Banning Encryption Tools Will Do Nothing To Hamper Terrorists

 
 
By eweek  |  Posted 2001-10-08
 
 
 

"Nothing will ever be the same."

Its a sentiment weve all heard expressed in a multitude of different ways since Sept. 11, and one that will undoubtedly prove true in ways we have not yet begun to imagine. Responses to the events of that morning will be many and varied, and will impact on every possible aspect of modern life. Some may actually improve our lives in the long term; many will require sad but necessary trade-offs in order to prevent the reoccurrence of such a tragedy.

Others, however, while apparently useful, politically expedient or emotionally satisfying, will only serve to make the situation worse. One great task of the days ahead will lie in distinguishing good precautions from senseless ones.

A minor but significant case in point: Almost immediately following the attacks, Senator Judd Gregg called for new restrictions on the development and use of encryption technology. In essence, Senator Greggs proposal would revive the failed "Key Escrow" plan of the early 1990s, requiring all cryptographic tools to have a built-in "backdoor," which government agents could use to decipher suspicious messages.

It is easy to understand the senators motivation. Law enforcement officials have long argued that encryption is a major obstacle to their investigative efforts, and early reports that terrorists used encrypted online channels to coordinate the World Trade Center attacks seem to vindicate their argument. Certainly, intercepting communications will be a major goal as governments attempt to apprehend the perpetrators and prevent future attacks, and they should have every possible tool at their disposal.

The fact is, though, that the genie is already out of the bottle—it has been for years—and there is no practical way to get it back in.

Strong encryption tools are widely available at little or no cost to anyone with an Internet connection, anywhere in the world. Absent some quantum leap in computing power or cryptanalysis technology, terrorists already have all the encryption power they could conceivably need for the foreseeable future. Law enforcement has long recognized that legislation can do nothing to prevent motivated and technically savvy criminals from getting their hands on these tools. The terrorists who carried off the attacks in New York, Pennsylvania, and Washington, D.C., were both motivated and technical.

Anti-encryption laws will have a significant impact on the worlds legitimate commercial networks, however. It is not technically possible to create the kinds of "backdoors" that the Senator Gregg envisions without seriously weakening the encryption technologies in question, rendering them vulnerable to a host of new kinds of attacks. Almost every tool that we rely on to secure legitimate networks requires these technologies to function properly. As we enter what may prove to be a protracted international conflict, these networks will present a tempting target. In short, by creating backdoors, we create the risk that these very same doors might be used against us by the very terrorists they are intended to defeat (not to mention thieves or teenage vandals).

In the current environment, it is extremely difficult—even counterintuitive—to argue with any measure that might strengthen the governments hand in the coming conflict. But even without considering their possible impact on civil liberties, some efforts will do more harm than good. Senator Greggs proposal is one of them.

Rocket Fuel