needs to know. Should schools be able to run background checks on
teachers, to verify credentials and make sure they have to past history
of child abuse or molestation? Certainly. Should your insurance
company be able to consider your past medical history before selling you
a policy? This is not as clear. Should you be able to remain
completely anonymous online, without even the government able to identify
you? This would protect, for example, a homosexual sailor who would
like to keep his job in the Navy but stay in touch with a boyfriend (this
actually happened and the sailor lost his job, see Don't
Ask, Don't AOL, by Margie Wylie). But shouldn't the government
be able to trace hackers who steal important financial information from
consumers at Amazon.com?
The apparent solution to the lack of privacy on the internet is a technique known
as encryption. Encryption is running
data through filters. One filter scrambles the message, a second
unscrambles it. Anyone who picks up the information in transit would
(in theory) see nothing but garbled characters. (To experience what
this is like, try opening an image file in a word processor). However,
such encryption would also allow people to hide far more easily online.
Many hackers can also run intercepted data through filters of their own
and recover the information. Business moves far more slowly than
the underground community of hackers.
In 1993, the government suggested that the government should hold a
key to all encryption. This way, data could only be accessed by the
receiving part (who would hold a 'key') or the government.
This idea was called a Clipper chip.
The Clipper chip used a mathematical formula known as the SLAPJACK algorithm.
Proponents argued that the Clipper chip (also referred to as "key escrow",
or, later, "key recovery") would thwart hackers and that wiretapping was
often vital to convicting a criminal. Opponents argued that truly
clever hackers would easily find their way around the Clipper's defenses
and that the SLAPJACK algorithm used in the chip had flaws. (Seeman,
Outline)
The Clipper chip initiative was backed by the White House, the National
Security Administration (NSA), and the Attorney General's office and has
been revised several times since it's advent. (EPIC, The
Clipper Chip) The Commerce department shifted the focus of the
Clipper to comply with European regulations and many companies expressed
frustration with the Clipper initiative. The limits placed by the
government on encryption levels (56-bit) have been proved ineffective and
in March, 1998, internal government files were discovered by EPIC that
admitted that "key recovery" was expensive and impractical (CDT, Cryptography
Headlines).
In more recent events, Congress is reviewing the Security
and Freedom through Encryption (SAFE) Act [full
text], introduced in late February by Representatives Bob Goodlatte
(R-VA) and Rep. Zoe Lofgren (D-CA). The SAFE Act ensures that US
citizens may use any form of encryption, anywhere, denies the government
the right to "key recovery", and creates penalties for using encryption
to cover a crime, among other things. (CDT, SAFE
HR 850). The House vote on SAFE will take place in September.
The Online Privacy Alliance,
made up of prominent companies in communications and technology like IBM,
AOL,
and Time Warner, is trying to help
the internet industry self-regulate encryption and other privacy topics.
This may be a step in the right direction - if industry and government
can work together, encryption could be regulated but commonly used.
Still, this leaves out individual consumers and others whose privacy is
actually what is being debated. The Online Privacy Alliance
suggests a caveat emptor approach - consumers should look for privacy
policies and be careful where they post their information.