Digital Privacy


The Ethics of Encryption



The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated; and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched and the persons or things to be seized (United States, Fourth Amendment).


Overview


Introduction

Privacy. It is supposed to be protected under the Fourth Amendment of the United States Constitution, right? Think again. Recent events have precipitated a Constitutional crisis in America, jeopardizing every citizen's basic right to personal privacy. Before the advent of the electronic age, it was customary for confidential documents to be placed under lock and key. Physical access was required to obtain these contracts, letters, or reports; as a result, if law enforcement agencies suspected a private party of some illegal activity, a request for a search warrant would be made. Upon the issuing of such a warrant, these agencies could then "legally" search and seize. Now, however, with computers becoming a larger part of everyone's daily lives, the distinction between the tangible and the intangible has begun to break down. Unprecedented powers in data communications are being realized; today, people conduct business transactions and communicate with others through the vast universe of zeros and ones. In addition, there has been a growing movement toward electronic storage of confidential and public documents. Within this electrosphere, never has it been easier to intercept and gain access to information once belonging to the realm of paper. Data flowing on tomorrow's information superhighways will need to be protected, but the question remains as to how this will be handled and by whom. Recent government initiatives attempt to solve this problem; however, their "solution" contains an alarming threat aimed at the very core of the Constitution--personal privacy. If personal privacy in the United States is entirely compromised or outlawed, this country will have taken its first step towards its own dissolution.

If we put the desires of the police and the government ahead of the rights of citizens often enough, we may find that we are living in a police state. We must ensure that these rights, recognized by law, are supported rather than undermined by technology. While some members of the government and other concerned watchdogs of society may consider it unethical to allow criminals and "enemies of the state" access to impenetrable encryption, there are many law-abiding citizens that justifiably consider it equally unethical to allow the government "back-door" access to their private correspondence and business transactions. This poses an interesting dilemma for traditional ethical theories: "When does the pursuit of national security begin to infringe upon the rights of the individual?" Deontological and utilitarian theories of ethics differ in their approach to this dilemma. Should the government succeed in its attempt to enforce its encryption standard, some of the rights of the individual would be compromised for the sake of the utilitarian good.


The Clipper Chip: Pros and Cons

The Government is entering the digital age by promoting to individuals and businesses the use of an encryption chip called Clipper. Encryption is the art of enciphering a message, rendering it unreadable to anyone but the intended recipient. Clipper is a computer chip that will be incorporated into various telecommunications devices--telephones, fax machines, and modems. When two Clipper machines successfully connect with each other, the sending machine will encrypt the data--a voice, fax, or data file; upon receipt of the data and the special key needed to decrypt, or unlock, the message, the receiver's machine will decipher the data--this complex process will be hidden from the user. The encryption algorithm that the Clipper Chip uses, known as Skipjack, is currently classified by the government. The National Security Agency, NSA, states that the Skipjack has been developed and tested over the past ten years. They, however, refuse to allow release of the algorithm for review by the civilian intellectual community; hence, one must take the government's word on Skipjack's reliability and robustness. The Clipper Chip and Skipjack are integral parts to the Escrow Encryption Standard, a government proposal for the new Federal Information Processing Standard (FIPS). EES will replace the aging Data Encryption Standard, DES, as the preferred method for encrypting sensitive, unclassified data. EES, the government states, will offer people secure telecommunications capabilities in tomorrow's digital age.

Given this description of Clipper, one might wonder why there is such an uproar concerning it. The reason why many people and organizations across the country are diametrically opposed to Clipper is that each machine's special encryption/decryption keys will be held in escrow by the government. For each Clipper Chip manufactured, there will be two keys created; one key will be placed within the Clipper Chip and another identical one will be split into two components that must be recombined in order to decrypt communications. Entrusting them to two separate agencies ensures that someone who has knowledge of one key component cannot make decryption any more feasible without knowing the other one (United States, Dept. of Justice, Attorney General). The government has designated that the National Institute for Standards and Technology (NIST) and the Automated Systems Division of the Department of Treasury will be the two escrow agencies for Clipper keys. With reasonable suspicion and a court order, law enforcement agencies will be able to retrieve the two components of someone's Clipper keys to have instant access to his or her digital information traffic. Government officials assure the critics of Clipper that only with proper authorization and documents will the FBI or other agencies be provided with the electronic keys necessary to tap into one's digital information flow. However, nestled at the end of their authorization procedures' documents is an interesting statement:

These procedures do not create, and are not intended to create, any substantive rights for individuals intercepted through electronic surveillance, and noncompliance with these procedures shall not provide the basis for any motion to suppress or other objection to the introduction of electronic surveillance evidence lawfully acquired (United States, Dept. of Justice, Authorization Procedures).
Put simply, if the government does not follow its own rules, evidence not "lawfully acquired" would not be suppressed or dismissed in a court of law.

But should the government be putting the "good of the country", whatever they interpret that to mean, ahead of its citizen's rights? Immanuel Kant's ultimate principle of ethical behavior states that one should "Act in such a way that you treat humanity, whether in your own person or in the person of another, always at the same time as an end and never simply as a means" (Kant P. 36).

History tells us that the government is often inconsistent in its assessment of what comprises a bona-fide threat to national security, as the details of the Steven Jackson Games case discussed later in this paper show. Government and ethics do not always go hand-in-hand; and where technology has the capacity to support individual rights, should the government suppress the use of that technology because it could be abused by criminals? Past U.S. Government officials have, in certain cases, acted unethically. The unjust actions of J. Edgar Hoover and the Joseph McCarthy "witch-hunts" are prime examples. Hopefully, we have learned from our history and will keep a watchful eye on our government to keep such abuses in check.

There are many organizations that are dedicated to protecting privacy rights as America goes digital. For instance, the Electronic Frontier Foundation (EFF), founded in July, 1990, is committed to ensuring "that the principles embodied in the Constitution and the Bill of Rights are protected as new communications technologies emerge" (EFF, General Information). Mitch Kapor (1), chairman and co-founder of the EFF, believes that this emerging data superhighway will bring forth questions of paramount importance regarding Constitutional rights. He states:

We founded the Electronic Frontier Foundation (EFF) based on a shared conviction that a new public interest advocacy organization was needed to educate the public about the democratic potential of new computer and communications technologies and to work to develop and seek to implement public policies to maximize freedom, competitiveness, and civil liberty in the electronic social environments being created by new computer and communications technologies (Kapor).
Even so, numerous legal precedents are being created, potentially allowing the government to infringe on basic privacy rights without legal reprisal. In 1991, the Rehnquist Court declared that "in the presence of 'probable cause'--an inviting phrase--law enforcement officials could search first and obtain warrants later" (Barlow 17). This conflicts with the Fourth Amendment's declaration that law officers must first obtain warrants before searching and seizing. Such rulings are now threatening the electronic realm. It is conceivable that law enforcement agencies could begin routinely probing everyone's electronic mail--with probable cause, of course. In light of these recent events, some have suggested that the Fourth Amendment be recast as follows:
The right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures, may be suspended to protect public welfare, and upon the unsupported suspicion of law enforcement officials, any place or conveyance shall be subject to immediate search, and any such places or conveyances or property within them may be permanently confiscated without further judicial proceeding (Barlow 18).
In a speech at the Superhighway Summit at UCLA, January 11, 1994, Vice President Gore justified government policy concerning privacy with the following statement: "We'll help law enforcement agencies thwart criminals and terrorists who might use advanced telecommunications to commit crimes" (Gore, Remarks).

The government is stating that Clipper will be solely a voluntary choice and standard for data encryption. They assure us the Escrow Encryption Standard will help to preserve national security by allowing law enforcement organizations, with proper authorization, to tap into the possible communications of drug traffickers, terrorists, and other criminals. "Encryption is a law and order issue since it can be used by criminals to thwart wiretaps and avoid detection and prosecution. It also has huge strategic value. Encryption technology and cryptoanalysis turned the tide in the Pacific and elsewhere during World War II" (Gore, Statement of the Vice President). However, if Clipper will be a voluntary standard, what is going to stop "criminals" from using alternative forms of encryption? After all, FBI and NSA representatives, on a visit to Bell Labs, stated that they expected to catch "only the stupid criminals" through the escrow system (Blaze). In some respects, it seems counterintuitive that the government has not expressed any thoughts restricting or even banning the use of alternative encryption systems.

Perhaps by appealing to industry's sense of utilitarian good, along with some persuasive arm-twisting, the government can effectively force the computer industry to adopt a restricted encryption standard. It might appear that a unique technology standard would inhibit our trade relations with the rest of the world-- many believe that such stubbornness led to the demise of the U.S. motor industry in the 70's and 80's and that a similar fate lies in store for our software industry should we insist on a different standard of encryption from the rest of the world. However, upon further examination, we see that it is not unprecedented for different countries to have different technological standards. One only has to travel abroad and try to plug in a hair dryer in a foreign hotel or drive a rental car on the other side of the highway to quickly realize that countries can trade despite grossly incompatible standards. Moreover, the issue is not only a business one; it is also one of privacy and of national security. We should realize that all sides have something to lose if one form of encryption policy, be it restricted or unrestricted, is decided upon over the other.

The main concern of the American government is that both internal and foreign subversives will use un-crackable encryption to undermine national and international security. Furthermore, it does not seem logical that the privacy of the on-line community should be any more sacred than that of those using any other current form of communication. In fact, the internet poses a new problem for national security since it has the power to unite so many people so quickly. Should enough people decide to conspire to threaten the status-quo and utilize this new technology, the government could be rendered powerless to combat them assuming that their communications were un-detectable. Since it is in the national interest to prevent crimes against the state, the government must retain the power to do so. According to the Greatest Happiness Principle of utilitarian theory, we should:

Do that act which produces the greatest balance of happiness over unhappiness, or, if no act possible under the circumstances does this, do the one which produces the smallest balance of unhappiness over happiness (Erhmann P.28).
In light of the Oklahoma City and World Trade Center bombings recently, such concerns are not entirely unwarranted.

Before deciding to enforce Clipper on the country and all who do business with us, however, we must consider the possible benefits and drawbacks. The basic tenet of utilitarian ethics holds that choosing an action to promote the maximum happiness at the cost of limited unhappiness (loss of rights for some) is the right thing to do, and thus would justify the use of restricted encryption. However, before we go ahead and sacrifice the rights of anyone, we should have a strong measure of confidence that the benefits we are getting in return justify the loss of rights of the few. We must also consider that it might be the case that "by outlawing unrestricted encryption, only the outlaws will get to use it," which some have suggested will inevitably happen. In this case, the government would have failed in its purpose.


Other Encryption Alternatives

There are, of course, other encryption alternatives besides Clipper. Over the years, scientists have devised various mathematical algorithms to encrypt information. Some of the more popular forms of encryption include single-key, public-key, and hybrid systems. Single-key, or conventional, has been widely used for countless years. It relies on a single key to perform both the encryption and decryption operations. For example, suppose one received the encrypted message, "Zrrg zr abba gbqnl ng gur cvre!" along with the special decryption key, "Add or subtract 13 from each letter to get the correct sentence." Thus 'g' becomes 't,' 'r' becomes 'e,' and so on. Decryption would render the encrypted file into plaintext, or unencrypted dataŃ"Meet me noon today at the pier!" Examples of conventional cryptosystems include, DES and the International Data Encryption Algorithm (IDEA).

As the old adage claims, "A chain is only as strong as its weakest link." With conventional encryption, somehow the key must be transmitted securely to the intended recipient. If the two parties are using secure means to transmit keys, why would there be a need to encrypt the data? Use of conventional encryption is often more trouble because of the added hassle of transferring keys to and from recipients. Public-key cryptography is a relatively new form of cryptography that is becoming more and more popular among the public and private sector. This form of encryption solves the need for secure channels in key distribution by using two complementary keys for encryption and decryption--a public and secret key. A person's public key can be distributed freely to anyone who wants to encrypt data to him. The secret or private key is used to decrypt data that is encrypted using one's public key. The secret key can also sign messages, creating, in effect, digital signatures; the public key, then, is used to verify messages with electronic John Hancock's. The standard today for public-key cryptography is the RSA algorithm.(2)

The strength of the encryption systems depend on the algorithm being used. For instance, the aforementioned DES algorithm, created by IBM and the NSA in the 1970s, uses a 56-bit key size, meaning there are 256 possible combinations of keys that can be used to encrypt and decrypt data. Advances in computer technology today now make it possible, by brute force (3) cracking, to break a particular DES encrypted message in a few days. These advances represent some reasons as to why the Clinton Administration and the NSA are strongly pushing for Clipper--as DES nears the end of its useful life, there will be a need for new ways to protect sensitive data. Another example of a conventional algorithm is the International Data Encryption Algorithm, IDEA. It uses a 128-bit key, which means it would require years or decades to crack an IDEA encrypted message with brute force cracking. Keys used in public-key cryptography are often large in size--some use 1024-bit keys; as a result, cryptoanalysis, the field of mathematical analysis of encryption algorithms, is used. Without resorting to brute-force methods, scientists look for mathematical loopholes in encryption algorithms that would make them easier to break. Thus far, IDEA has resisted cryptoanalytical attacks far better than DES or other conventional ciphers.

The use of large key sizes in public-key cryptography makes for slow and unwieldy encryption systems; Phil Zimmerman, the author of Pretty Good Privacy (PGP), a freely available though supposedly illegal piece of encryption software (4), states that "a really good conventional cipher might possibly be harder to crack than even a 'military grade' RSA key. But the attraction of public key cryptography is not because it is intrinsically stronger than a conventional cipher--its appeal is because it helps you manage keys more conveniently" (Zimmerman, PGP Manual). Recently, a new type of cryptosystem has been appearing that combines the speed of conventional encryption with the superior key management abilities of public-key cryptography--hybrid cryptosystems. Basically, these systems work by initially encrypting a message with a conventional single-session key, one that is sufficiently large enough to resist cracking yet small enough to be fast and efficient at processing data. This session key is subsequently encrypted with the recipient's public key. This method of encryption is ideal because it offers a compromise between speed and security. Use of a strong single-key encryption algorithm, coupled with a public-key system can result in near-military grade cryptographic tools, the best of both possible worlds. PGP and another product called RIPEM both use variants on the RSA algorithm for public-key encryption. They differ, however, in their use of a conventional cipher for data encryption--PGP makes use of the IDEA algorithm for conventional encryption while RIPEM uses DES for encrypting data.


The Clinton Administration Policy: Rants and Raves

The Clinton Administration assures the public that other encryption products on the market today will coexist "peacefully" with Clipper. However, the government, is taking steps to make other cryptographic methods less appealing. Strict export restrictions on strong cryptographic tools will restrict the usage of all cryptography other than Clipper, for those wishing to communicate beyond the U.S. Also, by saturating the market with Clipper--enabled devices within the next few years, the government hopes that Clipper will become the standard for "secure" data transmissions--in the United States and hopefully abroad as well. Granted, this could pose somewhat of a hurdle to international trade. For example, what would foreign businesses think if they were obliged to use Clipper just to communicate with their U.S. counterparts? Worldwide communication with Clipper could be monitored with the same ease and efficiency as with any domestic device. In a rather Henry Fordian tone, the government seems to be saying, "You can have any encryption product on the store shelves, so as long as it's Clipper."

In fact, strong cryptosystems are considered as munitions under current policy, meaning they are illegal to export without proper authorization from the Secretary of State. Thus, when U.S. software companies create certain types of software for export, they have to create two products, one with encryption capabilities for U.S. usage only and one for export (with encryption disabled) (5). Stephen Walker, founder and President of Trusted Information Systems (6) argues:

The stakes for the software industry are high. The U.S. holds 75% of the global market for packaged software. Most software companies make 35-40% of their revenue from exports; for some companies exports are as much as 50% of their business. When demand for cryptographic products is increasing, export restrictions essentially place an "earnings cap" on U.S. software publishers... Those seeking improved privacy protection argue that encryption is needed to support worldwide business operations and good quality cryptography is already available worldwide. Continuing U.S. Government restrictions are only penalizing U.S. users with inferior U.S.--developed security products and limiting U.S. industry from participating in a rapidly growing international marketplace (Walker).
Walker further states that competing data scramblers from private companies are being stymied by the government. For example, AT&T currently sells secure telecommunications devices using either DES or some other proprietary encryption algorithms. These products are manufactured in Switzerland and are imported into the United States (7) for sale. However, if one of these devices break, they cannot be returned for repair to the manufacturer due to these export restrictions (Walker).

In support of the Clinton administration's policies, Dr. Dorothy Denning, a professor of computer science at Georgetown University, believes that government sponsored data encryption standards are the only way to help preserve one's privacy and uphold the law against criminals. She fears that opening up U.S. markets for encryption products will result in total chaos. Terrorists and other criminals will use strong unregulated encryption products to plan events such as the recent bombing of the World Trade Center. In Newsday, Denning writes:

If the opponents get their way... all communications on the information highway would be immune from lawful interception. In a world threatened by international organized crime, terrorism, and rogue governments, this would be folly. In testimony before Congress, Donald Delaney, senior investigator with the New York State Police, warned that if we adopted an encoding standard that did not permit lawful intercepts, we would have havoc in the United States."

Encoding technologies, which offer privacy, are on a collision course with a major crime-fighting tool: wiretapping. Now the Clipper chip shows that strong encoding can be made available in a way that protects private communications but does not harm society if it gets into the wrong hands. Clipper is a good idea, and it needs support from people who recognize the need for both privacy and effective law enforcement on the information highway (Denning).
Denning concedes that the thought of the FBI wiretapping her communications is as appealing to her as having them search and seize anything in her home; however, she argues that the Constitution does not give people absolute privacy from court-ordered searches and seizures. She believes that lawlessness would prevail if unbreakable encryption were readily available to the public. Denning is placing trust in the government not to abuse the powers vested to them; in other words, she presumes the government will not illegally tap into "law abiding" citizens' information network. In exchange, criminals using these "voluntary" encryption mechanisms will be caught, thus preserving national security. However, we can trust the government only as far as the people that comprise it. We must always be vigilant of our leaders, because if high-ranking officials within the administration cannot be trusted, we would be foolish to place our private lives into their hands. It is conceivable that the greatest threat to national security could not lie within the people, but within the government itself!

Will national security be compromised if everyone were allowed unlimited use of strong, unregulated encryption products? Intuitively, this would seem to be the case. It is true, though, that some hold a different view. John Gilmore (8) states:

I don't think so. We are not asking to threaten the national security. We're asking to discard a Cold War bureaucratic idea of national security which is obsolete. My response to the NSA is: Show us. Show the public how your ability to violate the privacy of any citizen has prevented a major disaster. They're abridging the freedom and privacy of all citizens--to defend us against a bogeyman that they will not explain. The decision to literally trade away our privacy is one that must be made by the whole society, not made unilaterally by a military spy agency (qtd. in Levy 58).
In November, 1992, John Gilmore, an ex-Sun Microsystems employee, became entangled with the National Security Agency (NSA) when he attempted to release "confidential" documents on cryptography that he found in a library. The NSA notified him that distribution of these documents was in violation with the Espionage Act, meaning a possible ten year prison sentence for him. Gilmore subsequently challenged "the NSA's refusal to follow the Freedom of Information Act's (FOIA) protocols in releasing requested documents" in court. He, worried about a surprise search and seizure by the government, hid copies of the document and had an article on his story published in the San Francisco Examiner. Two days later, the NSA "officially" declassified the texts (Levy 58).

In a speech, John Gilmore presents some of his thoughts on Congress's technology policy:

The Executive Branch is already advocating broad wiretapping, and banning of privacy technologies, and they don't even own the network. If the government owned the network, there'd be no stopping them... If Congress truly believes in the Bill of Rights, it should get the hell our of the networking business and stay out of it... Privacy and authenticity are key to reliable and trustworthy social and business interactions over networks (qtd. in Levy 58).
Not everyone has been as lucky as Gilmore in avoiding the sudden and forceful wrath of the government intrusion. Numerous incidents of unreasonable searches and seizures by the government and law enforcement can be cited, leading some to argue that the statute protecting individuals against unlawful searches and seizures in the Fourth Amendment no longer applies (Barlow 17). Those working at Steve Jackson Games could not agree more. On March 1, 1990, SJG, an Austin, Texas, based producer of fantasy role-playing games (FRPG), was raided by Secret Service agents. These agents believed SJG was producing a computer hacker handbook; in fact, SJG was creating a computer hacker handbook... for one of their board games. However, the Secret Service saw this as a pernicious threat to "national security." As a result, the FBI took every last scrap of electronic equipment--computers, disks, and business records; at the time of the raid, no mention was given as to why SJG was being searched and their equipment seized. With the help of the EFF and after a lengthy lawsuit, the Secret Service returned some of the original equipment and manuscripts confiscated, but left no official apology to Steve Jackson Games. In the interim, the company nearly went bankrupt, and Steve Jackson, the company founder and President, was forced to lay off over 50% of his employees to keep the company financially afloat. Not only has the Fourth Amendment been quietly dusted underneath judicial decisions, but the Fifth Amendment has met a similar fate as well. Innocent till proven guilty? John P. Barlow, co-founder of the EFF and an outspoken critic on government's technology policy offers today's Fifth:
Any person may be held to answer for a capital, or otherwise infamous crime involving illicit substances, terrorism, or child pornography, or upon any suspicion whatever; and may be subject for the same offense to be twice put in jeopardy of life or limb, once by the state courts and again by the federal judiciary; and may be compelled by various means, included the force submission of breath samples, bodily fluids, or encryption keys, to be a witness against himself, refusal to do so constituting an admission of guilt; and may be deprived of life, liberty, or property without further legal delay; and any property thereby forfeited shall be dedicated to the discretionary use of law enforcement agencies (Barlow 19).


Ethical Considerations

Encryption and the right to privacy go hand in hand with every American citizen's basic rights. In creating the Bill of Rights, the founding fathers explicitly placed obstacles in front of the government to allow for such freedom as privacy, speech, and religion. Over the years, the government has sought to refine and positively add to the Bill of Rights with various legislative actions. In fact, in an interview, Vice President Gore is quoted:

And sometimes the automatic assumption that you can simply create a new technology to solve a problem like that actually moves you farther from the solution rather than closer to it. We certainly see this in environmental problems where what I've called... 'technological hubris' can create more problems than it solves (Gore, Interview).

So we must be extremely careful in finding a solution to this problem that we actually make responsible and informed choices and that we not get entangled in the so-called hubris. For example, we have been repeatedly reminded of the nightmare scenario where Clipper does not seem to be safeguarding our privacy, but instead provides the government with an electronic surveillance camera aimed straight at every citizen's digital information. The government, with reasonable cause, of course, will know where we are, what we are doing, and with whom we are dealing. If the Big Brother has his way, it shall soon become possible, with a single flick of a switch, to instantly gain access to all of the digital information flow into and out of the United States. The network of surveillance that the government wants to install could be a move to reduce the rights of an individual to personal privacy to dust (Banisar).

Indeed, if we were ever to fall prey to a totalitarian government, encryption privacy would be an invaluable tool in the fight for regaining our freedom. Phil Zimmerman, the creator of PGP, brings this point graphically to life by quoting an electronic mail (e-mail) message he received from a Latvian, at the time of Boris Yeltsin's attacks on the Russian Parliament:

Phil I wish you to know: let it never be, but if dictatorship takes over Russia your PGP is widespread from Baltic to Far East now and will help democratic people if necessary. Thanks (Zimmerman, Testimony).

It is best, though, to keep things in perspective. While alarmists and conspiracy theorists might spread horrible tales of gloom and doom that suggest otherwise, we should remember that we do in fact live in a democratic society. Throughout the course of our country's history, we as a nation have decided that our law enforcement mechanisms should be empowered to search our possessions and monitor our phone communications, if a judge determines that it is necessary and appropriate. We have relinquished absolute personal freedom in exchange for protection from unscrupulous individuals who could harm ourselves and others.

And since we live in a society where absolute personal freedom doesn't exist, and never actually has, it seems fallacious to claim that we should in fact have that right in cyberspace. While it is important for citizens to keep a watchful eye on the government and keep it from abusing its power, it nevertheless seems quite narrow-minded and irresponsible to always consider the government to be the enemy who is just waiting to harm us as soon as it gets the chance.

Ethically speaking, it seems that the greatest good for the greatest number of people is realized when the citizens of this nation can live secure in the knowledge that their government will be able to combat and punish any attempt to harm them. Moreover, people should always be treated as means and not ends, and when this doesn't happen there needs to be some body (i.e. the government) which has the power to step in and make things right.


Conclusion

So we have seen that the issue of digital privacy is a complex one indeed. On the one hand, we must be vigilant to keep our society from turning into an futuristic Orwellian nightmare in which the government monitors our ever move. However, at the same time we must invest some trust in our government and allow it the ability to intervene and enforce the law in situations where it is broken. Thus, while the Clipper Chip has its flaws (as any number of its detractors will vehemently point out), it seems that allowing the government some mechanism to enforce the law is the best solution that we can have to preserve both our society and the rights of the individuals that comprise it.


Works Cited

Banisar, Dave. CPSR Alert. 13 Jan. 1994: n.p. USENET: comp.society.privacy.

Barlow, John Perry. "Bill O' Rights." Mondo 2000. January, 1994: 17-19.

Blaze, Matt. "Notes on key escrow meeting with NSA." 2 Feb. 1994. USENET: alt.privacy.clipper.

Denning, Dorothy Elizabeth Robling. "The Clipper Chip Will Block Crime." Newsday: n.p. USENET: alt.privacy.clipper.

Electronic Frontier Foundation. EFF Announces Its Official Policy on Cryptography and Privacy. N.p.: EFF, 8 Dec. 1993. ftp.eff.org file.

Electronic Frontier Foundation. General Information About the Electronic Frontier Foundation. N.p.: EFF, n.p. ftp.eff.org file.

Electronic Frontier Foundation. EFF Wants You (to add your voice to the crypto fight!) N.p.: EFF, 7 Feb. 1994, n.p. USENET: alt.privacy.clipper.

Erman, M. David, et al. Computers, Ethics, and Society. Oxford University Press, 1990.

Gore, Al. Interview. By Lawrence J. Magid. Microtimes 8 Feb. 1994: 26-31.

Gore, Al. Remarks (as prepared). Royce Hall. University of California Los Angeles. 11 Jan. 1994. ftp.eff.org file.

Gore, Al. Statement of the Vice President. White House: Office of the Vice President. 4, Feb. 1994. ftp.eff.org file.

Kant, Immanuel. Metaphysical Principles of Virtue. Handout #5,

CS201. Prof. E. Roberts ed.

Kapor, Mitchell. Testimony. "Telecommunications Infrastructure Legislation And Proposals." Telecommunications And Finance House Energy And Commerce Committee. Washington DC, 24 Oct. 1991. ftp.eff.org file.

Levy, Steven. "Crypto Rebels." WIRED May-June 1993: 54-61.

United States. Fourth Amendment. ftp.eff.org file.

United States. Dept. of Justice. Authorization Procedures For Release Of Encryption Key Components. Washington, DC: N.p., 4 Feb. 1994. USENET: alt.privacy.clipper.

United States. Dept. of Justice. Attorney General Makes Key Escrow Announcements. Washington, DC: N.p., 4 Feb. 1994. USENET: alt.privacy.clipper.

Walker, Stephen T. Testimony. Subcommittee on Economic Policy, Trade and Environment Committee on Foreign Affairs U.S. House of Representatives. Washington DC, 12 Oct. 1993. ftp.eff.org file.

"Chipping Away At Privacy?" Washington Post. 30 May, 1993 H1, H4. USENET: alt.security.clipper.

Zimmermann, Philip, et al. PGP. Vers. 2.3. Computer Software. N.p., 1993. soda.berkeley.edu file.

------. Testimony. Subcommittee on Economic Policy, Trade and Environment Committee on Foreign Affairs U.S. House of Representatives. Washington DC, 12 Oct. 1993. ftp.eff.org file.


Notes


1

Mitch Kapor is probably best known as the founder of Lotus Development Corporation. They have developed the best-selling spreadsheet software program Lotus 1-2-3 and numerous other products.

2

RSA stands for the names of its creators: Rivest, Shamir, and Adleman. Patents for the RSA algorithm are held by Public Key Partners (PKP). PKP subsequently licensed RSA to RSA Data Security, who sells its privacy and authentication products to businesses such as Apple, Microsoft, and AT&T.

3

Brute force cracking involves using computers to try using all possible combinations of passwords to break an encrypted message.

4

PGP is considered, in the United States, illegal because it violates export law and certain patents held by RSA. Nevertheless, PGP has garnered quite a following in the United States and across the world. Incidentally, the RSA patent holds only in the US and Canada, meaning users in Germany or England can use PGP with impunity

5

Or, these software companies don't even create two separate products, but a single one lacking encryption capabilities.

6

Trusted Information Systems, Inc. (TIS) is a ten year old firm specializing in research, product development, and consulting in the fields of computer and communications security (Walker).

7

Strangely enough, while the United States restricts the exportation of strong encryption products, it does not restrict the importation of strong encryption products.

8

John Gilmore is also a co-founder for the Electronic Frontier Foundation.


This project was completed by Lester Dorman, Phil Lin, Adam Tow, and Stanford University