But encryption technology in the hands of people bent on destruction can be deadly. Some believe the terrorists who attacked America organized via encrypted messages. Fear of this indisputable threat led to Sen. Judd Gregg’s (R-N.H.) new proposal to give government a “back door key” to encryption products. Similarly, calls for a national ID card exemplify new urges to shine a federal light on unknown individuals.
But government’s job is to restrict the liberty of dangerous criminals and enemies‐not to restrict the liberties of innocent citizens, or to treat everyone like a suspect. Proposed House antiterrorism legislation, the PATRIOT (“Provide Appropriate Tools Required to Intercept and Obstruct Terrorism”) Act, and the Senate’s USA Act, both seek a new law enforcement infrastructure that could be tapped to bolster surveillance of non‐terrorists. For example, the perpetrators of victimless crimes‐the pot smoker or gambler‐may find themselves under renewed scrutiny, but such is clearly beyond the stated intent of combating terrorism. New powers should apply only to terrorism, not to routine criminal investigations.
While surveillance can and likely will be enhanced to account for the new realities of instant electronic communications, the Fourth Amendment’s protections against unreasonable and warrant less searches need not suffer. For example, securing wiretaps for an individual, rather than separate ones for each phone, can make sense if requirements that judges approve wiretap requests are enhanced too.
But proposals to re‐regulate encryption, which could be added to Patriot‐style legislation, are the digital equivalent of seizing grandma’s nail clippers at the airport‐in the sense that terrorists would simply resort to illegal encryption. Congress debated encryption restrictions in the mid‐1990s, and decided that the benefits of readily available access to the technology outweigh the costs. Like proposals to mandate that everyone carry a national ID card, it’s a needless undermining of anonymity and privacy.
It’s important to remember that the root of the terrorist threat America faces does not lie entirely in cyberspace. Given the potential for weakening civil liberties often taken for granted, addressing shortcomings in America’s existing national security practices is at least as important as legislation broadening surveillance techniques and lowering legal barriers to their use.
Much went awry along a complex chain of events that resulted in four sets of hijackers slipping though security and commandeering planes from three different airports. Many warning signs went unheeded, and many sensible precautions were ignored. Slipups have included individuals working in airport security roles without thorough background checks; evidence of inside jobs (such as knives pre‐planted on airplanes); knowledge that individuals under observation were undergoing flight training at U.S. schools; warnings years ago of hijack/bombing schemes; and a lapsed sky‐marshal program.
In that light, fighting encryption is a misplaced priority. Despite the intense Internet privacy debate of recent years, the real dispute isn’t whether privacy is achievable-it’s whether government will allow it where the capability finally exists. Encryption is essential not just for keeping intact a pure version of the principle of free speech, but for such “mundane” needs as private communication, secure commerce and business‐to‐business exchange. We rely on encryption when entering our credit card numbers on Web sites. Restrictions would damage the security of America’s financial systems, making it easier for the everyday hacker, let alone terrorist, to invade personal information and tinker with the financial infrastructure itself. Encryption could ultimately form the basis for digital money.
One of the imperatives in combating terrorism is to secure sensitive and critical systems from attack. Since encryption happens to be essential for companies and individuals to protect themselves, misguided legislation undermining it hampers sensible, private security measures. It also undercuts broader efforts by the government to protect “critical infrastructure.” As cryptography legend Whitfield Diffie told the New York Times, “Attempts to control the use of cryptography and other security measures will make the development of improved command and control networks more difficult and may impede this task by limiting the people who can contribute to approved government and contractor personnel.”
The encryption genie is out of the bottle. Not only can malevolent programmers create their own strings of ones and zeros capable of encrypting communications, so can legitimate companies overseas. And requiring the deposit of an encryption “key” at a central governmental location creates a “honey pot” for hackers to attack, reducing our security. Encryption legislation to deliberately reduce our privacy would have been unthinkable only recently given widespread concerns over privacy. As Rep. Bob Goodlatte (R‐Va.) pointed out, we need more encryption, not less.
Encryption also protects intellectual property, upon which an increasing share of America’s wealth creation depends. Digitization invites piracy, as the Napster episode demonstrated. New encryption techniques are critical to future digital distribution of books, movies and music. While no fan of entertainment company efforts to lock up their content, Columbia University professor Eben Moglen noted that back door access that weakens the ability for creators to profit from intellectual works is a risk.
Moreover, encryption plays a key role in the struggle for human liberty itself. It has aided political dissidents shielding themselves from brutal governments, helping democracy and individual liberty flourish overseas. Surely it’s preferable that terrorists are forced to change their behavior, while we retain our openness, and freedoms of mobility and interaction. Regulating encryption could encumber us far more than the terrorists, who can still encrypt as well as use other means of communication. Terrorists can use face‐to‐face contact, human messengers, compose messages in free email accounts (perhaps sharing a password instead of sending the message), or conceal messages in pictures and other files. As one researcher noted, “From a terrorist point of view, the fact that you are using encryption at all will draw attention.” Encryption may not be essential for terror, but it is essential for our advanced economy.
We’ve always been counseled not to make important decisions in the heat of the moment. Privacy’s importance to Americans and the threat to our Bill of Rights that surveillance, anti‐encryption, and ID legislation can pose are plain. Congress is a deliberative body that must carefully weigh permanent changes impacting hard‐won rights to anonymity and privacy. At the least, sunsetting the provisions of anti‐terrorist legislation that have implications for civil liberties is sensible. The Patriot Act and related legislation must embody the patriotic values intended.