Originally created 03/14/97

Revealing all on line



BURLINGAME, Calif. - Most Americans have still not ventured into cyberspace. But their right to privacy there is the subject of an ongoing battle.

Consider this bit of junk e-mail that went out over the Internet last month advertising a service for the overly curious among us:

"Learn EVERYTHING about your friends, neighbors, enemies, employees or anyone else! Even your boss! Even yourself!"

Fearing such snoops, who may be more interested in your money than your embarrassing secrets, many Internet experts are advocating the use of unbreakable codes to protect communications on the Internet. But the government, worried about its continuing ability to investigate terrorists, money launderers and other criminals, has sought to limit the level of encryption available to the public.

This debate over online privacy went on display here in the Silicon Valley Thursday, when advocates of powerful software for encoding data and messages on the Internet met with computer crime experts, the so-called cypherpunks and cybercops, for a public airing of the issues that divide them, and for a try at finding common ground.

Clearly, there is a wide gulf between the two factions. The code advocates who have developed, or support the widespread use of, virtually unbreakable methods for scrambling digital signals remain deeply suspicious of law-enforcement efforts to have access to the mathematical keys for breaking those codes.

For its part, law enforcement sees the proliferation of so-called encryption or cryptography as a potential boon for crime, a boon that has already been used by drug traffickers, child pornographers and those accused in the World Trade Center bombing.

"Just about any form of crime you can imagine can be facilitated on the Net," warned Kevin Manson, a panelist who said he trains cybercops in his job as a senior instructor with the Federal Law Enforcement Training Center in Georgia. He called encryption "a useful tool used for many bad purposes."

But even the cybercops agreed that some level of encryption is the best available answer for guarding privacy. Encoding not only keeps communication private on inherently insecure computer networks, but also can be used to prove the identities of computer users via "digital signatures." Encoding also is critical for scrambling credit-card numbers and even for creating digital money, steps seen as necessary for the broad acceptance of commerce and banking over the Internet.

Some of encryption's most vocal advocates, however, maintain that giving law enforcement access to the digital keys, even if only with a warrant issued by a court, is a step toward turning government into Big Brother.

"If you build a system that can be abused, it will be abused," said John Gilmore, an Internet pioneer, co-founder of the Electronic Frontier Foundation advocacy group and moderator of an online discussion group called the Cypherpunk Mailing List.

While there is no ban on the use of encryption in the United States, the Clinton administration, under a November executive order, requires firms that sell the software to obtain licenses for export. In effect, the software is considered a munition.

"I did get a weapons upgrade for Christmas this year," Gilmore joked at the panel discussion Thursday before about 300 people at a conference on "Computers, Freedom and Privacy." The conference is sponsored by a professional group, the Association for Computing Machinery.

The first export licenses for encryption software were granted earlier this year to Digital Equipment Co., Cylink and Trusted Information Systems. The licenses restrict the exports to "key" codes of less than 56 bits of data, unless those keys are made available to the government.

Critics say a hacker, or a computer-savvy FBI agent, could crack a 56-bit key in minutes. The difficulty in cracking a code grows geometrically, so that a key twice as long, 128 bits, is considered virtually impossible to crack.

So the restrictions anger the cypherpunks, who see cryptography as indispensable in the digital age for guarding against malicious hackers, prying government eyes or cyber stalkers.

"Crypto(graphy) is out there. It's just mathematics, and everybody ought to have it," said Hugh Daniel, a software developer on the panel. "It's crypto hygiene; everyone has to learn how to brush their digital teeth every morning."

In an interview, Michael A. Vitas, a Justice Department lawyer, acknowledged: "As society becomes more dependent on computers and the Internet and even telephones ... people are going to find that their communications are vulnerable to hackers or business competitors."

And, he added, the recent flap over the interception of a cellular telephone call to House Speaker Newt Gingrich, R-Ga., may convince many that encryption is for "everybody ... not just spies."

The panel debate Thursday was part of a larger discussion taking place over the course of the four-day conference, which concludes here Friday. Speakers have been discussing the implications for privacy not only on the Internet, but wherever new technology may make possible such devices as microscopic sensors, face-recognition video cameras or traceable digital cash.

"We have the potential now to create the complete surveillance society," said participant Deborah Hurley, executive director of Terra Nova, a Cambridge, Mass. nonprofit organization that advises governments on advanced technologies. "We are creating a system that knows how to track everything in your life," she said.

Cryptography online is not the equivalent of privacy, she said, but it is one privacy tool, along with new legislation, social restraints and the simple act of "not telling," to help shield private lives.