Fueled by images of terrorists disseminating nefarious plots and schemes via encoded Internet communiqu?s, pundits and politicians here and abroad are calling for the restriction of encryption technologies and ballooning government’s existing electronic-surveillance powers.
“The World Trade Center outrage was coordinated on the Internet, without question,” opined London Telegraph Defense Editor John Keegan.
“If Washington is serious in its determination to eliminate terrorism, it will have to forbid Internet providers to allow the transmission of encrypted messages – now encoded by public key ciphers that are unbreakable even by the National Security Agency’s computers – and close down any provider that refuses to comply.”
What about ISPs abroad? “Uncompliant providers on foreign territory should expect their buildings to be destroyed by cruise missiles.”
“I think that there’s a lot of panic and hysteria right now,” Electronic Frontier Foundation Legal Director Cindy Cohn told WorldNetDaily in response to Keegan’s proposal. “What worries me is that we might pass permanent restrictions on civil liberties and privacy in the heat of the moment that we’ll regret later.”
“It seems to me like people are overacting right now,” said Sonia Arrison, director of the Pacific Research Institute Center for Technology Studies. “This is a kneejerk approach.”
“What they are trying to do,” Arrison told WND, “is go back to a debate that happened in 1998, where government is trying to convince people they need backdoors built into encryption products as well as expansion of wiretapping authority.”
Confirming Cohn and Arrison’s assessment, such clampdowns as Keegan’s – minus cruise missiles, so far – are already afoot in the U.S. Congress.
Pushing for backdoor entry to encryption products, Sen. Judd Gregg, R-N.H., has called for an international ban on technologies that do not possess keys for government to decrypt encoded messages.
“This is something that we need international cooperation on and we need to have movement on in order to get the information that allows us to anticipate and prevent what occurred in New York and in Washington,” Gregg said Thursday, according to a copy
of his floor-speech remarks obtained by Wired’s Declan McCullagh.
And Gregg has an echo in the Bush administration.
In a press conference yesterday, Attorney General John Ashcroft said he would be asking Congress to pass a “comprehensive package” of antiterrorism legislation. Ashcroft’s desired legislation calls for “expanded electronic surveillance” that, in part, increases wiretapping powers of law enforcement.
Few details are known about Ashcroft’s proposal, except the timeframe – he wants Congress’ approval by week’s end.
If Ashcroft sounds hasty, compare his get-out-the-lead speed with the Senate’s total consideration for the “Combating Terrorism Act,” which passed late Thursday night.
Broadening telephone surveillance laws to cover the Internet, the Sen. Orrin Hatch-sponsored measure was amended to the gargantuan House appropriations bill, HR 2500, and passed with less than 30 minutes of debate – despite complaints from senators that they weren’t given time to read the bill.
Current statutes allow authorities to obtain suspects’ phone records via “pen-register” and “trap-and-trace” laws. The Hatch amendment extends those provisions, permitting law enforcement to garner suspects’ Net records from Internet Service Providers in much the same way.
Normally, expanding surveillance powers would bring all manner of naysayers out of the woodwork, privacy expert Michael Hyatt told WND, but in the aftermath of the terrorist attacks, “anyone who questions the government is considered anti-patriotic.”
Hyatt, author of “Invasion of Privacy” and host of MorePrivacy.com, points out that such expansion in federal snooping puts too much power and discretion in the hands of law enforcement, exposing law-abiding citizens to government spying.
“Government is the worst abuser of privacy rights on the planet,” said Hyatt. “You look at what they’ve done on their own websites – Sen. Thompson’s committee checked out a number of federal sites and all but a few were in violation of the FCC’s privacy recommendations for private corporations.”
“I don’t trust their record,” he said. “As long as the government has to recruit from the human race, there are going to be problems.”
Hyatt said that even with the advances federal law enforcement has gained toward more effective surveillance, “it hasn’t gained us any ground in war on drugs or money laundering.” What Hyatt says it has accomplished is bringing a wide swath of the citizenry under the gaze of government, regardless of any criminal involvement.
In the American legal system, the presumption of innocence dictates that the state should only be permitted to search or seize a person’s property with probable cause to implicate an individual in a crime.
As the founders spelled it out in the Fourth Amendment, “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”
Expanding electronic surveillance and mandating backdoor entry to encryption products, as Gregg wishes to do, essentially allows government access to secure communications regardless of guilt or probable cause.
“What it does,” said Hyatt, “is place every citizen in the position of being a suspect. There’s a presumption of guilt here that really makes me nervous.”
Recognizing the constitutional problems, some have contemplated ways around current Fourth Amendment restrictions. One such sidestep, according to Frank Sudia, co-founder of the CertCo encryption company, is a constitutional amendment adding the following language to the founders’ protection of “persons, houses, papers, and effects”:
Congress may require that information be stored and transmitted in a manner that remains within the reach of legal process.
“This does not insult the Fourth Amendment,” says Sudia. “It does not take away any liberty formerly possessed by the people, and merely restores meaning to a right held by governments since antiquity. It sets the needle back to the center.”
Others don’t see it Sudia’s way and find the idea ignorant of the way criminals behave; since terrorists strive to remain outside “the reach of legal process,” any such controls are basically meaningless.
“I don’t think it will work – whether there are backdoors or not,” said Arrison. “If you force manufacturers to include backdoors, everyone will know which products are secure – including the terrorists. The terrorists will simply use other means to encode communication.”
Arrison is not alone.
“You can’t monopolize or clamp down on ones and zeros,” said Cato Institute Director of Technology Policy Wayne Crews about the difficulty in regulating computer programming.
Notwithstanding Keegan’s threat of cruise missiles, he told WorldNetDaily, “If our government tries to clamp down here, crypto developers will just go out of country, and terrorists will still use crypto.”
“Take for example services like HushMail or ZipLip,” said Hyatt. “All those sites have to do is move their servers offshore, and they’ll offer encryption just as before” without the backdoor demanded by government.
Terrorists can also bypass traditional encryption with a technique called steganography. Directly tied to Osama bin Laden, as reported in February by USA Today, steganographers hide messages in places such as pornographic websites and sports chat rooms, where only clued-in viewers will know where and for what to look.
“The operational details and future targets, in many cases, are hidden in plain view on the Internet,” according to Ben Venzke of iDefense, a cyberintelligence company. “Only the members of the terrorist organizations, knowing the hidden signals, are able to extract the information.”
Going beyond crypto control as a method of dealing with terrorists, Hyatt suggests restructuring our foreign policy, while Arrison points out the need to rethink our intelligence gathering in efforts to thwart attackers.
“We’ve really dropped the ball in one very important area of national defense,” Arrison said, “and that’s human intelligence. We’ve been relying too heavily on high-tech systems. It’s like we’re trying to replace human intelligence with computer intelligence And those high-tech tools are not the only tools we can use – and we shouldn’t use just one tool.”
One way or the other, the solution to the use of encryption by terrorists, said Crews, is not clamping down on a communications and commercial tool so useful to the marketplace.
“Encryption not just used for sinister purposes,” said Crews pointing out its use in e-commerce, digital signatures and more.
“We don’t need to sacrifice civil liberties,” he said about the effort to limit crypto technologies. “There’s no need to do it. We can get that kind of authority now. There’s nothing that has to change. Get probable cause, get a warrant. If government had to get a warrant to go through your door in 1790, it should have to now.”
This is especially important Crews said, considering that the laws won’t deter terrorists as the criminals will simply use non-government-approved encryption products; people willing to hijack planes and plow them into buildings full of thousands of innocent people will most likely have little respect for hastily composed cryptography legislation.
“I think this issue [of government control] underscores the whole privacy debate,” Crews said. “It isn’t that we won’t be able to protect our privacy; it’s whether the government will ultimately allow it.”
If you’d like to sound off on this issue, please take part in the WorldNetDaily poll.