
useless. By the end of the Clinton administration, the Clipper proposal 
was dead and the export controls were largely lifted.

To experts like Dorothy E. Denning, a professor of computer science at 
Georgetown University who supported the Clinton administration's key 
escrow efforts, the issue was properly settled and should not be reopened.

"We had all those debates a few years ago at a time when we could 
rationally debate it -- the consensus really emerged," said Professor 
Denning, "that regulating encryption wasn't the right thing to do."

But Senator Gregg argued that the issue should, in fact, be reopened.
"This is an attempt to find a functional approach to this that both sides 
can agree with," he said.

He is recommending that Congress create a "quasi-judicial" body appointed 
by the Supreme Court that would handle subpoenas for encryption keys to 
avoid one of the objections to the original Clinton administration plan. 
But he also acknowledged that criminals and terrorists would find 
alternatives to any escrowed system.

"Nothing's ever perfect," he said. "If you don't try, you're never going 
to accomplish it. If you do try, you've at least got some opportunity for 
accomplishing it."

For Mr. Zimmermann and many other programmers who have brought encryption 
products to market, the Sept. 11 attacks brought reflection on the balance
between the good uses of encryption and the bad.

"Did I reexamine the question? Of course I did," he said. "But after some 
reflection, the conclusion is still the same."

"I have no regrets," said Mr. Zimmermann, whose product was distributed 
free of charge via the Internet. "I did this for human rights 10 years ago,
and today every human rights group uses it. And I feel very good about 
that."

A newspaper article last week suggested that Mr. Zimmermann felt guilty 
about P.G.P., but he said the account, which appeared in The Washington 
Post (news/quote), misrepresented his views; he had only said that he felt
bad that his technology might have been used for evil ends, "the way that 
the Boeing (news/quote) engineers felt bad that their airplanes were used"
to commit the attacks, he said.

Last week a group of 150 civil liberties organizations from across the 
political spectrum urged lawmakers to consider with caution any measures 
that might reduce the rights of citizens. The coalition stressed what, in 
a statement, it called the "need to consider proposals calmly and 
deliberately with a determination not to erode the liberties and freedoms 
that are at the core of the American way of life."

Source:
http://www.nytimes.com/2001/09/25/technology/25CODE.html