 FRONT PAGE Archive Index Feedback |
|
|||||
|
|||||
|
| |||||
Law & Technology
Law and TechnologyWeak Arguments Against Strong Encryption
By Deborah Pierce
Oct 11, 2001 -- Encryption is the math and technology that allows a message to be scrambled to make it unreadable except by the intended recipient. We use it to secure many of our most sensitive transactions. For example, when you use an ATM machine, your account and transaction information is encrypted so that only you can access your account; eavesdroppers are not able to intercept your account information. Likewise, doctors often transfer medical files via computer. Encrypting medical files before emailing them is a great way to ensure that identity thieves and others do not have access to those sensitive records.The debate over whether to allow strong encryption has again taken center stage following the WTC tragedy. Throughout the 1990s law enforcement, the White House, businesses and civil liberties groups debated the pros and cons of uncrackable encryption.
In this reopened debate, the answer remains clear: trying to ban strong encryption is not only futile and wrong, it is destructive as well. "Key escrow" systems--where a "trusted" third party holds a copy of the encryption key--are not any better. The benefits of strong encryption far outweigh the costs.
A "key" is necessary to unlock the encrypted message. For example, in so-called "public key" encryption, each person has a public key that everyone knows and a private key which only they know. Each user's private key allows them to unlock encrypted messages directed to them. This approach allows me to send a message to Bob knowing that nobody else can read it--and allows Bob to know that I am really the person who sent the message.
Banning encryption won't work--and would be a bad idea anyhow
If the encryption is strong enough, when we say that "nobody" can read an encrypted message, this includes law enforcement. Because of this, there have been suggestions that strong encryption should be banned--or that "back doors" should be built in to allow law enforcement access.
First of all, this approach is infeasible. Uncrackable encryption products have been available throughout the world for many years, and much of the best work in encryption is done outside the U.S. And, remember, encryption is just math--it would rather difficult to ban math. If one were somehow able to disable all of the encryption in current products, those who want unbreakable encryption can write their own encryption programs. Terrorists (or criminals in general) are perfectly capable of doing this. Banning strong encryption would lead to denying protection to innocent users, while those we are trying to keep tabs on could still use encryption to hide their activities.
Furthermore, the benefits of strong, unbreakable encryption outweigh the harms. Human rights organizations use encryption to communicate by email with people who would surely be tortured or killed if their communications were made known. Corporations use encryption to protect trade secrets. The security of other sensitive information such as medical records, financial information and transactions could also be compromised. Government uses encryption to protect classified information that we would not want to fall into enemy hands. Mandating weak encryption threatens the security of all of these uses.
Key escrow is no better
Recently Senator Judd Gregg, R-N.H., said that software manufacturers had an obligation to give law enforcement "the technical capability to get the keys to the basic encryption activity." He has called for legislation (not yet introduced as of this writing) that would require encryption users to give a third party the keys to unlock encrypted messages. These keys would then be given to law enforcement with a proper warrant.
Key escrow systems typically require that the encryption user give a copy of their personal encryption keys to a "trusted" third party; this could be a bank or some new office created by Congress. If law enforcement determines that they need to see encrypted files on your computer, they obtain a warrant and go to the third party for a copy of the keys. Only then would law enforcement be able to decrypt your files.
Craig Nathan, founder and Chief Technology Officer of MEconomy in San Francisco says, "Key escrow is the equivalent of allowing the government install a web cam in your bedroom, which they could turn on without your permission or notification any time they thought it might help combat terrorism."
One major problem with key escrow is that keys would be held in one central location. Holding that much information in one place is a huge risk--just ripe for a hacker attack. More generally, these systems suffer from the same difficulty as proposals to ban strong encryption: the "bad guys" simply wouldn't use them.
We need strong encryption
Encryption can be abused, but the benefits far outweigh the risks. Among the benefits of strong encryption are secure banking, transferring medical files from doctor to doctor and not compromise the confidentiality of patient records, and protecting human rights workers. We can continue to enjoy these benefits or we can jeopardize them by installing key escrow systems or banning encryption altogether.
Tia Walker, founder and CEO of Zendit, a Seattle company that offers one click encryption products, warns, "In the aftermath of the terrorist attacks on the United States, we must be careful that the "reduce our civil liberties" bandwagon does not arm itself with this tragedy by instigating and taking advantage of unbridled fear."
Let's hope that decision makers think carefully before they try to weaken encryption systems or ban them altogether.
Reader Comments
Discuss this article in the forums!
| Encrypter | Apr 29, 2003 | Australia | Encrypter |
| u better or else | |||
| fred | Mar 17, 2005 | the moon | farmer |
| wish i had a pc on me moon :S takes ages to get all the way 2 earth 2 find one! | |||
| karl waite | Jan 16, 2006 | scunny | student |
| nice one hu cares | |||
| Anonymous | Jan 16, 2006 | ||
| u wot?? | |||
| Judy Reed | May 09, 2006 | School | Student |
| What about the pros of banning encryption? You've got the cons of it down pretty well, but in order to have a strong arguement, you've got to mention the other opinion. | |||
