"Privacy in the Digital Age" Bill Machrone PC Magazine June 14, 1994 page 87 Copyright 1994 Ziff-Davis, I'm sure, but don't let that stop you from forwarding to interested lists and newsgroups. I'm a fairly conservative, law-and-order kind of guy. I support my local police. I sometimes have trouble identifying with some of my more liberal journalistic compatriots. But suddenly, you and I (along with the rest of the computer industry) are caught up in an issue of national importance that transcends politics and gets down to constitutional issues and basic freedoms. The issues, however,are in danger of being clouded as the usual suspects take sides and start shouting. The knee-jerk liberals have squared off against the knee-jerk conservatives over the privacy and security of digital communications. The Electronic Frontier Foundation and the Computer Professionals for Social Responsibility oppose the FBI and the Justice Department. And they're all quoting Al Gore. Let's get beyond the labels, politics, and allegiances and look at the facts. Here's the short form: The Feds realized that with the advent of widespread digital commmunications, their ability to monitor and tap communications would be radically diminished or would take far more time and money. So they proposed that all future digital devices be equipped with a high-security scrambling cip, called Clipper. Crazy? Like a fox. Every Clipper chip would have a serial number, which would give you access to a key that would decrypt whatever data the chip had encoded. The key would be kep in two pieces in two different places, and only a court order could bring them together. Trouble is, nobody trusts the law enforcement agencies to keep them apart. Don't even wonder if the National Security Agency will be monitoring digital conversations for its favorite trigger words. Furthermore, the pending legislation provides for fines up to $10,000 a day against telecommunications companies who don't give the Feds the access they want to decoded data streams. It doesn't end with telephones and data networks. The Feds intend to have Clipper technology on every fax machine, every cable TV box, every ATM, every device capable of receiving and sending a digital data stream. They want to monitor the entire information network for "patterns of abuse and criminal activity." Offering this capability in the form of a "security" chip that supposedly protects our data is insulting and offensive. The silly part of all this is that it represents the classic case of locks keeping out the honest people. The sad part is that we don't trust law enforcement agencies, however well-intentioned, not to abuse the power. Even worse, we the taxpayers are going to foot the bill (to the tune of half a billion dollars) just to build the monitoring network. We'll pay again in higher product costs. Nobody builds complex data-encryption chips for free. There is this little issue, however, of First Amendment rights. When the White House issued its briefing document on the Clipper announcement, it averred that no U.S. citizen, "as a matter of right, is entitled to an unbreakable commercial encryption product." FBI director Louis J. Freeh echoed this position in a _New York Times_ interview, in which he claimed that the American people must be willing to give up a degree of personal privacy in exchange for safety and security. I find both statements odious. Privacy is a nonissue for most of us. People who want their communications to be secure have always had the means to do so. People who don't need secure communications don't bother and don't care. Also, security is a pain in the neck. The inherent hassles make us very choosy about when we use it. All the Clipper chip will do is waste our tax money. There's no point in making everyone's transmissions and conversations secure if a third party holds the key. No criminal in his right mind would depend on Clipper encoding when fully secure means are available. If the government manages to overthrow all logic and make Clipper a legal requirement, those of us who want or need real security will be forced into acts of civil disobediance. For data, it's a piece of cake. You can find half a dozen shareware programs on ZiffNet that implement the National Institute of Standards and Technology's Data Encryption Standard (DES). If you're one of the superparanoids who suspect that the NSA put a trap door into DES--no one has ever found evidence of it--you can use PGP (Pretty Good Privacy), a shareware program popular on the Internet, or PC-IRIS, available on ZiffNet. Both use a technique known as RSA to encrypt your data, which is widely regarded as extremely difficult to break. RSA has the additional benefit of providing public-key encryption; you publish a key that people use to encode messages to you, and then you use a private key to decrypt the message. DES is probably only viable for another year or two before it becomes too easy to crack; RSA should be secure for some time longer. Voice security is harder, but not much. You either go to a spook shop and pay a lot of money for a telephone scramber device or build your own. The latter option is not all that difficult, given the advent of DSP (digital signal processing) chips. All you need is the DSP, a couple of megs of memory, and a few support chips. Some of the DSP vendors have evaluation kits that contain virtually everything you need, Basically, you digitize your voice, take samples of the data, and perform calculations and transformations on it. You then turn the resulting data stream back into sound and send it over the phone line. For fun, you might send several data streams at the same time but out of phase with one another, the way modems do. An identical piece of hardware on the other end performs the operations in reverse order. Suffice it to say, however, that if the NSA types hear a scrambled conversation that they can't understand, they're going to wonder what you've got to hide. We're not encouraging criminal behavior by pointing out cryptographic resources. The dummies won't read this and the smarties don't need to. The only people who will be adversely affected by Clipper are you and me. --end--