|
|
|
|
Current encryption technology usually uses a public-key system where every user has a unique pair of keys. The public key can be known by everyone and is used to encrypt the message, while the private key is known only to the recipient and is used to decrypt the message.
The larger the keys, the more possible combinations a would-be code-breaker would have to test. The table below shows the number of possibilities for common key lengths.
| Key Length | Possible Keys |
| 40 bits | 1,099,511,627,776 |
| 56 bits | 72,057,594,037,927,900 |
| 90 bits | 1,237,940,039,285,380,000,000,000,000 |
| 128 bits | 340,282,366,920,938,000,000,000,000,000,000,000,000 |
Although 56 bits is the U.S. government's officially-sanctioned Data Encryption Standard (DES), keys of this length are relatively easy to crack with brute computer power in a matter of days or weeks. Prominent computer experts recommend a 90-bit minimum for good security and 128-bit keys for nearly unbreakable security.
Obviously, unbreakable security is a powerful tool, especially in the eyes of federal investigators who have become accustomed to being able to tap phones and seize documents. In order to hold onto their surveillance power, U.S. government officials first attempted to impose the universal use of a "clipper chip." This government-designed algorithm would allow authorities to decrypt any messages they wanted. Privacy-rights advocates, civil libertarians, and the computer industry in general were outraged, and the clipper chip was abandoned.
FBI Director Louis Freeh and other officials have now called for a system of "key escrow," where a "trusted third party" would hold copies of all keys. The government could then acquire them with a court order. So far, no escrow policy has been imposed on U.S. citizens.
Of course, the U.S. federal government isn't just worried about its own citizens keeping secrets. The U.S. regulates the export of encryption software as munitions under the International Traffic in Arms Regulations (ITAR) and through the Bureau of Export Administration. The current U.S. policy does not allow the export of encryption software with key lengths in excess of 40 bits.
The source code for encryption software can be exported in printed form, but not electronically. Earlier this year, 6,000 pages of source code for PGP (Pretty Good Privacy) 5.0 were exported in printed form and then scanned in, proofread, and compiled by a group of programmers in Norway. As a result, U.S. policy effectively makes it legal for someone overseas to download the PGP software from an Internet server in Norway, but not an Internet server in Massachusetts. American companies aren't allowed to compete in the international market for encryption products.
To demonstrate how ridiculous and easily broken these laws are, one Web site gives you the opportunity to become a trafficker in munitions with the click of a button. By clicking that button with your mouse, you transmit electronically the source code for a simple implementation of RSA encryption from your Web browser back to the Web site host in Antigua.
Some American companies are getting around the regulations by having foreign subsidiaries develop the encryption software for them. Sun Microsystems' Russian subsidiary developed an encryption package that is seamlessly integrated into Sun's other products.
As the "Digital Doomsday Clock" draws closer to midnight, many groups have joined the efforts to keep strong encryption available in the U.S., and to lift the export restrictions so U.S. companies can compete in this growing market. Below are some excellent resources for more information on this important subject.
return to contents The Solutions
Free-Market.Net Partners
The Cato Institute has been leading the way in policy issues related to the Internet from electronic money to encryption. Cato's "Congressional Briefing Book" contains two discussions of encryption:
Solveig Bernstein, Cato's associate director of telecommunications and technology studies, discusses the legislation currently in Congress in "Encryption Bound?". She also discusses the Clinton administration's attempt to influence international policy on "key escrow" as a way to bypass the opposition in this country in "The U.S. Government's Encryption Policy Dodge."
Cato Testimony from the Congressional Hearings on Wiretapping and other Terrorism Proposals discusses how government policy curtails the First Amendment rights of computer users.
"Toward a New Encryption Policy: Facilitating On-Line Commerce" was a policy forum on encryption technology and is available in RealAudio.
Reason is the premier libertarian magazine and one of the best Web sites for libertarian commentary. Reason's Rick Henderson discusses the government's policy options regarding encryption in "Know the Code." In "CODE BLUE: How to save us from the cybercops," Henderson discusses how encryption can solve many of the concerns about children accessing material that may not be appropriate.
In "We, Spy", Brian Doherty shows that outlawing technology may produce other unintended consequences.
"Confronting a Crisis" discusses the Clinton administration's policy towards encryption and a recent report that shows that this policy is exactly the opposite of what is needed in the new information society.
Heartland is dedicated to getting public policy research into the hands of elected officials across the country. Heartland's Bruce Schneier discusses the outdated regulations against exporting cryptography and their effect on American business in "The Importance of Keeping Secrets."
Bill Frezza is a columnist for Communication Week and Network Computing, a partner in a telecommunications venture capital firm, and an advisor to Free-Market.Net.
Frezza's "Debating Encryption Privacy Vs. Electronic Piracy" discusses the fallacy of the government's logic in banning the export of strong encryption.
In "History's Greatest Brain Drain," Frezza illustrates the possibility of people being drawn into the electronic world, behind encrypted economies that the state cannot touch.
"The Internet: Killer Virus of the State" and "Can The Government's Black Helicopters Fly in Cyberspace?" highlight the government's inability to regulate the Internet because it is decentralized and crosses all international borders.
Many other groups have done research on this topic. Below are some highlights.
Progress and Freedom Foundation
PFF chairman and former National Security Council member Jay Kenworth co-authored "The Computer Revolution and True Threats to National Security" which argues that controls on encryption technology is a greater threat to national security than use of encryption.
The complete text of Jay Kenworth's testimony before a House subcommittee on H.R. 695 (SAFE) is available online.
Two recent Issues of the Week have looked at information policy including encryption:
Last spring, economist and anarcho-capitalist David Friedman taught a class on Computers, Crime and Privacy at Santa Clara Law School.
He has also authored two excellent papers on the need for strong encryption:
RSA is one of the leading companies in providing strong encryption methods to industry. In this press release from last June, RSA demonstrates that the current level of exportable encryption can be broken through brute force methods by determined individuals, proving that stronger encryption is necessary.
RSA president Jim Bidzos questions the government's rush to legislate encryption policy without fully examining the consequences in "The Encryption Debate: Too Much at Stake to Rush to Legislation."
Two excellent FAQs are also available from RSA: The "RSA Labs FAQ" discusses computer cryptography on a technical level and the "Export FAQ" (Adobe Acrobat only) discusses the intricasies of export regulations.
Whitfield Diffie, one of the pioneers of public key encryption sits in the Hotseat to discuss the "Evolution of Encryption."
In "Clipper's Last Gasp," Todd Lappin discusses some of the proposed legislation to liberalize encryption policy.
The Organization for Economic Cooperation and Development failed to completely endorse the Clinton Administration's policies earlier this year, a good analysis of this is available under "OECD Rejects US Crypto Policy."
In "Welcome to the Freeh World," Brock Meeks discusses the FBI director's testimony before a Senate hearing last year on key escrow.
Even conservative stalwart Phyllis Schlafly has spoken out against the government's restrictions on encryption. Her two columns "Encryption Is Essential to Freedom" and "Don't Let Janet Reno Read Our E-mail" are available from the Eagle Forum.
This even earned her a special mention in Hotwired as a Crypto Defender.
Encryption policy and technology were featured topics in two issues of Forbes this year.
4/21/97
9/8/97
American Civil Liberties Union
The ACLU's response to restrictions on export of encryption software based on free-speech grounds is available in this "Cyber Liberties Report."
Barry Steinhardt comments on government policy at the Security and Freedom Through Encryption (SAFE) Forum last year discusses the civil liberties involved in freeing encryption from regulation.
Phil Zimmerman, creator of the Pretty Good Privacy software and Chief Technology Officer of PGP, Inc. has fought the export restrictions on the front lines for years. His comments on those regulations as well as his testimony before Congress can be found on the PGP Web site.
PGP 5.0 with RSA encryption is available for purchase from PGP, Inc. or the freeware version is available from MIT.
Center for Democracy and Technology
"Why Should I Care About the Cryptography Policy Debate?" explains the importance of encryption technology in today's world.
An analysis of a recent federal court ruling that called export restrictions unconstitutional is available as part of their litigation database. There is also a discussion of the unresolved issues in the Zimmerman case after the Department of Justice dropped its case against him.
Electronic Privacy Information Center
EPIC maintains an extensive archive of government documents related to encryption policy:
Encryption Policy Resource Page
The Encryption Policy Resource Page contains a large collection of news articles, papers, and other information about encryption.
Miscellaneous Resources
return to contents Links to Other Information
Legislation before Congress this session:
Other groups working on encryption policy:
Other resources:
Anti-encryption/fascist resources:
In December 2004 this page was modified significantly from its original form for archiving purposes.
, founded in 1995, is now a part of ISIL.
 |