Why you should care about crypto
The folks who have been fighting over encryption exports wish they knew more people like my mom. She actually understands the debate.
It could be the 25 years she spent in Silicon Valley supervising computer chip manufacturing. Personally, I think her understanding has more to do with her current job at a major biotech company.
Mom has no doubt that a competitor would pay a pretty penny for access to her international company's trade secrets--which are secured by encryption when they are stored in digital form.
The Clinton administration's rules state that crypto exporters have to get a license to ship their products. And if the encryption is virtually uncrackable, the companies have to build into their systems a way to retrieve the keys that unlock the code. The FBI likes this arrangement, and some lawmakers want the same rules for encryption used within U.S. borders.
My mom doesn't. She opposes government mandates requiring that encryption export products have a "spare key" or that the key be stored with a third party (a practice known as "key recovery" and "key escrow," respectively). The government says this key would be used by law enforcement to unlock computer files when investigating a crime, but mom is pretty convinced that her company's practices are on the up and up. She's much more concerned about her stock options turning to dust if a rival gets hold of her company's intellectual property.
But the fact that she understands what's at stake--let alone has an opinion on it--makes my mother an extremely rare bird. The folks who have been fighting to relieve export limits on strong encryption wish they knew more people like her.
Privacy advocates have long hoped consumer education would help build pressure to change the Clinton administration's regulations or to persuade members of Congress to pass legislation to lift the export limits and prohibit key recovery. That hasn't happened.
So far, the bulk of the consumer educational efforts about encryption has been limited to a few nonprofits in Washington that also have to spend an enormous amount of time teaching lawmakers and other government officials about the issues.
Public education was supposed to have gotten a boost when the Americans for Computer Privacy (ACP) launched a campaign in April. The group is backed by a truckload of tech-savvy lawmakers, trade groups, and seasoned political consultants and funded by high-tech fat cats like Microsoft, America Online, and Oracle.
The ACP members said they would raise up to $15 million to pay for a national TV blitz to convince Joe Six Pack that encryption was as critical an issue as Social Security. The group fell short of its goal, raising about $5 million, and then began having closed meetings with the Clinton administration to broker a solution.
Commercials were produced for the ACP by Goddard-Claussen, but they have yet to air. One portrays a cat burglar decrypting a person's computer files, getting such confidential information as medical records and checking-account data. The other shows an older couple discussing how the government wants to get at their private files, a spot that bears a striking resemblance to the firm's famous "Harry and Louise" commercials that helped defeat Clinton's health care reform initiative in 1994.
The White House has yet to act, and some say the administration is holding the ball while the clock runs out.
"The fact is, we are at a stalemate in Washington. One way to change this is to try to get people outside the Beltway to care about this issue," a source close to the group said. "My mom doesn't understand the encryption issue. And until she does, we're not going to be able to get members of Congress to dis' the FBI."
If Congress plans to vote on encryption, the ACP says, it may kick-start its campaign. The group also says it has been making the media rounds, appearing on radio talk shows and lobbying.
But until more consumers can grasp this issue, the ACP and others who are working to reverse the crypto policy will most likely run into folks like my best friend, who is a teacher in rural town.
While explaining both law enforcement's and privacy advocates' crypto concerns to her on the phone last night, I relayed all the basic pitches:
The FBI is worried that terrorists or organized crime will hide their communication and files using unbreakable encryption codes. But consumer advocates say key recovery is no different from leaving a copy of your house key at the police station.
This went on for about 20 minutes. I mixed metaphors and drew hypothetical examples. And I was just trying to lay out the issue--I wasn't even taking a side. In the end, my friend favored law enforcement.
"If I was in trouble, I'd want the police to be able to open my front door," she said.
Of course, that raises the same point the privacy advocates are trying to drive home: Would you want them to use that spare key even if you weren't in trouble?