Can the internet keep a secret?
The internet is, by design, extremely insecure. Anyone sending an e-mail over the internet should assume that it is read or at least stored in several locations. It's as though every letter you send is photocopied and kept by several unknown people. As the internet becomes more widely used, a solution for this has been proposed — the use of encryption (coding) to keep internet data secret.
Encryption is the traditional realm of military organisations. In Australia the Defence Department's Defence Signals Directorate (DSD) has two stated purposes: a classified area responsible for tracking and decoding international data, and a public area providing advice to government agencies on computer security.
While legislation varies widely between countries, the principle in Australia has been that government agencies can spy on the population, and the population is usually allowed to try to keep its secrets. It is not illegal, for example, to send a message between two people in a language that a monitoring government agency (with a warrant) can't understand.
Now the use of some clever mathematical schemes has destroyed this balance, providing any internet user with encryption schemes that can't currently be broken. (This claim is based on the availability of full documentation of programs and mathematical methods, allowing international examination of security claims. Any security product which hasn't met this requirement over a period of time should not be used.)
The best known example is a program called Pretty Good Privacy (PGP). PGP was invented by Phil Zimmermann, and is free for non-commercial users. Unlike most computer program help files, Zimmermann's introduction to the program is a political explanation of the need for an effective encryption system.
PGP allows the user to select from a range of mathematical approaches, and to increase the strength of security through use of large "key" sizes. Some of these approaches, such as the Data Encryption Standard, were developed by, or with the involvement of, the National Security Agency, a leading US government spook organisation. Others were developed independently of military organisations and are commercially available or free for use.
Zimmermann compares existing capacity to scan e-mail for specified content to driftnet fishing. Such an operation (also including phone calls and faxes) involving the US, Britain and Australia, named Echelon, was revealed by the BBC on November 2. Australia's inspector general of intelligence and security, Bill Blick, confirmed that DSD is part of this international network.
Zimmermann traces the release of his program to the 1991 US Senate Bill 266: "If this non-binding resolution had become real law, it would have forced manufacturers of secure communications equipment to insert special 'trap doors' in their products, so that the government could read anyone's encrypted messages".
The bill was defeated, but was followed by the successful 1994 Digital Telephony Bill, which mandated that phone companies install remote wiretapping ports into their central office digital switches. A year later the FBI announced plans (later defeated) to build capacity to wiretap 1% of all phone calls in all major US cities.
Zimmerman goes on to describe the FBI's COINTELPRO program, which targeted groups that opposed government policies: "They spied on the antiwar movement and the civil rights movement. They wiretapped the phone of Martin Luther King Jr."
While US and other military organisations have argued vigorously against allowing unlimited use of unbreakable encryption, use of the internet for commercial purposes depends on it. In response to a case involving the Electronic Frontier Foundation, in May a US court ruled that government bans on export of encryption technology were in breach of the US constitution.
This makes Australia's December 1998 support for the US-sponsored Wassenaar convention, extending export limits internationally, look pretty stupid. The international trend is in favour of the right to use strong encryption. France is currently moving away from its ban on unbreakable encryption, and Britain has stopped its move to such a ban.
The availability of strong encryption tools is a gain for privacy in the internet age. As Zimmerman explains, "There's a growing social need for it. That's why I created it."
By Ian Peters