Should the Internet be Heaven's net?

Should the Internet be Heaven's Net?

By: Scott Bradner

The Clinton administration is talking about key escrow again. I'm sure you all remember the sinking of the Clipper a while back. In that case, the administration proposed that your friendly government would hold onto the key you'd use to encrypt the phone call in which you whispered sweet nothings to your SO . The government, of course, was only able to get the key with a proper court warrant and, the whole thing was voluntary anyway .

They have now floated a new idea. It is sort of Clipper in a business suit instead of a cloak and dagger Clipper. The key escrow would be done by a bank instead of a government agency. Again, the whole thing would be voluntary. The governmant would still be able to get the key by following normal procedures to get a warrent.

Putting aside (for now) the moral issue, this proposal makes some sense. Businesses must have key escrow. It would be the height of folly to permit the president of some large corporation to encrypt all of the corporation's business records in a key that only the president knows. The consequences of the president then experiencing truck fade when crossing the street could be catastrophic. Businesses will have key escrow, it is only a question of who does the escrow function.

Businesses could do the escrow themselves or purchase a service from a bank. The banks might have better controls and procedures but the business might not know if the government was poking about and asked the bank not to mention the visit.

This would be a non-story for the rest of us if there was not a nagging fear that at some point in the future the use of key escrow would be made mandatory. It does not make any difference if the current administration claims it will never happen. No administration can effectively bind the actions of a future administration or congress.

So one has to operate on the assumption that the fear will be realized and, in the name of national security, fighting terrorism, or prosecuting pedophiles the use of non-key escrow encryption schemes will be outlawed. Any such ban will be seen as expedient. Countering the dangers, some would claim, outweigh any threat to the privacy of the individual.

The fact that penalties for the use of encryption would likely be far less than for whatever the user is trying to cover up along with the wide-spread availability of very good encryption technology would make it very likely that any such ban would only help the authorities catch the dumb, or poorly organized criminals. But the existing ban on the export of good encryption technology and any future requirement for key escrow does mean that the big software vendors do not include the ability to keep information truly private in their standard products. Someone who wants it has to go get it rather than having it handed to them.

The overall idea that the government may want to make it impossible for two citizens to hold a private conversation is quite troublesome. We used to be able to go out into a field and whisper in each others ears, technology is taking this ability away from us.

More than 2,000 years ago the Chinese philosopher Lao-tzu wrote "Heaven's net is indeed vast, Though its meshes are wide, it misses nothing." Are we at the point where governments have the hubris to assume that they are equal to the builder of Heaven's net?

Although technology is taking the ability to whisper to a friend away from us, technology can also restore that same ability, if permission to use it is not taken away.

disclaimer: Harvard has been accused of arrogance but not (as far as I know) of usurping the authority of the builder of Heaven. In any case, the above represent my own views.