4.2 None of your business: Encryption

next section

previous section

interactive activity

table of contents

return to home

related links

post your thoughts

There is a fine line between individual privacy and what your employer needs to know.  Should schools be able to run background checks on teachers, to verify credentials and make sure they have to past history of child abuse or molestation?  Certainly.  Should your insurance company be able to consider your past medical history before selling you a policy?  This is not as clear.  Should you be able to remain completely anonymous online, without even the government able to identify you?  This would protect, for example, a homosexual sailor who would like to keep his job in the Navy but stay in touch with a boyfriend (this actually happened and the sailor lost his job, see Don't Ask, Don't AOL, by Margie Wylie).  But shouldn't the government be able to trace hackers who steal important financial information from consumers at Amazon.com?

The apparent solution to the lack of privacy on the internet is a technique known as encryption.  Encryption is running data through filters.  One filter scrambles the message, a second unscrambles it.  Anyone who picks up the information in transit would (in theory) see nothing but garbled characters.  (To experience what this is like, try opening an image file in a word processor).  However, such encryption would also allow people to hide far more easily online.  Many hackers can also run intercepted data through filters of their own and recover the information.  Business moves far more slowly than the underground community of hackers.

In 1993, the government suggested that the government should hold a key to all encryption.  This way, data could only be accessed by the receiving part (who would hold a 'key') or the government.   This idea was called a Clipper chip.  The Clipper chip used a mathematical formula known as the SLAPJACK algorithm.  Proponents argued that the Clipper chip (also referred to as "key escrow", or, later, "key recovery") would thwart hackers and that wiretapping was often vital to convicting a criminal.  Opponents argued that truly clever hackers would easily find their way around the Clipper's defenses and that the SLAPJACK algorithm used in the chip had flaws.  (Seeman, Outline)  The Clipper chip initiative was backed by the White House, the National Security Administration (NSA), and the Attorney General's office and has been revised several times since it's advent.  (EPIC, The Clipper Chip)  The Commerce department shifted the focus of the Clipper to comply with European regulations and many companies expressed frustration with the Clipper initiative.  The limits placed by the government on encryption levels (56-bit) have been proved ineffective and in March, 1998, internal government files were discovered by EPIC that admitted that "key recovery" was expensive and impractical (CDT, Cryptography Headlines).

In more recent events, Congress is reviewing the Security and Freedom through Encryption (SAFE) Act [full text], introduced in late February by Representatives Bob Goodlatte (R-VA) and Rep. Zoe Lofgren (D-CA).  The SAFE Act ensures that US citizens may use any form of encryption, anywhere, denies the government the right to "key recovery", and creates penalties for using encryption to cover a crime, among other things.  (CDT, SAFE HR 850).  The House vote on SAFE will take place in September.

The Online Privacy Alliance, made up of prominent companies in communications and technology like IBM, AOL, and Time Warner, is trying to help the internet industry self-regulate encryption and other privacy topics.  This may be a step in the right direction - if industry and government can work together, encryption could be regulated but commonly used.  Still, this leaves out individual consumers and others whose privacy is actually what is being debated.   The Online Privacy Alliance suggests a caveat emptor approach - consumers should look for privacy policies and be careful where they post their information.

back to top

Last revised: 7/23/99
mportant financial information from consumers at Amazon.com?

The apparent solution to the lack of privacy on the internet is a technique known as encryption.  Encryption is running data through filters.  One filter scrambles the message, a second unscrambles it.  Anyone who picks up the information in transit would (in theory) see nothing but garbled characters.  (To experience what this is like, try opening an image file in a word processor).  However, such encryption would also allow people to hide far more easily online.  Many hackers can also run intercepted data through filters of their own and recover the information.  Business moves far more slowly than the underground community of hackers.

In 1993, the government suggested that the government should hold a key to all encryption.  This way, data could only be accessed by the receiving part (who would hold a 'key') or the government.   This idea was called a Clipper chip.  The Clipper chip used a mathematical formula known as the SLAPJACK algorithm.  Proponents argued that the Clipper chip (also referred to as "key escrow", or, later, "key recovery") would thwart hackers and that wiretapping was often vital to convicting a criminal.  Opponents argued that truly clever hackers would easily find their way around the Clipper's defenses and that the SLAPJACK algorithm used in the chip had flaws.  (Seeman, Outline)  The Clipper chip initiative was backed by the White House, the National Security Administration (NSA), and the Attorney General's office and has been revised several times since it's advent.  (EPIC, The Clipper Chip)  The Commerce department shifted the focus of the Clipper to comply with European regulations and many companies expressed frustration with the Clipper initiative.  The limits placed by the government on encryption levels (56-bit) have been proved ineffective and in March, 1998, internal government files were discovered by EPIC that admitted that "key recovery" was expensive and impractical (CDT, Cryptography Headlines).

In more recent events, Congress is reviewing the Security and Freedom through Encryption (SAFE) Act [full text], introduced in late February by Representatives Bob Goodlatte (R-VA) and Rep. Zoe Lofgren (D-CA).  The SAFE Act ensures that US citizens may use any form of encryption, anywhere, denies the government the right to "key recovery", and creates penalties for using encryption to cover a crime, among other things.  (CDT, SAFE HR 850).  The House vote on SAFE will take place in September.

The Online Privacy Alliance, made up of prominent companies in communications and technology like IBM, AOL, and Time Warner, is trying to help the internet industry self-regulate encryption and other privacy topics.  This may be a step in the right direction - if industry and government can work together, encryption could be regulated but commonly used.  Still, this leaves out individual consumers and others whose privacy is actually what is being debated.   The Online Privacy Alliance suggests a caveat emptor approach - consumers should look for privacy policies and be careful where they post their information.

back to top Last revised: 7/23/99