NYT Op-Ed (Oct 1, 1997): The Encryption Debate
Underdeveloped
By PETER WAYNER
Police Versus Us:
The Encryption Chasm
F or the last five years, I've been immersed in the debate on
encryption, and during that time I've come to recognize a very
clear division over the issue: Almost everyone supporting the
Clinton administration's plan to rewire the Internet for easy
surveillance draws a government-backed paycheck, and virtually
everyone in the private sector opposes the idea.
A brief conversation last week offered some insight into this
apparent gulf between a government of the people and the people
themselves.
A friend had asked for my help installing a new computer at his
small business. The last three years had been a slow, steady climb
up from nothing, and as he unpacked the machine, he spoke about how
he'd had little money to spend at the beginning. The new computer
was more than just a tool; it was a symbol of how his business was
starting to grow into a success. It had been purchased for a new
employee.
Then he paused to tell me about a conversation he'd had with a
contractor that had failed to deliver.
"I told him that I needed to win each day," my friend recalled. "If
I don't win a contract, I don't get paid. If I don't get paid, no
one at my house eats. This guy was about to screw up the biggest
deal in the office. He doesn't understand that you've got to get it
right from the start."
Many of the people who work in government have a very different
perspective on their jobs. They don't have to worry about deals
going right. If anything they have to wait around for them to go
bad. When hurricanes, riots, robberies, fires, wars, disease or
failed crops come along, they get stuck with the often sad and
difficult job of cleaning up.
This is the basis for the discontent and wide gulf between the
Federal Bureau of Investigation and the rest of the nation. The
business person must be proactive. If he doesn't make things
happen, he doesn't eat. Good, solid encryption lets him control
access to his data and keeps competitors and industrial spies from
snooping into his business. People in government need to be
reactive. If they don't clean up messes swiftly, they may
eventually lose their jobs. The police don't want anything to stand
in their way, and a computer file that can't be read is an
obstacle.
"All of law enforcement is also in total agreement on one aspect of
encryption," FBI Director Louis B. Freeh told a Congressional
committee recently. "The widespread use of uncrackable encryption
will devastate our ability to fight crime and prevent terrorism."
While this may be true for all those who work for government law
enforcement agencies, it is not true of everyone in America who
deals with crime prevention.
The fact is that while citizens are quite thankful to have the
police or the FBI available in times of trouble, they also realize
that the cavalry usually shows up too late to undo the damage.
Putting the arsonist in jail doesn't bring back the house or the
wedding pictures. Arresting the burglar often doesn't recover the
goods in one piece. Prosecuting the rapist does little more than
bring a taste of revenge and the hope of saving some other victim
the pain of assault.
Consider the case of George Gerald Chamberlain, a convicted
pedophile doing time in a Minnesota penitentiary. The police were
shocked to discover last year that a prison computer to which
Chamberlain had access contained a cache of pornography and a list
of children with notations like "latchkey kids," "speech
difficulties," "cute," and "Little Ms. pageant winner." The list
was 52 pages long. Chamberlain denied any connection to it.
The FBI and other parts of the Justice Department often jump on
examples like this and suggest that we should be happy that he
didn't encrypt the list. That's the kind of response that comes
from someone trying to make a case in court and pick up the pieces.
My instinct, however, is completely different. I want the e-mail of
children and the details of their lives to be completely encrypted.
They shouldn't end up on the list in the first place. That's being
proactive.
The really worrisome part is that the FBI's plan to build in
"immediate access" for the police to all files and communication in
America could make the Internet more dangerous. Since prison
officials are part of the law enforcement community, they'll no
doubt share in this "immediate access" to all our data. If
convicted felons could collect pornography and compile lists of
children on a prison's computer system, can anyone promise with a
straight face that a prisoner will never get the warden's backdoor
key to all our files?
Unfortunately, the gulf between the people and the police is
growing. Alan McDonald, a senior FBI official in the battle against
encryption technology, recently described people who dare to
contest the FBI's push for total government access to our data as
"privacy extremists."
This isn't a good way to reach out to the people who argue, quite
reasonably, that the FBI's plan to place the equivalent of a bug in
every computer is not only Orwellian but immensely expensive: it
could result in the largest bureaucracy ever created.
Most people I know, in and out of the computer industry, hate the
FBI's plan to rewire the Internet, not for any deeply held
political or philosophical reason but because it will be a costly
pain in the neck that will produce little in the way of protecting
citizens. After all, criminals, who think nothing of robbing,
stealing and killing, will just use their own encryption while
law-abiding citizens are entrusting a back door key to their data
to the police.
In truth, crime prevention is a partnership. Law enforcement is
only the part that steps in when all else fails. Prevention is the
job of the average person, and in the private sector, where
everyday people live, where a failed deal can destroy a business,
secure encryption is as necessary as a wall safe, a strongbox and a
trustworthy bank.
UNDERDEVELOPED is published weekly, on Wednesdays. Click here for a
list of links to other columns in the series.
Peter Wayner at pwayner@nytimes.com welcomes your comments and
suggestions.
Copyright 1997 The New York Times Company