The Encryption Wars: Is Privacy Good Or Bad?

There was a moment of weirdness late last month in Burlingame, Calif., when a 41-year-old computer programmer, looking slightly uncomfortable in a tailored suit, ambled up to a podium to accept the coveted Pioneer award from the Electronic Frontier Foundation. "I think it's ironic," said Phil Zimmermann, "that the thing I'm being honored for is the same thing that I might be indicted for."

For two years, a federal prosecutor in San Jose has been investigating Zimmermann for violating export regulations in distributing what is probably the world's most popular software for protecting electronic communications. People who use his Pretty Good Privacy (PGP) program-for which he charges no fee -regard the Boulder, Colo., father of two as a hero, the person who has granted them the freedom, as he puts it, "to whisper something in someone's ear a thousand miles away." But the U.S. government sees the global proliferation of PGP and similar programs as a menace-and, maybe, a crime. Therein lie the contradictions and frustrations of the crypto war, one of the most contentious struggles of the Information Age.

Zimmermann's schizoid status as freedom fighter and potential crook illustrates the double-edged nature of cryptography, the technology that scrambles messages and data so that eavesdroppers or snoopers cannot read them. For much of the cold-war era, cryptography was the province of the military and intelligence agencies; uncrackable codes were reserved for the eyes-only crowd. But 20 years ago a long-haired computer hacker named Whitfield Diffie teamed with Stanford professor Martin Hellman to devise a breakthrough called public key cryptography that, combined with cheap and powerful microcomputers, helped to democratize crypto. The ciphers of secrecy could now be used as a shield of privacy.

Diffie and others in those days assumed that the technology would proliferate instantly, but now he admits they were overoptimistic. Crypto is still the exception rather than the rule. Yet it has never been needed more than today. just ask Prince Charles, who wishes he had used a secure phone, not a cellular, to utter his vulgar nothings to Camilla Parker Bowles. More to the point, everyone involved in building, cruising and conducting commerce on the Information Highway recognizes crypto as the essential means of safeguarding our electronic mail and the security of our financial transactions. When Tsutomu Shimomura, the cybersleuth who snagged uberhacker Kevin Mitnick earlier this year, was asked how we might ease our vulnerability to technocrooks, he replied tersely, "strong encryption." Jim Bidzos, president of RSA Data Security, the leading vendor of encryption technologies, explains: "Encryption can make information useless to hackers and thieves-it's as if you're frustrating someone who breaks into your house, because all the valuables are locked inside of a safe with six-inch walls."

So what's stopping the proliferation of uncrackable crypto in all our software and phones? Critics point to the government. It doesn't want us to communicate and store data in complete security not without safeguards to protect society from the abuses of privacy.

The FBI, for instance, does not want criminals making phone calls or sending messages it cannot monitor by legal wiretaps. "We're in the business of criminal information-conspiracies of terrorists, drug dealers, fraud," says James Kallstrom, FBI assistant director in charge of the New York office. "If we're closed off from that information, it will alter the balance of power between us and the criminals." And the National Security Agency, formed by secret order in the dawn of the cold war specifically to create our codes and monitor the communications of our foes, considers the spread of strong crypto a threat to the national security. Not long after the 1993 Inauguration, the NSA convinced the infowarriors in the Clinton-Gore camp that this was one issue where they should buck their allies in the computer world. "We think it would be irresponsible for the administration to ignore the fact that encryption could be used for criminal activities as well as legitimate business purposes," says Michael R. Nelson, a White House adviser on technology policy.

The government has a two-pronged plan to fight the spread of unrestrained encryption-the prospect joyously labeled by self-described cypherpunk rebels as "crypto anarchy." The first initiative involves a compromise wherein very strong crypto is indeed built into systems, but with a loophole that allows the government to decrypt selected conversations. This is known as key escrow. It first appeared with the Clipper Chip, a hardware device placed into telephones that jumbles up conversations in transit so that eavesdroppers hear only static. But the Clipper phones send out an extra message that points legal wiretappers to a digital key that would unscramble the conversation. The keys are stored in government-controlled escrow agencies. By buying 10,000 of the phones and proposing the Clipper as a voluntary standard, the U.S. government hoped that the public would adopt the compromise. But the Clipper not only earned the ire of every weenie on the Net (47,000 of them signed an electronic petition against it), it flopped in the marketplace. Now the government is entertaining alternative escrow schemes, including one where keys are stored in private hands.

The second way the government deals with crypto is the continued use of its export policy, which regards encryption technologies as a munition; like Stinger missiles or plutonium, it cannot be sent overseas without a license. The difference, of course, is that the basis of cryptography is mathematics, something more slippery to contain than bombs or F-16s. What particularly galls the opponents of the export regulations is the fact that programs similar to those that U.S. companies cannot ship overseas are widely available in countries from Germany to Russia. A study funded by the Software Publishers Association documented several hundred of these programs developed by foreign companies.

But while the export controls apparently don't stop crypto from appearing overseas, they do have a direct effect on encryption built into products created in the United States. Though the government denies that this is the intent, companies like Microsoft and Lotus claim they are in a bind. It is perfectly legal to build uncrackable crypto in products sold in the United States. But if companies grant strong privacy to their domestic users, the government will not let them ship those products to international customers, who often constitute half their revenues. Since it is unwieldy and uncompetitive to ship two versions of the same product - a strong one for the United States and a weak one elsewhere -the alternative is to use wimpy encryption or no encryption at all. This risks losing sales to overseas companies with no such restraints. Meanwhile, users don't get the benefit of an integrated, easy-to-use crypto system.

"Export controls are outdated, they don't work and they cost U.S. business money," says Marc Rotenberg, head of the Electronic Privacy Information Center. But the White House's Nelson disagrees. "Export controls do work," he says, "and they are preventing terrorists from using encryption to commit their crimes."

The ultimate test of the export laws may well be the Zimmermann case. "If the prosecution goes forward, it has the potential of a Zenger trial," says Diffie, now a Distinguished Engineer at Sun Microsystems. The very existence of PGP is a sobering example of how hard it is to contain the crypto genie. Because the mathematics of public key crypto were well known, Zimmermann, though not a cryptographer, was able to build a program so strong that the NSA allegedly cannot crack it. In 1991, as he was finishing his software, he heard of a proposed Senate bill to ban cryptography. So he released his program for free, hoping it would spread so widely that the government could not suppress its use. An early recipient posted PGP to an Internet site, from which anyone, regardless of location, could download it. Was this a violation of the export laws? In an age of electronic distribution, which respects no borders, is it possible to monitor the flow of information? If only a single copy of a software program crosses a border, the smuggler can then distribute thousands more. In light of that, Zimmermann isn't sure how he could have distributed his program to the public without having it leak overseas, short of not releasing it at all.

Currently, PGP is available from MIT's web sites; to download it you simply have to vouch that you are a U.S. citizen. Good enough? When NEWSWEEK asked the NSA whether this system hews to the export regulations, it faxed a reply: "We do not comment on specific distribution systems, but instituting safeguard mechanisms that make it sufficiently difficult for users overseas to access controlled software without proper authorization may be appropriate where distribution of controlled software is desired."

Phil Zimmermann doesn't want to go to jail. But when it comes to balancing the benefits of cryptography with its potential evils, he has made his mind up. Even the news that Pretty Good Privacy has been used to protect the files of suspected child molesters has not dissuaded him from continuing to work on new versions, including PGP Voice, a program that scrambles phone conversations. "I don't like to see criminals use this technology," he says. "If I had invented an automobile, and was told that criminals used it to rob banks, I would feel bad, too. But most people agree the benefits to society that come from automobiles--taking the kids to school, grocery shopping and such out weigh their drawbacks."

That sort of consensus has yet to be reached on cryptography. Until it does, the crypto wars will rage-and privacy will be long in coming to the Information Highway.