“Whatever you do will be insignificant, but it is very important that
you do it.”
—Mahatma Gandhi.
It’s personal. It’s private. And it’s no one’s business
but yours. You may be
planning a political campaign, discussing your taxes, or having a secret
romance. Or you may be communicating with a political dissident in a
repressive country. Whatever it is, you don’t want your private electronic
mail
(email) or confidential documents read by anyone else. There’s nothing
wrong
with asserting your privacy. Privacy is as apple-pie as the Constitution.
The right to privacy is spread implicitly throughout the Bill of Rights. But
when the United States Constitution was framed, the Founding Fathers saw
no need to explicitly spell out the right to a private conversation. That would
have been silly. Two hundred years ago, all conversations were private. If
someone else was within earshot, you could just go out behind the barn and
have your conversation there. No one could listen in without your knowledge.
The right to a private conversation was a natural right, not just in a
philosophical sense, but in a law-of-physics sense, given the technology of
the
time.
But with the coming of the information age, starting with the invention of
the
telephone, all that has changed. Now most of our conversations are conducted
electronically. This allows our most intimate conversations to be exposed
without our knowledge. Cellular phone calls may be monitored by anyone
with a radio. Electronic mail, sent across the Internet, is no more secure than
cellular phone calls. Email is rapidly replacing postal mail, becoming the norm
for everyone, not the novelty it was in the past. And email can be routinely
and
automatically scanned for interesting keywords, on a large scale, without
detection. This is like driftnet fishing.
Perhaps you think your email is legitimate enough that encryption is
unwarranted. If you really are a law-abiding citizen with nothing to hide, then
why don’t you always send your paper mail on postcards? Why not submit
to
drug testing on demand? Why require a warrant for police searches of your
house? Are you trying to hide something? If you hide your mail inside
envelopes, does that mean you must be a subversive or a drug dealer, or
maybe a paranoid nut? Do law-abiding citizens have any need to encrypt their
email?
What if everyone believed that law-abiding citizens should use postcards for
their mail? If a nonconformist tried to assert his privacy by using an envelope
for his mail, it would draw suspicion. Perhaps the authorities would open his
mail to see what he’s hiding. Fortunately, we don’t live in that kind
of world,
because everyone protects most of their mail with envelopes. So no one draws
suspicion by asserting their privacy with an envelope. There’s safety in
numbers. Analogously, it would be nice if everyone routinely used encryption
for all their email, innocent or not, so that no one drew suspicion by asserting
their email privacy with encryption. Think of it as a form of solidarity.
Until now, if the government wanted to violate the privacy of ordinary
citizens, they had to expend a certain amount of expense and labor to intercept
and steam open and read paper mail. Or they had to listen to and possibly
transcribe spoken telephone conversation, at least before automatic voice
recognition technology became available. This kind of labor-intensive
monitoring was not practical on a large scale. It was only done in important
cases when it seemed worthwhile.
Senate Bill 266, a 1991 omnibus anticrime bill, had an unsettling measure
buried in it. If this non-binding resolution had become real law, it would have
forced manufacturers of secure communications equipment to insert special
“trap doors” in their products, so that the government could read
anyone’s
encrypted messages. It reads, “It is the sense of Congress that providers
of
electronic communications services and manufacturers of electronic
communications service equipment shall ensure that communications systems
permit the government to obtain the plain text contents of voice, data, and
other communications when appropriately authorized by law.” It was this
bill
that led me to publish PGP electronically for free that year, shortly before
the
measure was defeated after vigorous protest by civil libertarians and industry
groups.
The 1994 Digital Telephony bill mandated that phone companies install
remote wiretapping ports into their central office digital switches, creating
a
new technology infrastructure for “point-and-click” wiretapping, so
that
federal agents no longer have to go out and attach alligator clips to phone
lines. Now they will be able to sit in their headquarters in Washington and
listen in on your phone calls. Of course, the law still requires a court order
for
a wiretap. But while technology infrastructures can persist for generations,
laws and policies can change overnight. Once a communications
infrastructure optimized for surveillance becomes entrenched, a shift in
political conditions may lead to abuse of this new-found power. Political
conditions may shift with the election of a new government, or perhaps more
abruptly from the bombing of a federal building.
A year after the 1994 Digital Telephony bill passed, the FBI disclosed plans
to
require the phone companies to build into their infrastructure the capacity
to
simultaneously wiretap 1 percent of all phone calls in all major U.S. cities.
This
would represent more than a thousandfold increase over previous levels in the
number of phones that could be wiretapped. In previous years, there were
only about a thousand court-ordered wiretaps in the United States per year,
at
the federal, state, and local levels combined. It’s hard to see how the
government could even employ enough judges to sign enough wiretap orders
to wiretap 1 percent of all our phone calls, much less hire enough federal
agents to sit and listen to all that traffic in real time. The only plausible
way of
processing that amount of traffic is a massive Orwellian application of
automated voice recognition technology to sift through it all, searching for
interesting keywords or searching for a particular speaker’s voice. If
the
government doesn’t find the target in the first 1 percent sample, the wiretaps
can be shifted over to a different 1 percent until the target is found, or until
everyone’s phone line has been checked for subversive traffic. The FBI
says
they need this capacity to plan for the future. This plan sparked such outrage
that it was defeated in Congress, at least this time around, in 1995. But the
mere fact that the FBI even asked for these broad powers is revealing of their
agenda. And the defeat of this plan isn’t so reassuring when you consider
that
the 1994 Digital Telephony bill was also defeated the first time it was
introduced, in 1993.
Advances in technology will not permit the maintenance of the status quo, as
far as privacy is concerned. The status quo is unstable. If we do nothing, new
technologies will give the government new automatic surveillance capabilities
that Stalin could never have dreamed of. The only way to hold the line on
privacy in the information age is strong cryptography.
You don’t have to distrust the government to want to use cryptography.
Your
business can be wiretapped by business rivals, organized crime, or foreign
governments. Several foreign governments, for example, admit to using their
signals intelligence against companies from other countries to give their own
corporations a competitive edge. Ironically, the United States government’s
restrictions on cryptography have weakened U.S. corporate defenses against
foreign intelligence and organized crime.
The government knows what a pivotal role cryptography is destined to play
in the power relationship with its people. In April 1993, the Clinton
administration unveiled a bold new encryption policy initiative, which had
been under development at the National Security Agency (NSA) since the start
of the Bush administration. The centerpiece of this initiative was a
government-built encryption device, called the Clipper chip, containing a new
classified NSA encryption algorithm. The government tried to encourage
private industry to design it into all their secure communication products,
such as secure phones, secure faxes, and so on. AT&T put Clipper into its
secure voice products. The catch: At the time of manufacture, each Clipper
chip is loaded with its own unique key, and the government gets to keep a
copy, placed in escrow. Not to worry, though—the government promises that
they will use these keys to read your traffic only “when duly authorized
by
law.” Of course, to make Clipper completely effective, the next logical
step
would be to outlaw other forms of cryptography.
The government initially claimed that using Clipper would be voluntary, that
no one would be forced to use it instead of other types of cryptography. But
the public reaction against the Clipper chip has been strong, stronger than
the
government anticipated. The computer industry has monolithically
proclaimed its opposition to using Clipper. FBI director Louis Freeh
responded to a question in a press conference in 1994 by saying that if Clipper
failed to gain public support, and FBI wiretaps were shut out by
non-government-controlled cryptography, his office would have no choice
but to seek legislative relief. Later, in the aftermath of the Oklahoma City
tragedy, Mr. Freeh testified before the Senate Judiciary Committee that public
availability of strong cryptography must be curtailed by the government
(although no one had suggested that cryptography was used by the bombers).
The Electronic Privacy Information Center (EPIC) obtained some revealing
documents under the Freedom of Information Act. In a briefing document
titled “Encryption: The Threat, Applications and Potential Solutions,”
and
sent to the National Security Council in February 1993, the FBI, NSA, and
Department of Justice (DOJ) concluded that “Technical solutions, such as
they
are, will only work if they are incorporated into all encryption products. To
ensure that this occurs, legislation mandating the use of
Government-approved encryption products or adherence to Government
encryption criteria is required.”
The government has a track record that does not inspire confidence that they
will never abuse our civil liberties. The FBI’s COINTELPRO program targeted
groups that opposed government policies. They spied on the antiwar
movement and the civil rights movement. They wiretapped the phone of
Martin Luther King Jr. Nixon had his enemies list. And then there was the
Watergate mess. Congress now seems intent on passing laws curtailing our
civil liberties on the Internet. At no time in the past century has public distrust
of the government been so broadly distributed across the political spectrum,
as it is today.
If we want to resist this unsettling trend in the government to outlaw
cryptography, one measure we can apply is to use cryptography as much as
we can now while it’s still legal. When use of strong cryptography becomes
popular, it’s harder for the government to criminalize it. Therefore, using
PGP
is good for preserving democracy.
If privacy is outlawed, only outlaws will have privacy. Intelligence agencies
have access to good cryptographic technology. So do the big arms and drug
traffickers. But ordinary people and grassroots political organizations mostly
have not had access to affordable “military grade” public-key cryptographic
technology. Until now.
PGP empowers people to take their privacy into their own hands. There’s
a
growing social need for it. That’s why I created it.