Encryption Can't Be Limited

Thu Sep 27 09:02:14 EDT 2001

Wherein the Wall Street Journal realizes, once again, that financial
cryptography is the only cryptography that matters, and that if you kill
crypto you kill financial crypto as well -- and, I would say, finance along
with it.

Cheers,
RAH

http://interactive.wsj.com/archive/retrieve.cgi?id=SB1001458580550103280.djm&template=printing.tmpl

September 25, 2001

Tech Center

Encryption Can't Be Limited, Experts Say
In Setback for Lawmakers Seeking Change

By LEE GOMES
Staff Reporter of THE WALL STREET JOURNAL

There is bad news in store for lawmakers thinking about changing the
nation's laws to somehow limit encryption, an idea that has been mentioned
in Washington since the Sept. 11 attacks.

You couldn't do so, say mathematicians and engineers -- even if you really
wanted to.

Encryption, or the process by which a message is scrambled to make it
unreadable by anyone but its intended recipient, has been a staple of
war-time communications since ancient times. An extremely sophisticated
form of encryption is used pervasively in personal computers, most commonly
to provide for secure communications over the Internet.

In fact, the extensive steps that technology companies have taken in recent
years to make people feel safe while shopping or buying stocks online is
one of the biggest reasons encryption is now impervious to change.

For example, every single late-model Web browser in the U.S. has built into
it the capability for very powerful encryption. There also are all manner
of widely available e-mail programs containing strong encryption.

"The toothpaste is out of the tube, and it is covering the whole planet,"
said Phil Zimmermann, whose Pretty Good Privacy is one of the best-known of
these e-mail systems.

These encryption systems, which have been developed during the past 20 or
30 years, make use of some powerful mathematical concepts to create
encoding systems whose power is mind-numbing. It is a trivial matter, for
example, to encrypt a message on a simple PC so that the biggest computer
in the world couldn't decipher it without spending far more time on the
problem than exists in lifespan of the entire universe.

Some in Washington have suggested that software firms redo their encryption
programs to give lawmakers a backdoor means of reading encrypted files.
That is technically possible, but would first require the "recall" of most
existing Internet software, since it contains no such backdoor.

But even if all existing software was somehow modified to remove its
encryption, experts say it would be a simple thing for anyone with even the
most basic education in mathematics to develop new encryption software. Dan
Boneh, a specialist in encryption at the computer-science department at
Stanford University, said that simply by using the mathematics functions
built into a spreadsheet program like Microsoft Excel, he could, in
lessthan an hour, write a simple encryption system that would make do in an
emergency.

"The algorithms to do it are very widely available," he said.

That is one reason that Dr. Boneh and others say the only sure-fire way to
eliminate strong encryption is to somehow eliminate all PCs.

There are other problems with modifying encryption laws, experts say. Chief
among them is the simple fact that if the laws somehow were changed,
terrorists, criminals and others would be sure to no longer use encrypted
PC communications to plan their deeds.

There has been no evidence that the Sept. 11 terrorists used encryption
systems, though lawmakers have said they seemed to have made use of the
free e-mail software readily available on the Web.

While there may be no technology-based way to deal with encryption, that
doesn't mean law-enforcement officials are powerless against it, experts
say. Various forms of low-tech "human intelligence" spying can be utilized,
for example, to discover where someone has written down a password.
According to news reports, agents from the Federal Bureau of Investigation
who were tracking an organized-crime figure using encryption were able,
with a search warrant, to install a program on the person's PC that read
his keystrokes and transmitted his messages even before they were encrypted.

Write to Lee Gomes at lee.gomes at wsj.com1.
------------------------------------------------------------------------
URL for this Article:
http://interactive.wsj.com/archive/retrieve.cgi?id=SB1001458580550103280.djm
Hyperlinks in this Article:
(1) mailto:lee.gomes at wsj.com
------------------------------------------------------------------------

Printing, distribution, and use of this material is governed by your
Subscription Agreement and copyright laws.

For information about subscribing, go to http://wsj.com

Close Window

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com