BOX 9.2

Encryption

For many years, strong encryption algorithms were the property and province of government, since the ability to generate good encryption algorithms and to build the machinery to employ those algorithms was prohibitively expensive for most corporations, let alone individuals. However, the combination of much faster computing machinery and the development of public-key cryptosystems (along with the expanded interest in other cryptographic systems) have brought within the abilities of an individual the capacity to encrypt all of his or her data in a way that makes it extremely difficult (or impossible) and costly for law enforcement agencies to read that data.

Such cryptographic techniques are no longer limited to computer-based communication systems. As more and more communication systems move to a digital base, it becomes progressively easier to apply the same cryptographic techniques used in computers to those other communication channels. Cell phones, which are now reaching the computational capacity found only on desktop computers as recently as 3 to 5 years ago, are now capable of performing reasonable-grade cryptography on voice communications.

One method to prevent criminal use of encryption would be to forbid private encryption, making the private possession of encryption devices an offense by itself. This is not feasible for two reasons. First, it would necessarily outlaw the legitimate applications of cryptography, such as those used to secure networks, enable safe electronic commerce, and protect intellectual property. Second, it would be largely impossible to enforce, since any general-purpose computer (including anyone’s desktop machine) can be programmed to provide encryption capabilities. Consider, for example, software cryptographic systems such as Pretty Good Privacy (PGP) that are easily obtained in open-source form and can be built and run by users with little technical sophistication, or commercial operating systems such as Mac OS X and Windows that include features that allow all of the user’s data to be encrypted (in the case of the MacIntosh, using a U.S. government-approved encryption algorithm). Utilities such as the secure shell (SSH) allow easy encryption of data over the network.

Historically, the U.S. government’s position on cryptography reflected the premises that drove the asserted need for national security access to data. By limiting the economic viability of developing strong cryptographic systems (by, for example, making it difficult for U.S. information technology vendors to export such systems), the spread of strong cryptography internationally was inhibited for many years, and this phenomenon had the collateral effect of inhibiting the domestic use of cryptography as well. Law enforcement considerations were much more prominent in the key escrow proposal, which the administration floated in the mid-1990s as an intermediate step between weak encryption and the widespread availability of strong encryption.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement