[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Business Week on PGP subpoenas




BusinessWeek, October 4, 1993

p. 43, Washington Outlook


SPY VS. COMPUTER NERD: THE FIGHT OVER DATA SECURITY

Philip Zimmermann wanted to strike a blow for freedom.  To help
computer users keep data safe from snoopers, the Boulder (Colo.)
software consultant and self-described "privacy activist" wrote
a program making it easy to encode messages with an all-but-unbreakable
cipher.  And he offered it free through the network known as the
Internet.

Now, Zimmermann's gift to cyberspace has exposed an enormous gap in
the Administration's vision of a high-tech future.  The White House
is promoting a data superhighway as a key to a competitive future.
But the National Security Agency is trying to restrict the use of
high-quality encryption, which experts believe business will need
to take full advantage of the "information infrastructure."

The focus of the fight is a program Zimmermann calls "pretty good
privacy" (PGP).  On Sept. 9, two software companies in Texas and
Arizona that have been involved in publishing PGP received federal
grand-jury subpoenas requesting documents and information about
the program.

CRACKDOWN.  Although the government won't discuss the investigation,
the computer world has a pretty good idea what's going on.  Because
sophisticated encryption allows friends and foes alike to protect
communications, the software is subject to the same export controls
as munitions.  But PGP has popped up all over the world.  The probe,
says Zimmermann's lawyer, Philip Dubois, is aimed at "finding out how
it occurred and whether an offence was committed."

Oddly, the crackdown on software comes just as the Administration is
loosening export controls on computer hardware.  But the schizophrenia
may be more apparent than real.  "I don't think they've got the export
policy together enough to be split," says a key congressional staffer.
The underlying problem, explains Paul Freedenberg, a Washington attorney
and export-controls specialist, is that "Clinton is very cautious about
dabbling in national security.  This is an area that has essentially been
turned over to the spooks."

Meanwhile, there is growing concern in Congress about possible damange
to exports.  Quality encryption software "is available from foreign
manufacturers...and is easily transmitted using only a long-distance
telephone line and a modem," complained Representative Sam Gejdenson
(D-Conn.) and a high-powered bipartisan group of colleagues in a Sept.
20 letter to the President.  "Yet the U.S. continues to control this
computer software as a Munitions List item."  Says Douglas Miller of
the Software Publishers Assn.: "The U.S. government is succeeding only
in crippling an American industry's exporting ability."

While the goal of the NSA and other security agencies - keeping U.S.
messages secure while allowing Uncle Sam to read those of both
domestic and foreign bad guys - is laudable, technology may be rendering
it impossible.  "Law enforcers no longer have the inside track," says
Eben Moglen of Columbia University law school.

Experts agree that NSA officials are smart enough to see the writing
on the wall, encrypted or not.  But, says James Bitzos [sic], president
of RSA Data Security Inc. in Redwood City, Calif., the agency wants to
maintain as much control as possible for as long as possible.  Today,
intelligence agencies still have a shot at finding "needles in the
haystack," he says.  "If they lift export controls, they might as well
go home."

Still, the NSA can't stave off the inevitable for long.  Gejdenson hopes
to produce legislation by early next year to revamp government policy
on high-tech exports.  The result will probably include looser
restrictions on encryption software - and a victory for Phil Zimmermann
in his battle to keep snoops out of his cyberspace.

By John Carey





-------------------------------------------------------------------------
To find out more about the anon service, send mail to [email protected].
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to [email protected].