The Guardian (UK) March 3, 1994, Page 17 Are These Men A Threat To Free Speech? US law enforcement agencies want to decode 'secret' electronic mail, prompting a furious row about citizens' rights by Mike Holderness With modern communications systems you can send letters, orders and memos around the world in minutes. But you don't want your competitors, or their governments, siphoning the details of your bid for that dam contract in the Far East out of the Internet. So what do you do? And when you receive an electronic message announcing you've won the deal, how do you know it's genuine? It's possible to fake electronic mail: you must worry about the possibilities for creative industrial espionage this opens up. Then again, you might be a Cabinet minister, setting up a meeting with your boyfriend on the mobile phone. Wouldn't it be good to know that no one could tap the message? The answer to all these problems lies in encryption technology. The solution the US government proposed earlier this month, however, has generated a furious row in the on-line world about government interference in citizens' right to communicate in private. The disturbing implications for people outside the US have gone largely unremarked. Computer programs that can do practically unbreakable encryption are available to the public in the US and elsewhere. One, named PGP for Pretty Good Privacy, is increasingly used to authenticate electronic messages (Computer Guardian, November 25, 1993). It can encrypt the whole message, or send the main text "in clear", followed by an encrypted block containing a mathematical "fingerprint" of the message and the sender's name and address. The program can thus verify whether a signature belongs to the purported sender and whether the message arrives as it left. This worries law-enforcement agencies. What if drug dealers and terrorists start using unbreakable encryption? The US government's Key Escrow Encryption system - commonly known by its working title, Clipper - is its answer. Clipper uses an encryption chip suitable for building into a mobile phone or a modem. Its method of encryption, developed by the US National Security Agency (NSA), depends on "keys" - codes used mathematically to mangle the text or speech. The recipient can only get the original back if they have the key and can use it to un-mangle - decrypt - the message. PGP depends on a "public-key" system. Users sending signed messages encrypt the signature with keys known only to them. They also issue public keys, which are mathematically derived from the private key, and allow anyone to verify the signature. If someone sends them a message encrypted with their public key, only the private key will extract it. By contrast, each Clipper chip will have an encryption key built in. When the chip is manufactured, two parts of the key will be lodged with two separate US government agencies. (In legal jargon, this is like "holding the keys in escrow".) A secret "super-key" allows law enforcement agencies to retrieve the serial number of the chip used on the link they're tapping. Under US guidelines released last month, if a law enforcement agency wants to eavesdrop on encrypted communications it should send details of a search warrant to the agencies holding the key components. This is a red rag to the inhabitants of Internet discussion forums, the world's largest functioning anarchy. There, discussions of the right (under the First Amendment to the Constitution) to unrestricted free speech can and do slip effortlessly into the belief that, as one participant put it, "The people must be allowed to discuss anything, including revolution." According to Brian Yoder, president of California company Networxx, "The US Constitution doesn't grant the government the power to maintain this kind of surveillance capability over the population. Period. The assumption is that anything that enhances the ability of the police to catch criminals is OK, but that is not what the Constitution says, and that's not the kind of country I want to live in." Cryptology specialist Dr Dorothy Denning at Georgetown University was part of a team reviewing the NSA's design process. She points out that Clipper "will not make it any easier to tap phones, let alone computer networks. All it will do is make it possible to decrypt communications that are encrypted with the standard, assuming the communications are not super-encrypted with something else. Law enforcers still need to get a court order." But who trusts the NSA? The Clipper design is secret. Many assume the Agency has built in a "trap-door" allowing it to break encryption without the keys. No one has proposed making non-Clipper encryption illegal, but the US government clearly hopes to establish it as an industry standard. For example, while it's usually illegal to export any form of encryption technology from the US, it will be legal to export Clipper. However, non-US companies using it to protect their communications will have to live with the uneasy knowledge that the NSA could be listening in - and the NSA, like its UK sibling organisation GCHQ in Cheltenham, has a long history of intercepting foreign commercial messages for the benefit of home companies. (GCHQ declined to say whether it had been involved in any discussions over Clipper.) The protests have started. A petition organised by Computer Professionals for Social Responsibility against Clipper, and in favour of a Bill to permit export of competing encryption systems, gathered more than 20,000 electronic signatures in its first two weeks. Wired magazine has proclaimed, "This is a pivotal moment in history", accusing "the Clinton-Gore administration" of "attempting a stealth strike on our rights". It has asked readers to sign the CPSR petition and "call or write your Congressional representatives and let them know how you feel." Encryption and authentication are important for much more than the privacy of the frequently obscure or banal discussions on the Internet. Medical and financial records are now commonly held on computers, and a growing proportion of business transactions take place on-line. Cyberspace is where your money is. For private communications, Emma Nicholson MP takes a relaxed view: "In communicating, we should start from a belief that everyone listens to everything. Gossip is what makes the world go round. I have very few secrets. I would be deeply concerned if a device were marketed that could stop interception - I would support the FBI completely." Computer-law barrister Alistair Kelman, however, believes any attempt to enforce the Clipper chip as a worldwide standard would meet stiff opposition. The European Commission could be expected to object that it fell foul of Treaty of Rome provisions against misuse of a dominant position. "If you want to have a world standard for encryption, fine," Kelman said, but the EC could respond, "Let's get together and settle on something that meets our requirements as well."