ad info




CNN.com
 MAIN PAGE
 WORLD
 ASIANOW
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
 TECHNOLOGY
   computing
   personal technology
   space
 NATURE
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 HEALTH
 STYLE
 IN-DEPTH

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

  CNN WEB SITES:
CNN Websites
 TIME INC. SITES:
 MORE SERVICES:
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines
 pointcast
 pagenet

 DISCUSSION:
 message boards
 chat
 feedback

 SITE GUIDES:
 help
 contents
 search

 FASTER ACCESS:
 europe
 japan

 WEB SERVICES:
COMPUTING

Advocates square off in U.S. encryption policy debate

May 24, 1999
Web posted at: 3:04 p.m. EDT (1904 GMT)

by Margret Johnston

From...
InfoWorld

WASHINGTON (IDG) -- The battle over U.S. encryption policy raged here again last week at a conference where outspoken privacy protection advocates were pitted against a U.S. Department of Justice lawyer who defended current restrictions on the export of strong encryption as an absolutely essential component of law enforcement.

If the FBI and other U.S. law enforcement agencies lose the ability to break into the computer systems of criminal suspects, they will have to operate without one of their most effective tools, said Philip R. Reitinger, senior counsel of the computer crime and intellectual property section in the Justice Department.

MORE COMPUTING INTELLIGENCE
IDG.net   IDG.net home page
  InfoWorld home page
  InfoWorld forums home page
  InfoWorld Internet commerce section
  Get Media Grok and The Industry Standard Intelligencer delivered for free
 Reviews & in-depth info at IDG.net
  IDG.net's personal news page
  Year 2000 World
  Questions about computers? Let IDG.net's editors help you
  Subscribe to IDG.net's free daily newsletter for IT leaders
  Search IDG.net in 12 languages
 News Radio
 * Fusion audio primers
 * Computerworld Minute
   

U.S. law enforcement depends on its ability to search a suspect's computers to prosecute all kinds of crimes, from terrorism to drug trafficking, child pornography, and fraud, Reitinger said during a panel discussion at a conference here on privacy sponsored by the Smart Card Forum.

There's no worse feeling for a law enforcement official, Reitinger said, than finding that a confiscated computer is full of documents that have been sealed up by strong encryption.

"That's a horrible feeling because that's the smoking gun evidence that enables you to really try the person and prosecute him," Reitinger said.

The idea of absolute information privacy -- a view advocated by another panelist, Dan Geer, vice president and senior strategist at CertCo -- would lead to "a situation where there can be no law enforcement," Reitinger said.

It would mean a law enforcement official could not prosecute someone who broke into a person's computer system electronically and stole the data in it, he said.

"It won't be provable because we won't be able to get the data from the person who did that," Reitinger said. "What that leads to is tyranny of the powerful. You should have privacy, but there should be a mechanism for law enforcement to be able to prove a criminal case when it's necessary."

Geer spoke from the other end of the spectrum, expressing views that reflected those of many people in the information technology field who believe the U.S. restrictions on the export of strong technology should end. Currently, it is illegal to export any program stronger than 56-bit encryption without a waiver from the Department of Commerce. The policy is hampering the development of strong encryption products by U.S. companies and hindering e-commerce, according to people who want the policy changed.

Geer said the government's approach has resulted in "a very large negative outcome with a very low probability" of effectiveness. He spoke in favor of the right to absolute privacy for an individual's personal data.

"I will take the side effects of absolute privacy ... over the alternative because I think I can recover should I someday decide I cannot afford the cost of absolute privacy," Geer said.

Americans already are expected to sacrifice too much personal information about themselves just to shop, and "once you lose control of [your private data] you can't get it back, hence it will be a cold day in hell when you want to let it go," Geer said.

Citing familiar arguments, Geer also said the U.S. position on encryption is flawed because strong encryption is available elsewhere and the Internet makes it impossible to control its import.

"I wish [the U.S. government] would quit disarming me in a world in which they can no longer protect themselves," Geer said.

But Reitinger said he favored a "balanced choice" on encryption that would let law enforcement maintain the right to break encryption codes under very strict standards.

"I think that saying we have to choose one side or the other is a false course," Reitinger said. "We all need to be talking ... in a public realm about what the appropriate balance ought to be, and I don't think we should undervalue either the interest of privacy or the interest of public safety."

Another panel pitted Marc Rotenberg, director of the Electronic Privacy Information Center, against Stewart A. Baker, an attorney with Steptoe & Johnson and former general counsel for the National Security Agency.

Rotenberg said regions outside the United States are using the European Union's data privacy directive, which went into effect late last year, as their model for ensuring the privacy of Internet users, while the United States is pushing internationally to limit privacy legislation.

But Baker said that despite the EU's directive, various laws already on the books in the United States make enforcement of privacy violations tougher here.

France, for example, does not investigate many privacy violations and is five years behind on issuing citations, Baker said. By contrast, the U.S. Federal Trade Commission has taken the view that if a company promises not to sell data collected at its Web site and it does, it risks prosecution for unfair and deceptive trade practices.

The FTC "can come enforce it and they have a team of people they are assembling to do just that," Baker said. "So actually, it's more likely you'll end up on the receiving end of enforcement in the United States than in Europe."


RELATED STORIES:
New Communicator: Speed and smarts
May 19, 1999
Bankers anticipate code-breaking machine
May 18, 1999
DOJ mulls crypto ruling
May 11, 1999
ISP admits scanning its own subscribers
May 6, 1999

RELATED IDG.net STORIES:
U.S. adviser seeks full-blown debate on encryption
(Network World Fusion)
McCain proposes loosening crypto restrictions
(Computerworld)
New battle lines being drawn over encryption debate
(Federal Computer Week)
Entrust offers European development kit for strong encryption
(InfoWorld Electric)
Congress may loosen export encryption rules
(PC World Online)
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

RELATED SITES:
Encryption Policy Resource Page
Encryption Special Report (Washington Post)
Internet Privacy Coalition
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
 LATEST HEADLINES:
SEARCH CNN.com
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.