Building back doors into encryption protocols to prevent terrorism could have varied implications

In an age when the power of technology has risen at an amazing rate, it has also alarmed legislators on Capitol Hill. In the wake of the September 11 terrorist attacks, a host of restrictions to personal liberties have been proposed. One of them is the notion of providing the government with backdoors to all encryption technology. In other words, the government would require that all encryption products provide a master key to the encryption technology that would allow law enforcement (FBI, CIA) to decode any transmissions that used the encryption. Proponents believe that this would allow federal agencies to read terrorist communications and therefore have a greater ability to monitor their plans.

Encryption is used daily by businesses and consumers to send secure communications over the Internet. For example, logging into your bank account or making a purchase online is carried out using encryption so that your account numbers can not be easily stolen. Although encrypted communication could theoretically be decoded by an eavesdropper, it requires such an enormous level of computing that it is generally not feasible. The state of current encryption technology has advanced to the point where even the government with a few supercomputers at its disposal can not easily decode encrypted communications.

Leading the anti-encryption crusade is Senator Judd Gregg, a Republican representing New Hampshire. In a Senate floor speech, Gregg called for global back doors on encryption products. According to Gregg, We are in a new world and we have to give our law enforcement community more tools.

There has quickly been a strong response in the tech community questioning the dubious success of such a plan and the long-range impacts it might have. The first issue of contention is over whether or not back doors on encryption would succeed in the goal of monitoring terrorist communications.

According to a September 18 Reuters report, an FBI official stated that the hijackers used the Internet to communicate and that the emails were in English and Arabic, that there were hundreds of communications, and the emails were not just limited to the United States. The hijackers did not use encryption techniques, the official said. Therefore it is unlikely that government back doors on encryption technology would have helped prevent the attacks of September 11.

There has been speculation that terrorists may utilize stenography to send messages. Stenography is the technique of hiding messages in other forms - for example, messages can be disguised as images on eBay or pornographic sites. However, stenography is different from encryption because encryption involves the encoding of a message while stenography only implies the concealment of a message in another form (though both techniques may be used together to increase security). Senator Gregg has not mentioned stenography in regard to his planned bill. Stenography is an even trickier problem than cryptography because stenography can not be outlawed without restricting practically every form of speech. The crux of this comes down to the fact that if terrorists want to communicate securely, they will.

The government should focus on methods to detect communications (i.e., by using Web crawlers that analyze images for stenographic content) and infiltrate terrorist networks (possibly through the use of good old flesh-and-blood spies).

In addition to the fact that encryption back doors would likely be of limited usefulness, there are practical and ideological issues to consider. Requiring encryption products to contain, in essence, built-in flaws would result in insecure communications that could be compromised by outside parties. American businesses would be at a competitive disadvantage because they would be forced to produce insecure encryption products while foreign companies could produce secure products. Of course, in order for back doors to succeed, the United States would have to implement the plan on an international level. Other countries would have to be persuaded to adopt the same restrictions. Not only would this be difficult, it would likely be impossible to completely eliminate encryption products that did not contain government backdoors. Would a terrorist go buy new encryption software that the government has a key to? Certainly not. He would continue to use secure products that already exist, such as PGP (Pretty Good Privacy).

Surprisingly (or perhaps not, depending on your opinion), 72 percent of Americans believe that anti-encryption laws would be somewhat or very helpful in preventing a repeat of the September 11 terrorist attacks. This was the result of a poll conducted by Princeton Survey Research Associates on September 13 and 14. However, Simon Davies, director of human rights group Privacy International, wisely pointed out No one should ever trust figures collected in the aftermath of a disaster; people are confused and emotional and will be led easily by imagery.

Hopefully Congress will consult with appropriate industry experts before making any decisions about encryption standards over the Internet.