|
Digital Privacy: The Ethics of Encryption
by Lester Dorman & Phil Lin
Digital Privacy: The Ethics of Encryption
The right of the people to be secure in their persons, houses,
papers, and effects, against unreasonable searches and seizures,
shall not be violated; and no warrants shall issue, but upon
probable cause, supported by oath or affirmation, and particularly
describing the place to be searched and the persons or things to be
seized (United States, Fourth Amendment).
Overview
Introduction
The Clipper Chip: Pros and Cons
Other Encryption Alternatives
The Clinton Administration Policy: Rants and Raves
Ethical Considerations
Conclusion
Works Cited
Notes
Introduction
Privacy. It is supposed to be protected under the Fourth
Amendment of the United States Constitution, right? Think again.
Recent events have precipitated a Constitutional crisis in America,
jeopardizing every citizen's basic right to personal privacy. Before
the advent of the electronic age, it was customary for confidential
documents to be placed under lock and key. Physical access was
required to obtain these contracts, letters, or reports; as a result, if
law enforcement agencies suspected a private party of some illegal
activity, a request for a search warrant would be made. Upon the
issuing of such a warrant, these agencies could then "legally" search
and seize. Now, however, with computers becoming a larger part of
everyone's daily lives, the distinction between the tangible and the
intangible has begun to break down. Unprecedented powers in data
communications are being realized; today, people conduct business
transactions and communicate with others through the vast universe
of zeros and ones. In addition, there has been a growing movement
toward electronic storage of confidential and public documents.
Within this electrosphere, never has it been easier to intercept and
gain access to information once belonging to the realm of paper.
Data flowing on tomorrow's information superhighways will need
to be protected, but the question remains as to how this will be
handled and by whom. Recent government initiatives attempt to
solve this problem; however, their "solution" contains an alarming
threat aimed at the very core of the Constitution--personal privacy.
If personal privacy in the United States is entirely compromised or
outlawed, this country will have taken its first step towards its own
dissolution.
If we put the desires of the police and the government ahead of the
rights of citizens often enough, we may find that we are living in a
police state. We must ensure that these rights, recognized by law,
are supported rather than undermined by technology. While some
members of the government and other concerned watchdogs of
society may consider it unethical to allow criminals and "enemies
of the state" access to impenetrable encryption, there are many law-
abiding citizens that justifiably consider it equally unethical to
allow the government "back-door" access to their private
correspondence and business transactions. This poses an
interesting dilemma for traditional ethical theories: "When does the
pursuit of national security begin to infringe upon the rights of the
individual?" Deontological and utilitarian theories of ethics differ
in their approach to this dilemma. Should the government succeed
in its attempt to enforce its encryption standard, some of the rights
of the individual would be compromised for the sake of the
utilitarian good.
The Clipper Chip: Pros and Cons
The Government is entering the digital age by promoting to
individuals and businesses the use of an encryption chip called
Clipper. Encryption is the art of enciphering a message, rendering it
unreadable to anyone but the intended recipient. Clipper is a
computer chip that will be incorporated into various
telecommunications devices--telephones, fax machines, and
modems. When two Clipper machines successfully connect with
each other, the sending machine will encrypt the data--a voice, fax,
or data file; upon receipt of the data and the special key needed to
decrypt, or unlock, the message, the receiver's machine will
decipher the data--this complex process will be hidden from the
user. The encryption algorithm that the Clipper Chip uses, known
as Skipjack, is currently classified by the government. The National
Security Agency, NSA, states that the Skipjack has been developed
and tested over the past ten years. They, however, refuse to allow
release of the algorithm for review by the civilian intellectual
community; hence, one must take the government's word on
Skipjack's reliability and robustness. The Clipper Chip and
Skipjack are integral parts to the Escrow Encryption Standard, a
government proposal for the new Federal Information Processing
Standard (FIPS). EES will replace the aging Data Encryption
Standard, DES, as the preferred method for encrypting sensitive,
unclassified data. EES, the government states, will offer people
secure telecommunications capabilities in tomorrow's digital age.
Given this description of Clipper, one might wonder why there is
such an uproar concerning it. The reason why many people and
organizations across the country are diametrically opposed to
Clipper is that each machine's special encryption/decryption keys
will be held in escrow by the government. For each Clipper Chip
manufactured, there will be two keys created; one key will be
placed within the Clipper Chip and another identical one will be
split into two components that must be recombined in order to
decrypt communications. Entrusting them to two separate agencies
ensures that someone who has knowledge of one key component
cannot make decryption any more feasible without knowing the
other one (United States, Dept. of Justice, Attorney General). The
government has designated that the National Institute for Standards
and Technology (NIST) and the Automated Systems Division of the
Department of Treasury will be the two escrow agencies for Clipper
keys. With reasonable suspicion and a court order, law enforcement
agencies will be able to retrieve the two components of someone's
Clipper keys to have instant access to his or her digital information
traffic. Government officials assure the critics of Clipper that only
with proper authorization and documents will the FBI or other
agencies be provided with the electronic keys necessary to tap into
one's digital information flow. However, nestled at the end of their
authorization procedures' documents is an interesting statement:
These procedures do not create, and are not intended to create, any
substantive rights for individuals intercepted through electronic
surveillance, and noncompliance with these procedures shall not
provide the basis for any motion to suppress or other objection to
the introduction of electronic surveillance evidence lawfully
acquired (United States, Dept. of Justice, Authorization
Procedures).
Put simply, if the government does not follow its own rules,
evidence not "lawfully acquired" would not be suppressed or
dismissed in a court of law.
But should the government be putting the "good of the country",
whatever they interpret that to mean, ahead of its citizen's rights?
Immanuel Kant's ultimate principle of ethical behavior states that
one should "Act in such a way that you treat humanity, whether in
your own person or in the person of another, always at the same
time as an end and never simply as a means" (Kant P. 36).
History tells us that the government is often inconsistent in its
assessment of what comprises a bona-fide threat to national
security, as the details of the Steven Jackson Games case discussed
later in this paper show. Government and ethics do not always go
hand-in-hand; and where technology has the capacity to support
individual rights, should the government suppress the use of that
technology because it could be abused by criminals? Past U.S.
Government officials have, in certain cases, acted unethically. The
unjust actions of J. Edgar Hoover and the Joseph McCarthy "witch-
hunts" are prime examples. Hopefully, we have learned from our
history and will keep a watchful eye on our government to keep
such abuses in check.
There are many organizations that are dedicated to protecting
privacy rights as America goes digital. For instance, the Electronic
Frontier Foundation (EFF), founded in July, 1990, is committed to
ensuring "that the principles embodied in the Constitution and the
Bill of Rights are protected as new communications technologies
emerge" (EFF, General Information). Mitch Kapor (1), chairman
and co-founder of the EFF, believes that this emerging data
superhighway will bring forth questions of paramount importance
regarding Constitutional rights. He states:
We founded the Electronic Frontier Foundation (EFF) based on a
shared conviction that a new public interest advocacy organization
was needed to educate the public about the democratic potential of
new computer and communications technologies and to work to
develop and seek to implement public policies to maximize
freedom, competitiveness, and civil liberty in the electronic social
environments being created by new computer and communications
technologies (Kapor).
Even so, numerous legal precedents are being created, potentially
allowing the government to infringe on basic privacy rights without
legal reprisal. In 1991, the Rehnquist Court declared that "in the
presence of 'probable cause'--an inviting phrase--law enforcement
officials could search first and obtain warrants later" (Barlow 17).
This conflicts with the Fourth Amendment's declaration that law
officers must first obtain warrants before searching and seizing.
Such rulings are now threatening the electronic realm. It is
conceivable that law enforcement agencies could begin routinely
probing everyone's electronic mail--with probable cause, of course.
In light of these recent events, some have suggested that the Fourth
Amendment be recast as follows:
The right of the people to be secure in their persons, houses,
papers, and effects against unreasonable searches and seizures, may
be suspended to protect public welfare, and upon the unsupported
suspicion of law enforcement officials, any place or conveyance
shall be subject to immediate search, and any such places or
conveyances or property within them may be permanently
confiscated without further judicial proceeding (Barlow 18).
In a speech at the Superhighway Summit at UCLA,
January 11, 1994, Vice President Gore justified government policy
concerning privacy with the following statement: "We'll help law
enforcement agencies thwart criminals and terrorists who might use
advanced telecommunications to commit crimes" (Gore, Remarks).
The government is stating that Clipper will be solely a voluntary
choice and standard for data encryption. They assure us the Escrow
Encryption Standard will help to preserve national security by
allowing law enforcement organizations, with proper authorization,
to tap into the possible communications of drug traffickers,
terrorists, and other criminals. "Encryption is a law and order issue
since it can be used by criminals to thwart wiretaps and avoid
detection and prosecution. It also has huge strategic value.
Encryption technology and cryptoanalysis turned the tide in the
Pacific and elsewhere during World War II" (Gore, Statement of the
Vice President). However, if Clipper will be a voluntary standard,
what is going to stop "criminals" from using alternative forms of
encryption? After all, FBI and NSA representatives, on a visit to
Bell Labs, stated that they expected to catch "only the stupid
criminals" through the escrow system (Blaze). In some respects, it
seems counterintuitive that the government has not expressed any
thoughts restricting or even banning the use of alternative
encryption systems.
Perhaps by appealing to industry's sense of utilitarian good, along
with some persuasive arm-twisting, the government can effectively
force the computer industry to adopt a restricted encryption
standard. It might appear that a unique technology standard would
inhibit our trade relations with the rest of the world-- many believe
that such stubbornness led to the demise of the U.S. motor industry
in the 70's and 80's and that a similar fate lies in store for our
software industry should we insist on a different standard of
encryption from the rest of the world. However, upon further
examination, we see that it is not unprecedented for different
countries to have different technological standards. One only has to
travel abroad and try to plug in a hair dryer in a foreign hotel or
drive a rental car on the other side of the highway to quickly realize
that countries can trade despite grossly incompatible standards.
Moreover, the issue is not only a business one; it is also one of
privacy and of national security. We should realize that all sides
have something to lose if one form of encryption policy, be it
restricted or unrestricted, is decided upon over the other.
The main concern of the American government is that both internal
and foreign subversives will use un-crackable encryption to
undermine national and international security. Furthermore, it does
not seem logical that the privacy of the on-line community should
be any more sacred than that of those using any other current form
of communication. In fact, the internet poses a new problem for
national security since it has the power to unite so many people so
quickly. Should enough people decide to conspire to threaten the
status-quo and utilize this new technology, the government could
be rendered powerless to combat them assuming that their
communications were un-detectable. Since it is in the national
interest to prevent crimes against the state, the government must
retain the power to do so. According to the Greatest Happiness
Principle of utilitarian theory, we should:
Do that act which produces the greatest balance of happiness over
unhappiness, or, if no act possible under the circumstances does
this, do the one which produces the smallest balance of
unhappiness over happiness (Erhmann P.28).
In light of the Oklahoma City and World Trade Center bombings
recently, such concerns are not entirely unwarranted.
Before deciding to enforce Clipper on the country and all who do
business with us, however, we must consider the possible benefits
and drawbacks. The basic tenet of utilitarian ethics holds that
choosing an action to promote the maximum happiness at the cost
of limited unhappiness (loss of rights for some) is the right thing to
do, and thus would justify the use of restricted encryption.
However, before we go ahead and sacrifice the rights of anyone, we
should have a strong measure of confidence that the benefits we are
getting in return justify the loss of rights of the few. We must also
consider that it might be the case that "by outlawing unrestricted
encryption, only the outlaws will get to use it," which some have
suggested will inevitably happen. In this case, the government
would have failed in its purpose.
Other Encryption Alternatives
There are, of course, other encryption alternatives besides Clipper.
Over the years, scientists have devised various mathematical
algorithms to encrypt information. Some of the more popular forms
of encryption include single-key, public-key, and hybrid systems.
Single-key, or conventional, has been widely used for countless
years. It relies on a single key to perform both the encryption and
decryption operations. For example, suppose one received the
encrypted message, "Zrrg zr abba gbqnl ng gur cvre!" along with the
special decryption key, "Add or subtract 13 from each letter to get
the correct sentence." Thus 'g' becomes 't,' 'r' becomes 'e,' and so on.
Decryption would render the encrypted file into plaintext, or
unencrypted data¥"Meet me noon today at the pier!" Examples of
conventional cryptosystems include, DES and the International
Data Encryption Algorithm (IDEA).
As the old adage claims, "A chain is only as strong as its weakest
link." With conventional encryption, somehow the key must be
transmitted securely to the intended recipient. If the two parties are
using secure means to transmit keys, why would there be a need to
encrypt the data? Use of conventional encryption is often more
trouble because of the added hassle of transferring keys to and from
recipients. Public-key cryptography is a relatively new form of
cryptography that is becoming more and more popular among the
public and private sector. This form of encryption solves the need
for secure channels in key distribution by using two complementary
keys for encryption and decryption--a public and secret key. A
person's public key can be distributed freely to anyone who wants
to encrypt data to him. The secret or private key is used to decrypt
data that is encrypted using one's public key. The secret key can
also sign messages, creating, in effect, digital signatures; the public
key, then, is used to verify messages with electronic John
Hancock's. The standard today for public-key cryptography is the
RSA algorithm.(2)
The strength of the encryption systems depend on the algorithm
being used. For instance, the aforementioned DES algorithm,
created by IBM and the NSA in the 1970s, uses a 56-bit key size,
meaning there are 256 possible combinations of keys that can be
used to encrypt and decrypt data. Advances in computer technology
today now make it possible, by brute force (3) cracking, to break a
particular DES encrypted message in a few days. These advances
represent some reasons as to why the Clinton Administration and
the NSA are strongly pushing for Clipper--as DES nears the end of
its useful life, there will be a need for new ways to protect sensitive
data. Another example of a conventional algorithm is the
International Data Encryption Algorithm, IDEA. It uses a 128-bit
key, which means it would require years or decades to crack an
IDEA encrypted message with brute force cracking. Keys used in
public-key cryptography are often large in size--some use 1024-bit
keys; as a result, cryptoanalysis, the field of mathematical analysis
of encryption algorithms, is used. Without resorting to brute-force
methods, scientists look for mathematical loopholes in encryption
algorithms that would make them easier to break. Thus far, IDEA
has resisted cryptoanalytical attacks far better than DES or other
conventional ciphers.
The use of large key sizes in public-key cryptography makes for
slow and unwieldy encryption systems; Phil Zimmerman, the
author of Pretty Good Privacy (PGP), a freely available though
supposedly illegal piece of encryption software (4), states that "a
really good conventional cipher might possibly be harder to crack
than even a 'military grade' RSA key. But the attraction of public
key cryptography is not because it is intrinsically stronger than a
conventional cipher--its appeal is because it helps you manage keys
more conveniently" (Zimmerman, PGP Manual). Recently, a new
type of cryptosystem has been appearing that combines the speed of
conventional encryption with the superior key management abilities
of public-key cryptography--hybrid cryptosystems. Basically, these
systems work by initially encrypting a message with a conventional
single-session key, one that is sufficiently large enough to resist
cracking yet small enough to be fast and efficient at processing
data. This session key is subsequently encrypted with the
recipient's public key. This method of encryption is ideal because it
offers a compromise between speed and security. Use of a strong
single-key encryption algorithm, coupled with a public-key system
can result in near-military grade cryptographic tools, the best of
both possible worlds. PGP and another product called RIPEM both
use variants on the RSA algorithm for public-key encryption. They
differ, however, in their use of a conventional cipher for data
encryption--PGP makes use of the IDEA algorithm for conventional
encryption while RIPEM uses DES for encrypting data.
The Clinton Administration Policy: Rants and Raves
The Clinton Administration assures the public that other
encryption products on the market today will coexist "peacefully"
with Clipper. However, the government, is taking steps to make
other cryptographic methods less appealing. Strict export
restrictions on strong cryptographic tools will restrict the usage of
all cryptography other than Clipper, for those wishing to
communicate beyond the U.S. Also, by saturating the market with
Clipper--enabled devices within the next few years, the government
hopes that Clipper will become the standard for "secure" data
transmissions--in the United States and hopefully abroad as well.
Granted, this could pose somewhat of a hurdle to international
trade. For example, what would foreign businesses think if they
were obliged to use Clipper just to communicate with their U.S.
counterparts? Worldwide communication with Clipper could be
monitored with the same ease and efficiency as with any domestic
device. In a rather Henry Fordian tone, the government seems to be
saying, "You can have any encryption product on the store shelves,
so as long as it's Clipper."
In fact, strong cryptosystems are considered as munitions under
current policy, meaning they are illegal to export without proper
authorization from the Secretary of State. Thus, when U.S. software
companies create certain types of software for export, they have to
create two products, one with encryption capabilities for U.S. usage
only and one for export (with encryption disabled) (5). Stephen
Walker, founder and President of Trusted Information Systems (6)
argues:
The stakes for the software industry are high. The U.S. holds 75%
of the global market for packaged software. Most software
companies make 35-40% of their revenue from exports; for some
companies exports are as much as 50% of their business. When
demand for cryptographic products is increasing, export restrictions
essentially place an "earnings cap" on U.S. software publishers...
Those seeking improved privacy protection argue that encryption is
needed to support worldwide business operations and good quality
cryptography is already available worldwide. Continuing U.S.
Government restrictions are only penalizing U.S. users with inferior
U.S.--developed security products and limiting U.S. industry from
participating in a rapidly growing international marketplace
(Walker).
Walker further states that competing data scramblers from private
companies are being stymied by the government. For example,
AT&T currently sells secure telecommunications devices using
either DES or some other proprietary encryption algorithms. These
products are manufactured in Switzerland and are imported into the
United States (7) for sale. However, if one of these devices break,
they cannot be returned for repair to the manufacturer due to these
export restrictions (Walker).
In support of the Clinton administration's policies, Dr. Dorothy
Denning, a professor of computer science at Georgetown
University, believes that government sponsored data encryption
standards are the only way to help preserve one's privacy and
uphold the law against criminals. She fears that opening up U.S.
markets for encryption products will result in total chaos. Terrorists
and other criminals will use strong unregulated encryption products
to plan events such as the recent bombing of the World Trade
Center. In Newsday, Denning writes:
If the opponents get their way... all communications on the
information highway would be immune from lawful interception. In
a world threatened by international organized crime, terrorism, and
rogue governments, this would be folly. In testimony before
Congress, Donald Delaney, senior investigator with the New York
State Police, warned that if we adopted an encoding standard that
did not permit lawful intercepts, we would have havoc in the United
States."
Encoding technologies, which offer privacy, are on a collision
course with a major crime-fighting tool: wiretapping. Now the
Clipper chip shows that strong encoding can be made available in a
way that protects private communications but does not harm society
if it gets into the wrong hands. Clipper is a good idea, and it needs
support from people who recognize the need for both privacy and
effective law enforcement on the information highway (Denning).
Denning concedes that the thought of the FBI wiretapping her
communications is as appealing to her as having them search and
seize anything in her home; however, she argues that the
Constitution does not give people absolute privacy from court-
ordered searches and seizures. She believes that lawlessness would
prevail if unbreakable encryption were readily available to the
public. Denning is placing trust in the government not to abuse the
powers vested to them; in other words, she presumes the
government will not illegally tap into "law abiding" citizens'
information network. In exchange, criminals using these
"voluntary" encryption mechanisms will be caught, thus preserving
national security. However, we can trust the government only as far
as the people that comprise it. We must always be vigilant of our
leaders, because if high-ranking officials within the administration
cannot be trusted, we would be foolish to place our private lives
into their hands. It is conceivable that the greatest threat to national
security could not lie within the people, but within the government
itself!
Will national security be compromised if everyone were allowed
unlimited use of strong, unregulated encryption products?
Intuitively, this would seem to be the case. It is true, though, that
some hold a different view. John Gilmore (8) states:
I don't think so. We are not asking to threaten the national security.
We're asking to discard a Cold War bureaucratic idea of national
security which is obsolete. My response to the NSA is: Show us.
Show the public how your ability to violate the privacy of any
citizen has prevented a major disaster. They're abridging the
freedom and privacy of all citizens--to defend us against a
bogeyman that they will not explain. The decision to literally trade
away our privacy is one that must be made by the whole society,
not made unilaterally by a military spy agency (qtd. in Levy 58).
In November, 1992, John Gilmore, an ex-Sun
Microsystems employee, became entangled with the National
Security Agency (NSA) when he attempted to release "confidential"
documents on cryptography that he found in a library. The NSA
notified him that distribution of these documents was in violation
with the Espionage Act, meaning a possible ten year prison
sentence for him. Gilmore subsequently challenged "the NSA's
refusal to follow the Freedom of Information Act's (FOIA)
protocols in releasing requested documents" in court. He, worried
about a surprise search and seizure by the government, hid copies
of the document and had an article on his story published in the
San Francisco Examiner. Two days later, the NSA "officially"
declassified the texts (Levy 58).
In a speech, John Gilmore presents some of his thoughts on
Congress's technology policy:
The Executive Branch is already advocating broad wiretapping, and
banning of privacy technologies, and they don't even own the
network. If the government owned the network, there'd be no
stopping them... If Congress truly believes in the Bill of Rights, it
should get the hell our of the networking business and stay out of
it... Privacy and authenticity are key to reliable and trustworthy
social and business interactions over networks (qtd. in Levy 58).
Not everyone has been as lucky as Gilmore in avoiding the sudden
and forceful wrath of the government intrusion. Numerous
incidents of unreasonable searches and seizures by the government
and law enforcement can be cited, leading some to argue that the
statute protecting individuals against unlawful searches and
seizures in the Fourth Amendment no longer applies (Barlow 17).
Those working at Steve Jackson Games could not agree more. On
March 1, 1990, SJG, an Austin, Texas, based producer of fantasy
role-playing games (FRPG), was raided by Secret Service agents.
These agents believed SJG was producing a computer hacker
handbook; in fact, SJG was creating a computer hacker handbook...
for one of their board games. However, the Secret Service saw this
as a pernicious threat to "national security." As a result, the FBI
took every last scrap of electronic equipment--computers, disks,
and business records; at the time of the raid, no mention was given
as to why SJG was being searched and their equipment seized.
With the help of the EFF and after a lengthy lawsuit, the Secret
Service returned some of the original equipment and manuscripts
confiscated, but left no official apology to Steve Jackson Games. In
the interim, the company nearly went bankrupt, and Steve Jackson,
the company founder and President, was forced to lay off over 50%
of his employees to keep the company financially afloat. Not only
has the Fourth Amendment been quietly dusted underneath judicial
decisions, but the Fifth Amendment has met a similar fate as well.
Innocent till proven guilty? John P. Barlow, co-founder of the EFF
and an outspoken critic on government's technology policy offers
today's Fifth:
Any person may be held to answer for a capital, or otherwise
infamous crime involving illicit substances, terrorism, or child
pornography, or upon any suspicion whatever; and may be subject
for the same offense to be twice put in jeopardy of life or limb,
once by the state courts and again by the federal judiciary; and may
be compelled by various means, included the force submission of
breath samples, bodily fluids, or encryption keys, to be a witness
against himself, refusal to do so constituting an admission of guilt;
and may be deprived of life, liberty, or property without further
legal delay; and any property thereby forfeited shall be dedicated to
the discretionary use of law enforcement agencies (Barlow 19).
Ethical Considerations
Encryption and the right to privacy go hand in hand with every
American citizen's basic rights. In creating the Bill of Rights, the
founding fathers explicitly placed obstacles in front of the
government to allow for such freedom as privacy, speech, and
religion. Over the years, the government has sought to refine and
positively add to the Bill of Rights with various legislative actions.
In fact, in an interview, Vice President Gore is quoted:
And sometimes the automatic assumption that you can simply
create a new technology to solve a problem like that actually moves
you farther from the solution rather than closer to it. We certainly
see this in environmental problems where what I've called...
'technological hubris' can create more problems than it solves
(Gore, Interview).
So we must be extremely careful in finding a solution to this
problem that we actually make responsible and informed choices
and that we not get entangled in the so-called hubris. For example,
we have been repeatedly reminded of the nightmare scenario where
Clipper does not seem to be safeguarding our privacy, but instead
provides the government with an electronic surveillance camera
aimed straight at every citizen's digital information. The
government, with reasonable cause, of course, will know where we
are, what we are doing, and with whom we are dealing. If the Big
Brother has his way, it shall soon become possible, with a single
flick of a switch, to instantly gain access to all of the digital
information flow into and out of the United States. The network of
surveillance that the government wants to install could be a move to
reduce the rights of an individual to personal privacy to dust
(Banisar).
Indeed, if we were ever to fall prey to a totalitarian government,
encryption privacy would be an invaluable tool in the fight for
regaining our freedom. Phil Zimmerman, the creator of PGP, brings
this point graphically to life by quoting an electronic mail (e-mail)
message he received from a Latvian, at the time of Boris Yeltsin's
attacks on the Russian Parliament:
Phil I wish you to know: let it never be, but if dictatorship takes
over Russia your PGP is widespread from Baltic to Far East now
and will help democratic people if necessary. Thanks (Zimmerman,
Testimony).
It is best, though, to keep things in perspective. While alarmists and
conspiracy theorists might spread horrible tales of gloom and doom
that suggest otherwise, we should remember that we do in fact live
in a democratic society. Throughout the course of our country's
history, we as a nation have decided that our law enforcement
mechanisms should be empowered to search our possessions and
monitor our phone communications, if a judge determines that it is
necessary and appropriate. We have relinquished absolute personal
freedom in exchange for protection from unscrupulous individuals
who could harm ourselves and others.
And since we live in a society where absolute personal freedom
doesn't exist, and never actually has, it seems fallacious to claim
that we should in fact have that right in cyberspace. While it is
important for citizens to keep a watchful eye on the government and
keep it from abusing its power, it nevertheless seems quite narrow-
minded and irresponsible to always consider the government to be
the enemy who is just waiting to harm us as soon as it gets the
chance.
Ethically speaking, it seems that the greatest good for the greatest
number of people is realized when the citizens of this nation can
live secure in the knowledge that their government will be able to
combat and punish any attempt to harm them. Moreover, people
should always be treated as means and not ends, and when this
doesn't happen there needs to be some body (i.e. the government)
which has the power to step in and make things right.
Conclusion
So we have seen that the issue of digital privacy is a complex one
indeed. On the one hand, we must be vigilant to keep our society
from turning into an futuristic Orwellian nightmare in which the
government monitors our ever move. However, at the same time we
must invest some trust in our government and allow it the ability to
intervene and enforce the law in situations where it is broken. Thus,
while the Clipper Chip has its flaws (as any number of its
detractors will vehemently point out), it seems that allowing the
government some mechanism to enforce the law is the best solution
that we can have to preserve both our society and the rights of the
individuals that comprise it.
Works Cited
Banisar, Dave. CPSR Alert. 13 Jan. 1994: n.p. USENET:
comp.society.privacy.
Barlow, John Perry. "Bill O' Rights." Mondo 2000. January, 1994:
17-19.
Blaze, Matt. "Notes on key escrow meeting with NSA." 2 Feb.
1994. USENET: alt.privacy.clipper.
Denning, Dorothy Elizabeth Robling. "The Clipper Chip Will
Block Crime." Newsday: n.p. USENET: alt.privacy.clipper.
Electronic Frontier Foundation. EFF Announces Its Official Policy
on Cryptography and Privacy. N.p.: EFF, 8 Dec. 1993. ftp.eff.org
file.
Electronic Frontier Foundation. General Information About the
Electronic Frontier Foundation. N.p.: EFF, n.p. ftp.eff.org file.
Electronic Frontier Foundation. EFF Wants You (to add your voice
to the crypto fight!) N.p.: EFF, 7 Feb. 1994, n.p. USENET:
alt.privacy.clipper.
Erman, M. David, et al. Computers, Ethics, and Society. Oxford
University Press, 1990.
Gore, Al. Interview. By Lawrence J. Magid. Microtimes 8 Feb.
1994: 26-31.
Gore, Al. Remarks (as prepared). Royce Hall. University of
California Los Angeles. 11 Jan. 1994. ftp.eff.org file.
Gore, Al. Statement of the Vice President. White House: Office of
the Vice President. 4, Feb. 1994. ftp.eff.org file.
Kant, Immanuel. Metaphysical Principles of Virtue. Handout #5,
CS201. Prof. E. Roberts ed.
Kapor, Mitchell. Testimony. "Telecommunications Infrastructure
Legislation And Proposals." Telecommunications And Finance
House Energy And Commerce Committee. Washington DC, 24
Oct. 1991. ftp.eff.org file.
Levy, Steven. "Crypto Rebels." WIRED May-June 1993: 54-61.
United States. Fourth Amendment. ftp.eff.org file.
United States. Dept. of Justice. Authorization Procedures For
Release Of Encryption Key Components. Washington, DC: N.p., 4
Feb. 1994. USENET: alt.privacy.clipper.
United States. Dept. of Justice. Attorney General Makes Key
Escrow Announcements. Washington, DC: N.p., 4 Feb. 1994.
USENET: alt.privacy.clipper.
Walker, Stephen T. Testimony. Subcommittee on Economic Policy,
Trade and Environment Committee on Foreign Affairs U.S. House
of Representatives. Washington DC, 12 Oct. 1993. ftp.eff.org file.
"Chipping Away At Privacy?" Washington Post. 30 May, 1993 H1,
H4. USENET: alt.security.clipper.
Zimmermann, Philip, et al. PGP. Vers. 2.3. Computer Software.
N.p., 1993. soda.berkeley.edu file.
------. Testimony. Subcommittee on Economic Policy, Trade and
Environment Committee on Foreign Affairs U.S. House of
Representatives. Washington DC, 12 Oct. 1993. ftp.eff.org file.
Notes
1
Mitch Kapor is probably best known as the founder of Lotus
Development Corporation. They have developed the best-selling
spreadsheet software program Lotus 1-2-3 and numerous other
products.
2
RSA stands for the names of its creators: Rivest, Shamir, and
Adleman. Patents for the RSA algorithm are held by Public Key
Partners (PKP). PKP subsequently licensed RSA to RSA Data
Security, who sells its privacy and authentication products to
businesses such as Apple, Microsoft, and AT&T.
3
Brute force cracking involves using computers to try using all
possible combinations of passwords to break an encrypted message.
4
PGP is considered, in the United States, illegal because it violates
export law and certain patents held by RSA. Nevertheless, PGP has
garnered quite a following in the United States and across the
world. Incidentally, the RSA patent holds only in the US and
Canada, meaning users in Germany or England can use PGP with
impunity
5
Or, these software companies don't even create two separate
products, but a single one lacking encryption capabilities.
6
Trusted Information Systems, Inc. (TIS) is a ten year old firm
specializing in research, product development, and consulting in
the fields of computer and communications security (Walker).
7
Strangely enough, while the United States restricts the exportation
of strong encryption products, it does not restrict the importation of
strong encryption products.
8
John Gilmore is also a co-founder for the Electronic Frontier Foundation.
This project was completed by Lester Dorman, Phil Lin, Adam Tow, and Stanford University
|
|
