Clipping Encryption

President Clinton raised a few eyebrows when he announced his support for the Internet Tax Freedom Act, a bill that would place a six-year moratorium on new taxes that apply only to the Internet. The National Governors Association had stridently attacked the bill, and the group assumed its old colleague from Arkansas would follow suit.

Clinton cited the "remarkable growth" of commerce on the Internet and his desire to help "further its growth" as reasons for supporting the tax moratorium. And the president is right to be concerned that the nation's 30,000 state and local taxing authorities could strangle electronic trade with new levies. But there's another set of policies the Clinton administration supports that has shackled the development of Internet commerce and hampered the Net's use as a communications tool: controls on data encryption.

Encryption programs are mathematical formulas that scramble messages sent over data networks. Effective encryption could make any electronic message–e-mail, cell-phone call, or wire transfer–indecipherable to anyone except the sender and the intended recipient. As more people rely on computers, the demand for security in cyberspace will skyrocket.

In an online world, encryption can be an effective way for people to enhance their security. And the Fourth Amendment to the Constitution affirms the right of all individuals to "be secure in their persons, houses, papers, and effects against unreasonable searches and seizures." But the Clinton administration and its allies in law enforcement don't want your communications to be private. With this in mind, the Department of Commerce recently established the President's Export Council Subcommittee on Encryption, a 20-member panel with representatives from law enforcement agencies, high-tech companies, and financial institutions that will advise the White House. This group won't be debating the merits of strong encryption; instead, it will merely rubber-stamp proposals to compromise your privacy that the administration has been hawking unsuccessfully for six years.

Whenever possible, the Clinton administration has conducted discussions about encryption policy away from public scrutiny. The panel will continue that practice. The Web site operated by the Department of Commerce doesn't list the subcommittee, its mission, or its members; nor does the main White House Web site. An article in the CyberWire Dispatch newsletter notes that "all members have received security clearances, and some future meetings will be closed to the public."

Despite the importance of the subcommittee's work, it has garnered little attention from the mainstream press. One week after the panel's first public meeting on February 23, a Nexis search listed only three references to the group: a press release issued by one of the corporate members and two notices of the meeting in a federal daybook for reporters. No major news service covered it.

But if encryption policy is set behind closed doors, the privacy of every law-abiding American will be left to the whims of regulators, cops, and spooks. Current controls date back to the Cold War, when encryption was treated like a weapon. The Department of Commerce now regulates encryption, and it has relaxed some controls. But the restrictions have frozen a fast-moving technology in place, making it vulnerable to hacker attacks. And the feds aren't interested in loosening their grip on encryption without a struggle.

Consider key recovery, the Clinton administration's latest plan to monitor the communications of anyone who uses online services or wireless phones. Users of key recovery software would have to deposit the "keys" that scramble and unscramble their messages with a "trusted third party" (something resembling an escrow agency) which the government could approach if it wanted to intercept private transmissions.

Buying key recovery software to protect your cell phone or your e-mail would be no different from giving government agents the key to your house and trusting that they will never drop by unannounced. It's an invitation for law enforcement agencies (including tax collectors) to monitor anyone who uses encryption.

And if you think constitutional guarantees would protect your privacy as long as you keep your nose clean, you haven't been reading the key recovery proposals Congress is considering. One bill would allow the cops to acquire your keys if they obtained an easy-to-get subpoena, rather than the search warrant typically required to tap a telephone conversation or bug a location for sound. Another would make the mere possession of encryption software that doesn't contain key recovery features (such as the readily available Pretty Good Privacy programs) a criminal offense. The National Sheriffs Association, whose president is a member of the new encryption panel, wants the cops to have access to encrypted messages at any time, without having to go through the inconvenient process of getting a search warrant, or even a subpoena. FBI Director Louis Freeh has testified frequently before Congress, saying that the administration would demand key recovery provisions as part of any new encryption law.

Law enforcement officials claim that allowing strong encryption will prevent them from stopping terrorists, drug dealers, and pedophiles. But criminals won't apply for export licenses–and they won't hand their encryption keys over to a government-friendly third party. Secure encryption can help make sure that the Fourth Amendment remains as important in the online world as it was in the days of quill pens and inkwells.