DaveNet: Tuesday, September 30, 1997; by Dave Winer.

Big Brother Goes Digital

From Todd Lappin, telstar@wired.co; an editor at Wired.

Big Brother Goes Digital

"The promotion of encryption without any kind of safety valve is, in my view, very, very destructive, not only to law enforcement and national security goals, but more importantly to the balance of the Fourth Amendment."

So said FBI director Louis Freeh on June 26, during a closed door session of the House Committee on International Relations. And with those words, Freeh effectively declared war on Internet privacy.

Throughout the summer and now into autumn, the FBI and the National Security Agency have been rallying Congressional support for measures designed to outlaw the use of secure encryption - software that scrambles digital messages into indecipherable strings of textual gibberish.

Strong encryption is widely used on the Internet to protect online privacy and electronic commerce security, but in the wrong hands, outlaws, criminals, and drug barons can also use the technology to hatch their schemes in an environment of unassailable cyber-secrecy.

This potential for misuse long ago prompted the US government to categorize strong encryption technology as a munition - akin, say, to a Stinger missile or an M-1 tank - in an attempt to control its export and sale on the international market. Civil liberties groups and high tech industry lobbyists have chafed at these export restrictions, but American citizens have nevertheless been free to protect their privacy by using any kind of encryption they might like.

But that may soon change, as the FBI's ongoing attempt to reassert "the balance of the Fourth Amendment" has launched encryption policy in an ominous new direction. Today in Washington, the encryption debate is no longer about export rules. Instead, it has become a bitter fight over draconian policies that would rigidly control the use of encryption *within* the US and hardwire the police state of the future into the root architecture of the Internet.

With the full blessing and support of the FBI, Congress is now considering a set of proposals that would require all Americans to provide the government guaranteed access to their private online communications and business transactions. The new proposals would mandate that every part of the Internet - from the software on your computer to the network provider that carries your messages around the Net - be jury-rigged to immediately divulge the contents of private conversations on request by law enforcement authorities.

This Cold War-vintage surveillance initiative has taken shape in the form of several amendments to HR 695, the Security and Freedom through Encryption Act, better known as SAFE. Sponsored by Rep. Bob Goodlatte (R-Virginia), SAFE was introduced last spring to liberalize US encryption policy by relaxing encryption export regulations and explicitly prohibiting the government from mandating the use of key recovery systems within the US. But in September, SAFE was effectively hijacked by the House Intelligence and National Security Committees, which then proceeded to reverse the bill's original intent.

Under the amended version the SAFE bill (deemed "unSAFE" by some online wags), all encryption products sold or distributed in the US after January 31, 2000 will be required to include an electronic "back door" that will enable police to obtain immediate access to the unscrambled text of an encrypted message.

To accomplish this, Internet users would be required to turn over a copy of their encryption "keys" to a government-certified "key recovery agent" - a mandate that is comparable to requiring citizens to turn over copies of their house keys to government-certified locksmiths before installing a front door lock. But unlike a regular police search, no search warrant would be required. And unlike a wiretapping order, police would not be required to show probable cause that an individual had been involved in the commission of a crime. Instead, courts would be authorized to issue sealed orders granting law enforcement access to encrypted communications with only a demonstration of "a factual basis establishing the relevance of the plaintext" to an investigation.

Worse yet, such "key recovery" technologies are themselves considered to be a significant security risk for the Internet - providing new points of vulnerability that hackers, terrorists, and industrial spies will be eager to exploit.

Not surprisingly then, organizations ranging from the ACLU to the Business Software Alliance to the Center for Democracy and Technology have spent much of September rallying Internet users to voice their opposition to any encryption proposal that mandates the use of encryption key recovery systems. "The current attempts to muzzle this technology are the first step on the road to building a surveillance society," says Shabbir Safdar of the online activist group Voters Telecommunications Watch. "It's like the FBI has taken Orwell's "1984" as a blueprint, instead of a warning."

Meanwhile, the White House has been curiously silent. Although Vice President Al Gore has made some half-hearted attempts to back away from the FBI's encryption proposals, the Clinton administration has long taken a hard line on encryption policy, and few believe that Louis Freeh has become a loose cannon.

"If Freeh can deliver domestic controls, they'll take'em and run with 'em," reasons John Gilmore of the Electronic Frontier Foundation. "If he can't, they'll save face by claiming it wasn't their idea, and he'll live with the failure. Either way, they have managed to kill Congressional export control reform."

It's a cynical logic, to be sure. But the current proposals to control the use of encryption are so fearsome that a dose of paranoia is beginning to look perfectly sensible. After all, nothing less is at stake than the future of privacy in the 21st century.