Back to index

Levy, Steven. Trying to find the key: how do you keep a secret on the
     Internet?  (use of cryptography to protect information in 
     cyberspace)(Column). In Newsweek Oct 14 1996, v128, n16, p91(1). 


How do you keep a secret on the Internet? The government and business 
can't seem to agree.                                                  
                                                                      
AT FIRST BLUSH IT SEEMS ALmost wacky that an esoteric subject like    
cryptography-the use of secret codes that scramble information so     
eavesdroppers can't read it--would wind up becoming a political flash 
point. Yet policy in this area has proved to be a constant            
bedevilment to the current administration, "the Bosnia of             
telecommunications," as a Clinton staffer once moaned. The            
administration has been forced to choose between two sides: the       
anti-crypto intelligence and lawenforcement agencies, driven mainly   
by a concern that uncrackable scrambling technology will curtail      
their legal surveillance activities. And the pro-crypto business      
interests, allied with civilliberties groups and Internet             
enthusiasts, who want encryption used far and wide to provide privacy 
to individuals and to promote safe electronic commerce. So far, the   
administration has favored the anti-crypto forces, in the process     
outraging its high-tech constituency. But last week Vice President Al 
Gore offered some compromises. Despite this, he hasn't cracked the    
code. That's unfortunate, because if we fail to come up with a smart  
approach to this seemingly obscure issue, we will all wind up for the 
worse.                                                                
                                                                      
Here's why this matters: the information explosion has given us not   
one but two doomsday clocks, both ticking inexorably toward midnight  
disaster. First is the Crypto Anarchy Clock. This presumes that if    
the government doesn't step in and do something, strong cryptography  
will flourish. If that happens, all our messages will fly around the  
world in a scrambled form where no snoopers can ever divine their     
content. What's wrong with that? Terrorists, kiddie pornographers,    
money launderers and kidnappers will embrace these technologies,      
creating information safe havens where they can gleefully plan their  
evil deeds without fear that cops or spies are listening in.          
                                                                      
On the other hand, there is a second deadly timepiece: the Insecurity 
Clock. This takes into account that with every passing day we entrust 
more and more of our lives to information accessible to computer      
networks, everything from medical data to financial transactions to   
steamy love letters. These networks are perilously vulnerable, and    
will remain so until we widely implement the best tool available to   
secure them: cryptography, built into the system so everyone uses it. 
We've grown accustomed to the barrage of small compromises by hackers 
and crooks, but unless we move faster to unleash crypro solutions, we 
may soon face major incidents of sabotage that could shut down the    
engines of commerce or even imperil lives. After all, everything from 
air-traffic control to the electric grid is now run on computers.     
                                                                      
It's the tolling of that second clock that we should dread the most,  
but the administration has put a higher priority on holding back the  
hands of the first clock. To do so, it has cooked up a series of      
schemes, beginning with the ignominious Clipper Chip. Though details  
vary, all focus on one grand yet untested solution: a means by which  
the government would be able to escrow the "keys" that keep the       
information secret. (Think of it this way: the Feds will allow you to 
own a safe, but only if they have a way to get the combination.) This 
approach has been savaged by the privacy activists and spurned by the 
companies asked to sell it. After all, the point of cryptography is   
to keep a secret. Why choose a system that admits an outsider?        
                                                                      
Pushed to the wall, Gore last week announced the new, gentler policy. 
In a way, it's sort of a Hail Mary pass in which the government has   
made every compromise it feels possible in order to sweeten the       
bitter idea that people should adopt crypro systems with back doors   
for legally authorized cops and spies. In part it exploits a new      
approach from IBM called key recovery, which grants government        
snoopers the same sort of access as with the escrow schemes, but      
prevents potential abuse. If computer companies agree to begin        
devising a key-recovery system, the United States will let them       
export a stronger form of cryptography immediately, for up to two     
years.                                                                
                                                                      
Some companies have taken encouragement at this conciliatory action.  
(Microsoft, for instance, expressed reservations but applauded it as  
a"first step forward.") But other companies are not at all mollified: 
Netscape's CEO James Barksdale not only claims the new policy "won't  
work," but says it has led him to endorse Bob Dole, who promises a    
lighter hand in regulating codes. Privacy activists still chafe at    
the idea that the FBI and the NSA claim a voice in setting            
communications policy. Congressional critics, who have already        
introduced bills to dramatically ease the export restrictions, don't  
think it will solve the problem, either. "If the government continues 
on this path, people will really say to Europe and Japan, 'What do    
you have to offer?'" says Sen. Patrick Leary. Jim Bidzos, head of the 
influential crypto company RSA, says that it's quite possible that    
within two years, such foreign competitors, not bound by U.S. export  
laws, will steal the market from American companies. Meanwhile, the   
clocks--both of them--keep ticking.                                   
                                                                      
Technologies can be like rivers, insisting on their natural course.   
It is possible to alter their directions, at great expense, by        
damming them. But you can't make them flow in the opposite direction. 
With honorable intentions, that's what the Clinton administration is  
attempting to do with cryptography, and that's why its officials find 
themselves neck deep in Big Muddy. Instead of fighting the crypto     
revolution, we should embrace it. Why not try to fully exploit the    
protection this technology offers us, while at the same time figuring 
out strategies to mitigate its inevitable abuses? Wise heads          
understand: the best thing to do with a river is build a city         
alongside it.                                                         
                                                                      
COPYRIGHT 1996 Newsweek Inc.