Hey *I* want some of the 4096 bit encryption! :-). Cheers, Bob Hettinga "My coun-try 'tis of thee, land of plu-to-cracy..." Forbes/duPont 2000 ;-). --- begin forwarded text Delivered-To: ignition-point@majordomo.pobox.com X-Sender: believer@telepath.com Date: Fri, 23 Oct 1998 15:06:12 -0500 To: believer@telepath.com From: believer@telepath.com Subject: IP: Data Encryption and the First Amendment: Pete duPont Mime-Version: 1.0 Sender: owner-ignition-point@majordomo.pobox.com Precedence: list Reply-To: believer@telepath.com Source: Intellectual Capital http://www.IntellectualCapital.com/issues/98/1022/iced.asp Data Encryption and the First Amendment by Pete du Pont October 22, 1998 The microprocessor and the Internet have created an information revolution that is sweeping the globe. This revolution is putting information once available only to the media, political and intellectual elite into the kitchens of ordinary people all across America and opening previously locked cabinets in government, industry and academe. In short, the information revolution is empowering people; it is giving them the tools and the information to make informed choices for themselves. People can more easily exchange information with one another -- buy, sell, discuss and decide among different options. Already, e-mail exceeds regular mail usage by 10-to-1. Forrester Research reports that $8 billion in goods and services were traded over the Internet in 1997; by 2002, 21 million homes will be doing online financial transactions worth $327 billion. Essential to this commercial and personal communication is security. We want to know that our information travels safely, without alteration or eavesdropping, and that there is neither information theft nor identity fraud. Which means that we must encrypt our data, so that only intended parties can access it. A glimpse into the future In the U.S. banking system, for example, just two of the largest fund-transfer systems transmit more than 300,000 electronic fund-transfer messages worth $2 trillion every day. For obvious security reasons, the Treasury Department already requires that all electronic fund transfers be encrypted. For those of us doing commerce at a somewhat smaller order, or simply e-mail or information transfers, security is equally compelling. One of the primary tasks of government is to protect the interests and property of citizens, and in the information and e-commerce age, enhancing the encryption of data to ensure its integrity should be one of our government's priorities. The good news is that encryption technology is galloping forward. What was state of the art a few years ago is now rearview-mirror encryption. Today, 56-bit encryption, with its 72 trillion combinations, is giving way to 128-bit encryption. A Canadian company called Jaws Technology has a new technology with 4,096-bit encryption. Cracking it, its creators say, would require the equivalent of hitting 1,000 consecutive holes in one on the golf course from a 150-yard tee. The bad news is that our government is demanding limits on encryption technology and demanding access to all our encrypted messages -- financial, commercial and ordinary e-mail. The government's efforts began with the Clipper chip in 1993. The Clipper chip would have required encryption users to submit their encryption keys to a government database. It met with such a hail of objections from technical and civil liberties groups that it never came to pass, but the idea lives. The government currently is seeking both the funding of a huge new encryption technology center and the means to access any computer communication individuals might generate. The case against limits on encryption It seems to me that all of this is wrongheaded, that these demands for government access to our computer transmissions are based on three false assumptions. The first is that government can legislate encryption standards. The truth is that encryption technology is moving too rapidly for statutory law to keep up. For example, the National Bureau of Standards at one point decided that the nation should have a single 56-bit key encryption algorithm, an idea almost immediately obsolete as technology went to 128-bit algorithms and higher. Second is the idea that regulation can prevent criminals from acquiring unbreakable encryption. The analogy here is a familiar one: Does anyone believe that gun-control laws -- gun registration or prohibition of ownership, for example -- will keep guns out of the hands of criminals? Similarly, encryption-strength ceilings, key escrow or "trapdoors" in computer programs to allow government access will limit personal and business usage by citizens and slow criminals not at all. The international market is too accessible and its encryption offerings equally or more sophisticated than U.S. technology. Third is the idea that such regulations are cost-free to people using computer technology. Key escrow and trapdoor systems would make encryption for U.S. businesses and individuals less secure, more vulnerable and more easily broken. Weakening the encryption security of American users is a not a policy in the national interest. Forcing information vulnerabilities upon individuals and businesses is weakening national security, not strengthening it. Most egregious in such encryption regulation is the massive invasion of civil liberties it represents. The idea that various government agencies, from the FBI to health-care agencies, the IRS and the Justice Department, will have instant access to our Quicken programs, e-mail and data transmissions is both dangerous and unsettling. Liberty in the 21st century It is not as if the government has a good record regarding individual privacy. President Nixon's FBI tracked its enemies; the Clinton IRS seems to be auditing unfriendly 501(c)(3)s; and some 800 FBI files mysteriously found their way to Craig Livingstone's pizza-and-beer sessions. No doubt there is a unique, it-will-never-happen-again exculpatory reason for these violations of civil liberties. But if the government has the power to intercept and use your data for its purposes, it will do so sooner or later. That is a truth, and no amount of reassurance should lead us to believe otherwise. From Edmund Burke ("people never give up their liberties but under some delusion") to Woodrow Wilson ("the history of liberty is a history of limitations of governmental power, not the increase of it"), Americans have jealously guarded their freedom. The next frontier of free speech will be the technology of encryption. In the 18th century, the First Amendment was essential to guarding free speech. Protecting the empowering technology of data transmission will be just as essential to maintaining liberty in the 21st century. --- Pete du Pont is the editor of IntellectualCapital.com. He is a former Republican governor and congressman from Delaware. His e-mail address is petedupont@intellectualcapital.com. ----------------------- NOTE: In accordance with Title 17 U.S.C. section 107, this material is distributed without profit or payment to those who have expressed a prior interest in receiving this information for non-profit research and educational purposes only. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml ----------------------- **************************************************** To subscribe or unsubscribe, email: majordomo@majordomo.pobox.com with the message: (un)subscribe ignition-point email@address or (un)subscribe ignition-point-digest email@address **************************************************** www.telepath.com/believer **************************************************** --- end forwarded text ----------------- Robert A. Hettinga <mailto: rah@philodox.com> Philodox Financial Technology Evangelism <http://www.philodox.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'