History teaches that grave threats to liberty often come in times of urgency, when constitutional rights seem too extravagant to endure.

Justice Thurgood Marshall (1989)

I complained the other day that Congress was looking to mandate that back doors be built into encryption systems, allegedly to help law enforcement agencies combat terrorism. Those in government who are renewing the effort to restrict public crypto are exploiting fear and outrage at the recent tragedy to impose restrictions that endanger personal freedom.

This’ll be far too quick an overview; I just want to get some ideas down.

The basic argument being made is that terrorists and other criminals use encryption to communicate, and Congress wants to put a stop to it. Law enforcement agencies understandably want to be able to intercept and decrypt these communications, so have long asked that “back doors” be built into encryption systems that would allow them to do so. They maintain that this would only be done with court orders and so on. I don’t buy it.

For one thing, the Senate just voted to allow the FBI to monitor net traffic without a warrant. Yep. I’m not an anti-government raving lunatic, but neither am I entirely comfortable with the US government’s track record in respecting the privacy of its citizens. There have been far too many cases of abuse. The increased use of Carnivore, a system for monitoring electronic communications, should be cause enough for worry. And that’s apparently legal.

There is, I understand, a balance to be struck between the freedom gained by living in a society like ours and the implied restrictions on personal freedom. Rousseau gets dull after a while. What distresses me is the necessary outcome of weakening strong crypto and restrictions on government surveillance. I am dreadfully concerned that the recent terrorist attacks are being used as an excuse to abridge basic Constitutional freedoms.

Americans must rethink how to safeguard the country without bartering away the rights and privileges of the free society that we are defending. The temptation will be great in the days ahead to write draconian new laws that give law enforcement agencies – or even military forces – a right to undermine the civil liberties that shape the character of the United States. President Bush and Congress must carefully balance the need for heightened security with the need to protect the constitutional rights of Americans.”

The New York Times (September 12, 2001)

For the moment, though, I will accept the government’s stated good intentions, because they’re almost irrelevant to the issue at hand.

If only the US government is given access to the back doors, what foreign government or company will accept the idea that the US government can decrypt their messages? The same question was raised for decades while the US outlawed export of strong cryptography (a restriction that was removed a couple years ago). Software companies like had a hard time explaining why the encryption available in foreign countries (or in foreign offices of US businesses!) was considerably weaker than what was available in the US. I’m uncomfortable making an economic argument, but consider this: to cripple strong crypto will damage the US’s ability to compete in global markets.

What if back doors are also made available to foreign governments (presumably non-hostile ones)? How can we assume that those governments will remain non-hostile, or will use the back doors with the same protections that the US government promises its citizens? Make easy decryption available like that, and you might as well not have crypto. Again, I don’t think that the business community will like that, much less people like me who want to protect their personal communications. I may not have anything to hide, but that doesn’t mean that I don’t enjoy my privacy.

Really, though, adding back doors and crippling encryption products will not prevent terrorists’ or other criminals’ ability to use strong crypto: they’ll just use what they have now, get it somewhere else, or write their own using freely available algorithms. As has often been quipped, if crypto is outlawed, only outlaws will have crypto.

I plan to watch this very carefully. Email me if you have questions or flames. And use my PGP key.