Comments On Cathy Young's Defeatist Compromising

Mike Alissi malissi at reason.com
Tue Oct 16 11:13:59 PDT 2001 

Commentary  From Reason Magazine

Dear Matt -  I wanted to be sure you've seen Jacob Sullum's latest column at
Reason Online: <http://www.reason.com/sullum/101601.html>
It's copied below.

Thanks,

Mike


October 16, 2001

Fear of Prying

By Jacob Sullum

I first downloaded Pretty Good Privacy a couple of years ago, at the 
request of an interview subject. He was nervous about discussing his 
drug use through unprotected e-mail, and my willingness to use PGP 
reassured him not only that he would be safe from eavesdroppers but 
that he could trust me to take his privacy concerns seriously.

It was a small illustration of encryption's power, but it brought 
home to me what a godsend this kind of readily available, easily used 
software must be to dissidents who risk prison by sharing 
unauthorized information or expressing forbidden opinions. Phil 
Zimmermann had such people in mind when he created PGP a decade ago 
and risked prison by posting it online.

At the time, the U.S. government considered strong encryption 
software a "munition," and by making it available to human rights 
activists around the world Zimmermann was arguably violating a 
federal ban on the export of such weapons. Some politicians are 
trying to revive this sinister view of encryption in the wake of last 
month's terrorist attacks.

In a floor speech a week after hijacked airplanes collided with the 
Pentagon and the World Trade Center, Sen. Judd Gregg (R-N.H.) worried 
aloud about "somebody out there using encryption technology for the 
purposes of pursuing a terrorist act in the United States." He 
declared, "There is no excuse for anybody to be underwriting that 
type of activity in our country."

To prevent terrorists from shielding their communications, Gregg 
wants to make all producers of encryption systems design their 
products so the government can read the messages they generate. The 
surveillance would be "judicially controlled" to make sure it "simply 
gets at the bad guys."

Gregg's opposition to strong encryption is echoed in some surprising 
quarters. Boston Globe columnist Cathy Young, a colleague of mine at 
Reason magazine, has confessed that "the idea of people being able to 
encrypt electronic communications so that they are beyond 
surveillance" has always seemed "scary" to her, "precisely because of 
the threat of terrorism."

This is like saying that computers or telephones or airplanes or box 
cutters are scary. Any technology can be used for good or ill. The 
question is whether the potential for evil justifies restrictions on 
legitimate uses.

As more than one critic has pointed out, the arguments against strong 
encryption could also be used against strong locks, since criminals 
tend to hatch their plans behind closed doors. That doesn't mean all 
of us should make extra sets of house keys for the police in case 
they need to search our homes.

We have been down this road before with various proposals during the 
1990s for "key recovery" arrangements through which the authorities 
could break otherwise unbreakable codes.

Now as then, the most decisive argument against encryption controls 
is that they wouldn't work because PGP-like software is already 
available from a variety of sources.

Does Sen. Gregg plan to come to my house and erase my copy of PGP? If 
not, how can he possibly hope to stop terrorists, who are much more 
highly motivated than I am to shield their communications, from 
obtaining and using such software?

The attempt to do so would weaken security rather than enhancing it. 
A 1998 report from a panel of distinguished cryptographers and 
computer scientists concluded that "there are compelling reasons to 
believe that, given the state of the art in cryptology and secure 
systems engineering, government-access key recovery is not compatible 
with large scale, economical, secure cryptographic systems." A member 
of the panel, Matt Blaze, recently told The Washington Post, "I am 
extremely doubtful that this could be done without weakening computer 
systems, and the costs would be absolutely staggering."

In addition to the bugs introduced by added complexity, keeping extra 
copies of the keys used to decode messages would create tempting 
targets for thieves. The keys could also be compromised by 
incompetent or corrupt officials charged with protecting them.

Misuse of official records is not exactly unheard of in this country, 
and the problem would be magnified if every unsavory regime that has 
enlisted in the war on terrorism were to be trusted with the keys to 
its citizens' e-mail. For the dissidents Phil Zimmermann is rightly 
proud of helping, the whole point of encryption is to guard against 
official surveillance. If Gregg's vision were ever realized, they 
would once again have to watch what they say.

) Copyright 2001 by Creators Syndicate Inc.
Jacob Sullum's weekly column is distributed by Creators Syndicate. If 
you'd like to see it in your local newspaper, write or call the 
editorial page editor.


**************************************************************************
Subscribe to Freematt's Alerts: Pro-Individual Rights Issues
Send a blank message to: freematt at coil.com with the words subscribe FA
on the subject line. List is private and moderated (7-30 messages per week)
Matthew Gaylor, (614) 313-5722  ICQ: 106212065   Archived at 
http://groups.yahoo.com/group/fa/
**************************************************************************

More information about the cypherpunks-legacy mailing list