New encryption laws for e-mail unlikely

Plastic Clover Anonymous-Remailer at lne.com
Sat Oct 6 15:37:23 PDT 2001


New encryption laws for e-mail unlikely

Carrie Kirby, Chronicle Staff Writer

Saturday, October 6, 2001

©2001 San Francisco Chronicle 



URL:  http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2001/10/06/BU201648.DTL
 



As lawmakers re-examined the nation's security in the aftermath of Sept. 11th's
terrorist attacks, the liberal encryption policy established by the Clinton
administration appeared to be a likely target for change.



After all, some reasoned, the policy makes it possible for anyone -- including
possible terrorists -- to send secret e-mails cloaked by codes so strong the
National Security Agency can't crack them.



But now it appears that no crackdown on encryption programs is coming.



The technology industry and others who fought for years for free encryption
were alarmed when, shortly after the attacks, Sen. Judd Gregg, R-N.H., suggested
giving the federal government the keys to unscramble everyone's encoded messages.



In a Senate speech, Gregg called for a system known as "key escrow," in which
all the keys are stored in a database that authorities could access with a
court order.



But the Department of Justice -- in the past the leading proponent of such
limits -- did not mention encryption when it asked Congress for expanded surveillance
powers for fighting terrorism.



"It's not going to happen," said Stewart Baker, a Washington, D.C., technology
lawyer and former general counsel to the NSA. "The Bush people, who watched
the Clinton administration struggle with that unsuccessfully for years,



aren't going to revisit this."



Gregg has yet to put his idea into a bill, and staffers say he has no specific
plans to do so soon.



"I'm feeling more and more confident each day that it won't be (introduced),
" said Rep. Bob Goodlatte, R-Va., who pushed for liberalized encryption laws
the first time around.



"I think that time is on our side on this. If it was on the table ready to
go right after the attack, such legislation probably would have had a better
chance of passing. But as time goes on, there's more time to contemplate its
full effects," said Phil Zimmermann, a computer programmer who created Pretty
Good Privacy, the most widely used e-mail encryption program.



Encryption is used in all kinds of Internet programs. Web browsers like Internet
Explorer and Netscape use it to make secure online credit card transactions
possible.



Before January 2000, government regulations made it difficult or impossible
to export programs containing strong encryption. The tech industry and civil
liberties advocates battled lawmakers' concerns, eventually convincing the
Clinton Administration to lift the restrictions -- without establishing any
kind of "back door" through which law enforcement could spy.



Zimmermann and legislators who fought this battle the first time around say
that the key escrow plan Gregg has advocated would not only diminish the privacy
of individual e-mail users, but that it wouldn't achieve its goal.



Terrorists probably wouldn't use encryption to which U.S. officials had the
keys, said Goodlatte, who co-chairs the Congressional Internet Caucus. U.S.
authorities wouldn't get the keys to encryption products made in other countries,
for example.



"Anybody bent on misusing encryption could buy it from hundreds of foreign
sources or create it themselves," said Goodlatte. "It's been revealed that
(Osama bin Laden) has some very top-notch software engineers."



The plan could also endanger the security of everyone who uses encryption,
critics say.



"The escrow or recovery mechanisms themselves may actually be compromised by
criminals," warned members of the Association for Computing Machinery, a New
York society for technology professionals. Hackers who broke into the database
where the keys were held might use the keys to compromise millions of computers.



While spokesman Brian Hart said Gregg has gotten some positive feedback from
other lawmakers, no one has seconded his idea publicly.



"Gregg seems to be an isolated case," said Bruce Heiman, a Washington attorney
who serves as executive director of Americans for Computer Privacy, a technology
industry group.



Sen. Conrad Burns, R-Mont., has joined Goodlatte in speaking out against encryption
limitations.



Like Goodlatte, Burns pushed for liberalized encryption laws in the 1990s.



Others who joined their fight are still in Congress, such as Rep. Zoe Lofgren,
D-San Jose and Sen. Pat Leahy, D-Vt.



But one of the major proponents, former Missouri Sen. John Ashcroft, is now
the attorney general.



"Ashcroft was on our side at that time. It could be that maybe that's why we're
not seeing something from the Justice Department specifically about encryption,"
Zimmermann said.



E-mail Carrie Kirby at ckirby at sfchronicle.com.



©2001 San Francisco Chronicle   Page B - 1 







More information about the cypherpunks-legacy mailing list