Homeland Security and you
Cryptography expert David Holtzman explains how the ambiguous boundaries of the Homeland Security Act guarantee that many things will get reported to the government that have nothing to do with terrorism.
It also carries the stronger marketing connotation of necessity, as in "we can't sell these gizmos without a killer app!" Without one, good technology often has to sit out the dance. Personal cryptography, one of these wallflower technologies waiting for over a decade, is now finally ready to rock. In this case, though, its killer app is not software, but the recently passed Homeland Security Act.
Part of this act legalizes and actually encourages ISPs to read their customers' e-mail and turn in anyone that they deem suspicious. The company must use a "good faith" effort to determine whether there is an "immediate threat to a national security interest." This shields them from litigation in the unlikely event anyone ever finds out they got ratted out. But the ambiguous boundaries of the bill guarantee that many things will get reported to the government that have nothing to do with terrorism.
Anyone who has anything to hide should be seriously considering a little crypto in their lives--even if they don't have anything to hide, but someday might. It doesn't have to be related to terrorism. This is also a good time to reflect on how often e-mail has been showing up as evidence in government cases, or that some of the damning Lewinsky notes published by the Starr investigation were deleted e-mails that she hadn't even sent.
Smart people are going to soon realize that sending a plain text e-mail through a commercial ISP is like misplacing a signed confession. This growing awareness will stimulate plenty of demand for encryption.
Cryptographic tools are inexpensive and they work. There are commonly available utilities that, once installed, will sign or encrypt e-mail, chat and IM sessions. Others use checksums--checks on the amount of data to make sure that it hasn't been altered--to make tamperproof files or steganography to hide information inside pictures or music. The best of these, like PGP (Pretty Good Privacy), open their source code for peer review, increasing the comfort of their users that a "back door" hasn't been slipped in.
Those old enough to remember the 1991 release of PGP might recall that it agitated military types more than if they had been handed a bowl of Pho by Jane Fonda at a Veterans of Foreign Wars meeting.
| Smart people are going to soon realize that sending a plain text e-mail through a commercial ISP is like misplacing a signed confession. |
The gotcha was that the encryption gadget incorporated an algorithmic lockbox, a government skeleton key for rummaging around in digital closets.
But the Clipper Chip sailed away with no one onboard and restrictions on crypto were loosened anyway. PGP and other personal encryption tools were relegated to the hope chests of the paranoid, along with tinfoil hats and Area 51 travel guides. After the novelty wore off, the complexity of using encryption easily overcame curiosity, because there was no compelling need, and it was cumbersome to install. The diehards who still digitally signed their e-mail started to seem a little, well, odd.
| Widespread acceptance of encryption will finally come about as a reaction to institutionalized data voyeurism. |
Cultural habits quickly change when accelerated by practical circumstances. Widespread acceptance of encryption will finally come about as a reaction to institutionalized data voyeurism. Some will revive the Clipper Chip debate and suggest that crypto be made illegal because it is antithetical to the spirit of Homeland Defense and perhaps a little bit subversive.
People who hide things must have something to hide, right? Damn straight.