Donate Now Take Action Sound Off Email Alert Spanish Kreyol Contact Us Search Privacy Policy User Agreement Printer Friendly
ACLU of Florida logo
Home Our Issues News & Events Legislature & Courts Take Action Get Help About Join Now



Home » About » Newsletters » February 1997

Exaggerated Security Concerns Stifle Computer Science

By Executive Director Robyn Blumner

February 1997

During World War II, Alan Turing broke the encrypted communications of the Nazi's. By defeating the German Enigma code, Turing not only helped ensure victory for the Allies, he fused encryption and war forever in the national consciousness.

It is this historical memory that the Clinton Administration has unfairly exploited in its ongoing effort to limit the development and distribution of cryptographic technology. Although, the security of digital communications is no longer the sole province of generals and diplomats, President Clinton persists in claiming that encryption technology is a form of munition and can be precluded from export.

Computer scientists and mathematicians who specialize in the field of cryptography have been challenging the Clinton Administration's military characterization of their work, claiming restrictions on the dissemination of their research violates the first amendment. So far at least one court has agreed.

Although technically complex, the underlying concepts of cryptography are relatively simple. Encryption is a process of scrambling the contents of data or voice communication with an algorithm (a mathematical formula). A randomly selected variable associated with the algorithm, known as a "key" is used to scramble and then decrypt the communication. This key is a series of numbers which only the sender and receiver know. The greater the series of numbers, the stronger the security.

By using strong encryption, messages cannot be intercepted and, perhaps more importantly, cannot be repudiated. Both the sender and receiver knows with a mathematical certainty where the message came from and where it's going. Likened to a "digital signature," it verifies the authenticity of the communication and prevents either party from disavowing its receipt.

In terms of commercial use, this kind of security for digital transfers is becoming increasingly invaluable. With strong encryption integrated in systems internationally, industry can use electronic commerce to share proprietary trade secrets, confidential pricing information and personnel records with its subsidiaries around the world.

Highly personal medical and financial data is increasingly shipped in this format; and soon courts will be equipped to accept legal filings through this method. It is vital that these types of communications are wholly secure and that the source and destination of the transfer can be confirmed. If the Internet is to be used as the conduit for these data transfers then strong encryption isn't a luxury, it's a necessity.

Our government, however, is trying to scuttle the use and development of cryptographic technology. Under the Arms Export Control Act, the President has the power to control the export of defense material by designating it as a munition. The Administration has been using that power to claim both cryptographic software and scholarly research papers are munitions and therefore may not be posted on the Internet or published.

This desire to peek into otherwise private communications is being advocated by the intelligence community which sees encryption as a haven for international terrorists. Coded messages and money transfers, our spy agencies claim, may also be used by drug smugglers and others with a nefarious purpose.

But those rationales, as legitimate as they seem, fail to respond adequately to the countervailing interest for consumers and business in secured transactions. After all, a thief cannot steal an encrypted credit card number, or peer into a coded financial statement. In the balance, a stronger case for thwarting wrongdoing can be made by promoting encryption.

Of greater concern should be the fact that international researchers are generating ever more sophisticated cryptographic software. The U.S., until now the leader in emerging computer technology, is giving up its lead in this crucial area. As a result, we may be unprepared to respond to the encryption programming of the future. This will not only undermine national security but will put our computer industry at a competitive disadvantage.

Finally, it is a bit naive to believe that international terrorists don't already have access to encryption technology. Free cryptographic software is readily available on the Internet for anyone to download. Encryption limits will likely only incapacitate the lawabiding, doing damage to our computer industry and electronic commerce, without hindering international terror.

But beyond being impractical, the Administration's munitions regulations are a prior restraint on speech. Just because speech is highly technical does not exempt it from the protections of the first amendment. As Alfred C. Yen, Professor of Law at Boston College, wrote in the Emory Law Journal: "Just as a mathematics text or written music communicates to a specially trained group of readers, a computer program communicates to its own group of readers. When seen in this light, the first amendment implications of computer programs are no different from those of may other copyrightable texts."

Unfortunately, that's not how the government sees it.

When Daniel J. Bernstein, now a research professor at the University of Illinois, was a graduate student he developed an encryption algorithm he called "Snuffle." This zerodelay privatekey encryption system was described both in an academic paper entitled "The Snuffle Encryption System," and in a technical manual written in a highlevel programming language known simply as "C."

In 1992, Bernstein submitted his research to the State Department for a determination as to whether it could be censored as a defense article. He was informed that his writings met the criteria for a munition.

In response, Bernstein filed suit in a California federal court claiming that his first amendment rights were violated when he was precluded from publishing or communicating his ideas on cryptography. He claimed the regulations even prevented him from teaching college classes on the subject. This without any evidence that publication of the Snuffle algorithm would result in direct, immediate, and irreparable damage to our national security.

Without a showing by the government that our nation's security is imminently imperiled, no system of prior review, such as the munitions regulations, can stand. For example, in the Pentagon Papers case, the U.S. Supreme Court found that despite the government's claim that their publication would produce the death of military personnel and protract the Vietnam War, it could not prevent the publication of classified Defense Department studies sharply critical of U.S. policies in Southeast Asia.

Similarly, U.S. District Court Judge Marilyn Patel found in December that the State Department could not impose a prior restraint on much of Bernstein's scholarship. Unfortunately the victory was somewhat Pyrrhic. Following the ruling, in an intransigent slight of hand, the Administration merely transferred the munitions review process from the State Department to Commerce.

Despite the government's attempt to flout a court order, with similar cases wending their way through the federal courts, the question of whether encryption technology can be censored will soon be answered as matter of constitutional law. Irrespective of that result, however, it is probable that marketplace pressures will ultimately drive the government to give up its crusade against encryption. After all, civil liberties may routinely receive short shrift from President Clinton, but money rarely does.

February 1997 Torch
Newsletter Index