In these days after the World Trade Center attacks, calls are being heard for restrictions on access to the technologies of privacy. As more and more communications go by e-mail, chat rooms and cell phones, our intelligence and law enforcement agencies are beginning to rely on surveillance of these systems in order to collect information about dangers to society. Early reports suggest that some of the information about the terrorists has come from monitored cell phone signals. These monitoring and surveillance operations are threatened by new technologies based on cryptography. No longer just for spies, cryptography can be used to encrypt e-mail, chat messages, and even telephone communications so that they are hidden from outsiders. Exotic cryptographic technologies potentially provide even more protection for terrorists as they plan and coordinate attacks. Osama bin Laden, the figure most often named as a possible mastermind of the terrorist strikes, is said to have trained his operatives in the use of these technologies in order to communicate securely. They encrypt messages and then use the related technology called steganography to embed them undetectably in pictures, music and other seemingly innocent data. They are said to use anonymous mail accounts to deliver these messages to chat rooms and bulletin boards where they can be downloaded by other agents. This allows the group members to communicate completely undetectably. Not only that, it preserves the terrorist "cell" structure - different members don't have to know the identity or even email addresses of others in order to communicate. All they need to know is in what public forum to look for and leave messages. Their identities are completely protected through these technologies. Clearly, cryptographic privacy and anonymity are tremendously valuable to terrorists, and tremendously obstructive to the efforts of law enforcement to use electronic surveillance. Representatives of these organizations have warned for years that criminals and terrorists would begin making use of cryptographic technologies, and their fears have now been realized. Under the present circumstances, legislators are beginning to call for restrictions on access to cryptographic technology. Old proposals are being revived to require that all encryption systems contain a "back door" which would allow law enforcement access to the contents of a communication. We face many dangers at this moment. The smoking ruins where some of our proudest buildings once stood, temporary tombs to thousands of innocent dead, plainly demonstrate the difficulties ahead. Under the circumstances it is appropriate for us to consider the balance between security and freedom which we will adopt as we prosecute a new kind of war. As in past wars, sacrifices will be necessary for all of us. No one should underestimate the hardships ahead. At the same time, it is important to remember what we are fighting for. It's not just revenge for the people killed and the buildings destroyed. We are fighting for our way of life. If we ignore terrorism, we will live in fear, always wondering what new horror will be dropping from the skies. We will be restricted in how we live, what we do, where we go. Our legacy as free Americans will be lost. This is why we fight. We fight for freedom. Given these goals, restricting access to cryptography must be understood to be a complex issue. It's not as simple as taking tools out of the hand of bin Laden and other terrorists. Cracking down on cryptography will reduce the freedom of all Americans while failing to effectively eliminate the use of the technology by those who threaten us. The fundamental problem is that the tools already exist which allow terrorists to communicate securely. Many of them are in the form of free software, distributed on hundreds of thousands of computers around the world, which can be run on any ordinary PC. Much of it was developed by private individuals for their own use, and then donated to the world. Any new law to limit cryptographic technology would have no effect on the use of this large base of existing software and hardware. Steganography and related technologies will make it impossible to detect the use of now-forbidden software. The new breed of terrorists from bin Laden's training schools will continue to be able to use these tools. Laws will be ineffective in preventing their use. The only real effect of these laws would be to prevent honest Americans from communicating with true privacy. They are the ones who would honor the ban and they would be the only ones effected. They would have their privacy taken away while bin Laden and his associates are able to communicate with perfect secrecy. While not many citizens make use of cryptographic technology now, experts predict that it will be increasingly important in the future. In an Internet where attacks of all sorts are becoming ever more sophisticated and numerous, cryptography will be a central technology in building the secure systems of the future. Limiting and restricting cryptography will only make the Internet less secure. When proposals for restrictions on cryptography first surfaced in the 1990s, security experts carefully analyzed the suggestions. The response, virtually unanimous, was that putting back doors in cryptography would reduce its reliability, security, and efficiency, while increasing costs. Any back door is a potential security hole. The hackers and crackers who are expert at exploiting flaws are going to be given a new set of targets for their attacks. Indeed, in the years since, a number of incidents have confirmed these fears. Last year, for example, the widely used PGP encryption software was found to have a vulnerability related to the "Additional Decryption Key", a feature added to the commercial version for back door access to messages by corporate management. Attackers could specify fake Additional Decryption Keys and get them accepted by the software, allowing them to read any message sent. The inherent complexity in the implementation of the Additional Decryption Key feature left a security hole open, exactly as had been predicted. Any requirement for government access back doors would undoubtedly lead to similar weaknesses in other systems. And next time the problems might not be found by someone who was willing to reveal them publicly so that they could be fixed. In a world where all fielded cryptographic technology had mandatory back doors, discovery of an exploit could be used for financial gain, information warfare, or even new forms of terrorism. It is certain that the Chinese and other competitors on the world stage would put their best analysts on the job of finding weaknesses which they could exploit in the future. Restrictions on cryptography would weaken our Internet infrastructure without achieving their goal of precluding use of the technology by those who threaten us. They are a bad idea for both of these reasons, but there is a more fundamental objection as well. The point of our war on terrorism is to preserve our freedom, our way of life. We cannot allow ourselves to take shortcuts in this battle which eliminate fundamental freedoms. And nothing is more fundamental than our freedom of speech and communication. It is enshrined in the very first amendment to the constitution. Cryptography is fundamentally a form of free speech. It is the freedom to speak privately and anonymously. Yes, it can be exploited by criminals. But that is the price we must pay as a country which is dedicated to the ideals of freedom. We accept the risk of allowing criminals their freedom to communicate because we value and cherish this as a fundamental right. We will not allow our country to be turned into an Orwellian surveillance state, where every word we speak and every deed we do occurs under the eyes of government agents. The very idea is anathema to Americans. But this is exactly what is being called for by those who propose to forbid citizens to communicate in a manner which cannot be heard and understood by the government. We face challenges ahead, and we must find a balance between security and freedom. But we must not allow ourselves to be blinded by fear and panic, so that we discard truly fundamental freedoms in what will ultimately be a futile attempt to increase security. This would be the worst of both worlds. We would have lost a major element of freedom of speech, the freedom to communicate without government surveillance. And we would have failed to effectively prevent terrorists from using cryptographic technologies to their own ends.