The Code Book (52 page)

One of the best-known cases of continuous unjustified wiretapping concerns Martin Luther King Jr., whose telephone conversations were monitored for several years. For example, in 1963 the FBI obtained information on King via a wiretap and fed it to Senator James Eastland in order to help him in debates on a civil rights bill. More generally, the FBI gathered details about King’s personal life, which were used to discredit him. Recordings of King telling bawdy stories were sent to his wife and played in front of President Johnson. Then, following King’s award of the Nobel Prize, embarrassing details about King’s life were passed to any organization that was considering conferring an honor upon him.

Other governments are equally guilty of abusing wiretaps. The Commission Nationale de Contrôle des Interceptions de Securité estimates that there are roughly 100,000 illegal wiretaps conducted in France each year. Possibly the greatest infringement of everybody’s privacy is the international Echelon program. Echelon does not have to justify its interceptions, and it does not focus on particular individuals. Instead, it indiscriminately harvests information, using receivers that detect the telecommunications that bounce off satellites. If Alice sends a harmless transatlantic message to Bob, then it will certainly be intercepted by Echelon, and if the message happens to contain a few words that appear in the Echelon dictionary, then it would be earmarked for further examination, alongside messages from extreme political groups and terrorist gangs. Whereas law enforcers argue that encryption should be banned because it would make Echelon ineffective, the civil libertarians argue that encryption is necessary exactly because it would make Echelon ineffective.

When law enforcers argue that strong encryption will reduce criminal convictions, civil libertarians reply that the issue of privacy is more important. In any case, civil libertarians insist that encryption would not be an enormous barrier to law enforcement because wiretaps are not a crucial element in most cases. For example, in America in 1994 there were roughly a thousand court-sanctioned wiretaps, compared with a quarter of a million federal cases.

Not surprisingly, among the advocates of cryptographic freedom are some of the inventors of public key cryptography. Whitfield Diffie states that individuals have enjoyed complete privacy for most of history:

In the 1790s, when the Bill of Rights was ratified, any two people could have a private conversation-with a certainty no one in the world enjoys today-by walking a few meters down the road and looking to see no one was hiding in the bushes. There were no recording devices, parabolic microphones, or laser interferometers bouncing off their eyeglasses. You will note that civilization survived. Many of us regard that period as a golden age in American political culture.

Ron Rivest, one of the inventors of RSA, thinks that restricting cryptography would be foolhardy:

It is poor policy to clamp down indiscriminately on a technology just because some criminals might be able to use it to their advantage. For example, any U.S. citizen can freely buy a pair of gloves, even though a burglar might use them to ransack a house without leaving fingerprints. Cryptography is a data-protection technology, just as gloves are a hand-protection technology. Cryptography protects data from hackers, corporate spies, and con artists, whereas gloves protect hands from cuts, scrapes, heat, cold, and infection. The former can frustrate FBI wiretapping, and the latter can thwart FBI fingerprint analysis. Cryptography and gloves are both dirt-cheap and widely available. In fact, you can download good cryptographic software from the Internet for less than the price of a good pair of gloves.

Possibly the greatest allies of the civil libertarian cause are the big corporations. Internet commerce is still in its infancy, but sales are growing rapidly, with retailers of books, music CDs and computer software leading the way, and with supermarkets, travel companies and other businesses following in their wake. In 1998 a million Britons used the Internet to buy products worth $600 million, a figure that was set to quadruple in 1999. In just a few years from now Internet commerce could dominate the marketplace, but only if businesses can address the issues of security and trust. A business must be able to guarantee the privacy and security of financial transactions, and the only way to do this is to employ strong encryption.

At the moment, a purchase on the Internet can be secured by public key cryptography. Alice visits a company’s Web site and selects an item. She then fills in an order form which asks her for her name, address and credit card details. Alice then uses the company’s public key to encrypt the order form. The encrypted order form is transmitted to the company, who are the only people able to decrypt it, because only they have the private key necessary for decryption. All of this is done automatically by Alice’s Web browser (e.g., Netscape or Explorer) in conjunction with the company’s computer.

As usual, the security of the encryption depends on the size of the key. In America there are no restrictions on key size, but U.S. software companies are still not allowed to export Web products that offer strong encryption. Hence, browsers exported to the rest of the world can handle only short keys, and thus offer only moderate security. In fact, if Alice is in London buying a book from a company in Chicago, her Internet transaction is a billion billion billion times less secure than a transaction by Bob in New York buying a book from the same company. Bob’s transaction is absolutely secure because his browser supports encryption with a larger key, whereas Alice’s transaction could be deciphered by a determined criminal. Fortunately, the cost of the equipment required to decipher Alice’s credit card details is vastly greater than the typical credit card limit, so such an attack is not cost-effective. However, as the amount of money flowing around the Internet increases, it will eventually become profitable for criminals to decipher credit card details. In short, if Internet commerce is to thrive, consumers around the world must have proper security, and businesses will not tolerate crippled encryption.

Businesses also desire strong encryption for another reason. Corporations store vast amounts of information on computer databases, including product descriptions, customer details and business accounts. Naturally, corporations want to protect this information from hackers who might infiltrate the computer and steal the information. This protection can be achieved by encrypting stored information, so that it is only accessible to employees who have the decryption key.

To summarize the situation, it is clear that the debate is between two camps: civil libertarians and businesses are in favor of strong encryption, while law enforcers are in favor of severe restrictions. In general, popular opinion appears to be swinging behind the proencryption alliance, who have been helped by a sympathetic media and a couple of Hollywood films. In early 1998,
Mercury Rising
told the story of a new, supposedly unbreakable NSA cipher which is inadvertently deciphered by a nine-year-old autistic savant. Alec Baldwin, an NSA agent, sets out to assassinate the boy, who is perceived as a threat to national security. Luckily, the boy has Bruce Willis to protect him. Also in 1998, Hollywood released
Enemy of the State
, which dealt with an NSA plot to murder a politician who supports a bill in favor of strong encryption. The politician is killed, but a lawyer played by Will Smith and an NSA rebel played by Gene Hackman eventually bring the NSA assassins to justice. Both films depict the NSA as more sinister than the CIA, and in many ways the NSA has taken over the role of establishment menace.

While the proencryption lobby argues for cryptographic freedom, and the antiencryption lobby for cryptographic restrictions, there is a third option that might offer a compromise. Over the last decade, cryptographers and policy-makers have been investigating the pros and cons of a scheme known as
key escrow
. The term “escrow” usually relates to an arrangement in which someone gives a sum of money to a third party, who can then deliver the money to a second party under certain circumstances. For example, a tenant might lodge a deposit with a solicitor, who can then deliver it to a landlord in the event of damage to the property. In terms of cryptography, escrow means that Alice would give a copy of her private key to an escrow agent, an independent, reliable middleman, who is empowered to deliver the private key to the police if ever there was sufficient evidence to suggest that Alice was involved in crime.

The most famous trial of cryptographic key escrow was the American Escrowed Encryption Standard, adopted in 1994. The aim was to encourage the adoption of two encryption systems, called
clipper
and
capstone
, to be used for telephone communication and computer communication, respectively. To use clipper encryption, Alice would buy a phone with a preinstalled chip which would hold her secret private key information. At the very moment she bought the clipper phone, a copy of the private key in the chip would be split into two halves, and each half would be sent to two separate Federal authorities for storage. The U.S. Government argued that Alice would have access to secure encryption, and her privacy would only be broken if law enforcers could persuade both Federal authorities that there was a case for obtaining her escrowed private key.

The U.S. Government employed clipper and capstone for its own communications, and made it obligatory for companies involved in government business to adopt the American Escrowed Encryption Standard. Other businesses and individuals were free to use other forms of encryption, but the government hoped that clipper and capstone would gradually become the nation’s favorite form of encryption. However, the policy did not work. The idea of key escrow won few supporters outside government. Civil libertarians did not like the idea of Federal authorities having possession of everybody’s keys—they made an analogy to real keys, and asked how people would feel if the government had the keys to all our houses. Cryptographic experts pointed out that just one crooked employee could undermine the whole system by selling escrowed keys to the highest bidder. And businesses were worried about confidentiality. For example, a European business in America might fear that its messages were being intercepted by American trade officials in an attempt to obtain secrets that might give American rivals a competitive edge.

Despite the failure of clipper and capstone, many governments remain convinced that key escrow can be made to work, as long as the keys are sufficiently well protected from criminals and as long as there are safeguards to reassure the public that the system is not open to government abuse. Louis J. Freeh, Director of the FBI, said in 1996: “The law enforcement community fully supports a balanced encryption policy … Key escrow is not just the only solution; it is, in fact, a very good solution because it effectively balances fundamental societal concerns involving privacy, information security, electronic commerce, public safety, and national security.” Although the U.S. Government has backtracked on its escrow proposals, many suspect that it will attempt to reintroduce an alternative form of key escrow at some time in the future. Having witnessed the failure of optional escrow, governments might even consider compulsory escrow. Meanwhile, the proencryption lobby continues to argue against key escrow. Kenneth Neil Cukier, a technology journalist, has written that: “The people involved in the crypto debate are all intelligent, honorable and proescrow, but they never possess more than two of these qualities at once.”

There are various other options that governments could choose to implement, in order to try to balance the concerns of civil libertarians, business and law enforcement. It is far from clear which will be the preferred option, because at present cryptographic policy is in a state of flux. A steady stream of events around the world is constantly influencing the debate on encryption. In November 1998, the Queen’s Speech announced forthcoming British legislation relating to the digital marketplace. In December 1998, 33 nations signed the Wassenaar Arrangement limiting arms exports, which also covers powerful encryption technologies. In January 1999, France repealed its anticryptography laws, which had previously been the most restrictive in Western Europe, probably as a result of pressure from the business community. In March 1999, the British Government released a consultation document on a proposed Electronic Commerce Bill.

By the time you read this there will have been several more twists and turns in the debate on cryptographic policy. However, one aspect of future encryption policy seems certain, namely the necessity for
certification authorities
. If Alice wants to send a secure e-mail to a new friend, Zak, she needs Zak’s public key. She might ask Zak to send his public key to her in the mail. Unfortunately, there is then the risk that Eve will intercept Zak’s letter to Alice, destroy it and forge a new letter, which actually includes her own public key instead of Zak’s. Alice may then send a sensitive e-mail to Zak, but she will unknowingly have encrypted it with Eve’s public key. If Eve can intercept this e-mail, she can then easily decipher it and read it. In other words, one of the problems with public key cryptography is being sure that you have the genuine public key of the person with whom you wish to communicate. Certification authorities are organizations that will verify that a public key does indeed correspond to a particular person. A certification authority might request a face-to-face meeting with Zak as a way of ensuring that they have correctly catalogued his public key. If Alice trusts the certification authority, she can obtain from it Zak’s public key, and be confident that the key is valid.

I have explained how Alice could securely buy products from the Internet by using a company’s public key to encrypt the order form. In fact, she would do this only if the public key had been validated by a certification authority. In 1998, the market leader in certification was Verisign, which has grown into a $30 million company in just four years. As well as ensuring reliable encryption by certifying public keys, certification authorities can also guarantee the validity of digital signatures. In 1998, Baltimore Technologies in Ireland provided the certification for the digital signatures of President Bill Clinton and Prime Minister Bertie Ahern. This allowed the two leaders to digitally sign a communiqué in Dublin.