PGP and Cryptography

“In furtherance of world peace and the security and foreign policy of the United States, the president is authorized to control the import and the export of defense articles and defense services and to provide foreign policy guidance to persons of the United States involved in the export and import of such articles and services.”  –Arms Export Control Act (22 USC Sec.2778)

Sounds pretty harmless right.  After all, it is in the interest of world peace.  But things are not always what they seem, especially in the murky world of federal law.  The provisions in the Arms Export Control Act have been applied to all sorts of exports of cryptographic material, material which most reasonable people would hesitate to call “arms”.

What is cryptography?  Cryptography is literally “secret writing”.  It is the art of encoding or enciphering material such that it is unreadable to anyone except those who have the “key” to decode it.  So what is the US federal government doing restricting the export of complicated locks? This is something many of us fail to understand. After all, locks are used to protect one’s property and who’d think of them as being harmful to world peace?  And we’re not even talking of physical locks here. Cryptography will only encode information, and is information in itself.

The Department of State has however used these laws to restrict the distribution of cryptographic material to foreign nationals, and to an extent attempted to control its application within this country.  The reason we cannot transmit data over computer networks as securely as we would like, with as much ease as we demand is precisely because of laws such as this.  These laws will not permit software authors to implement freely available cryptographic techniques to make transmissions over networks as secure as they can be.  If someone wants true security in transmission they currently have to encode the data manually and then transmit it.  Ideally this should all be done behind the scenes so that the user will not have to be concerned about it.  Precisely because it is such a bother, most users on computer networks do not care to encrypt information they transmit over computer networks.  Quite obviously this means that all e-mail you send, all files you transfer can be read by anyone while in transit.  Why doesn’t the US federal government want you to have access to the best locks available?

But it seems rather silly to ask such a question.  Of course we know why they don’t want your conversations to be secure.  For the exact same reasons that they want you to use a cryptographic system (the clipper chip) to which they always have a back-door, i.e. one that is not completely secure.  It is also why the federal government would like to pass the “wiretap” bill forcing telecommunications companies to invest in producing switching exchanges that will permit federal agents to listen in on your phone calls whenever they want to.  And they want to subsidise the telephone companies as they go about doing this.  what the federal govenrment really wants to do is use your taxes to spy on you.  Sound like big brother yet?

Thankfully there are people who are fighting govenrment regulation and action that will threaten your privacy.  One such individual is Phil Zimmerman.  Phil Zimmerman is the author of PGP (Pretty Good Privacy), an encryption program that is currently imossible to crack.  Phil Zimmerman has made PGP available to the world free of cost for a number of years.  He has been spending large amounts of time further improving this program to provide people all over the country with the degree of privacy that they desire.  Phil sounds like a nice guy doesn’t he?  But the Department of State doesn’t think so.  They’re accusing Phil and a number of other people involved with PGP of exporting munitions outside of the US.  The Department of State considers PGP a threat to “world peace”.  Incidentally the law invoked against Phil (International Traffic in Arms Control Regulations, ITAR) classifies Automatic Teller Machines as “Auxilliary Military Equipment”.  Yes those machines you use to get money from your account at night are considered lethal.

Phil Zimmerman is apparently being prosecuted because software he has written may have found its way outside the country.  This is undeniable; it must have.  After all, “information wants to be free”.  The point is however, that Phil has not been directly involved in any such distribution.  These can only be called “trumped up charges”.  Other questions are raised of course, questions that had been asked during the cold war.  Is it really in the interest of humanity that we hoard our knowledge and force each nation to re-invent the wheel?  Is it not much more desireable that the international academic community share its finding so as to minimize wasteful repetition of research efforts?  The US government doesn’t seem to think so.  The Department of State has turned down requests from academics who wished to post their own work on cryptography on worldwide discussion groups.  On the other hand the US supreme court has upheld the right of a publication to print instructions on constructing a homemade nuclear bomb, we can only hope that the judiciary will display similar judgement and guard our rights when these cases do come to court.  As is to be expected, the department of State has managed to find all sorts of excuses to delay hearings in most of these cases.

But this isn’t all, these laws constitute an infringement of free speech as well.  In it’s “Munitions Control Newsletter, No. 80”, the department of state stated: “The public is reminded that professional and academic presentations and informal discussions, as well as demonstrations of equipment, constituting disclosure of cryptologic technical data are prohibited without the prior approval of this office.”  What this means is that any foreign students at NYU who may have taken a course in advanced algorithm design, and their instructors, may have violated US federal regulation.  Something must be wrong here, after all the first amendment grants us the right to free speech right?

Phil Karn wrote a book on cryptography called “Applied Cryptography” that was distributed within the US with a floppy disk containing some programs that were described (and printed) in the book.  When Karn tried to distribute the book outside the US however, the Department of State did not permit him to sell the floppy disk with the book.  This seemed rather silly because the C code on the disks was printed in the book anyway.  But this tells us something about the federal government’s thinking.  Though the information may be the same, they are apt to treat printed matter and digital data in very different ways.  Why?  Because they can.

The federal government does not wish to stunt the growth of the computer industry, in fact various departments are working towards assisting companies in this sector become more viable in the global market.  The federal government has also for a number of years supported the activities of real defense manufacturers and encouraged the export of advanced weapons to countries all over the world.  Obviously world peace is not as much of a value when we’re considering a government supported company, but world peace is of prime importance when an individual attempts to disseminate information.  But the federal government works in mysterious ways.  What is of great concern however is that those rights which are afforded to the print media are not afforded to digital media.  With a very warped reading of the First amendment, the federal government has managed to convince itself that Computer Mediated Communication is not protected speech, and that it can therefore run rough-shod over the individual’s right to speak on a computer network. This becomes very clear when we understand that it is politically impossible for the federal government to censor the press, but that the populace in general knows so little about the digital medium that laws restricting free speech in a networked environment become non-issues. Yet, as the world becomes networked, or webbed or whatever, all of us will have to rely on computers and telecommunications to accomplish much of our work.  How would you like to have your telephone conversations tapped, or your faxes intercepted and read, or your e-mail opened?  The US govenrment cannot open your surface mail and we must ensure that no-one can read your computereized correspondence either.

We must remember that it was a struggle to pass the First amendment and it will be a struggle to pass a “Telecommunications privacy bill of rights” as well.  The government’s attitude on this is clear, in a letter to the administrators of the acadmeic computer network BITNET, the Commerce department stated that : “You have mentioned that BITNET does not monitor traffic on the network.  It is a non-secure network.” The question of course is non-secure for whom?  Is a netowrk that ensures privacy to its users, non-secure for them?  Of course not.  Is it non-secure for a tyrannical state?  Pirobably.  We must remember that free speech has been a value this country has been founded on.  The Federalist Papers, essays that moulded the future of this country were published anonymously.  If an individual’s right to privacy is not protected, the world will soon be an unbearable place.

Those interested in finding out more about these issues may wish to search the excellent archives maintained by the Electronic Frontier Foundation, http://www.eff.org/.  The Phil Zimmerman Legal Defense fund can be found at http://www.netresponse/zldf/.  I maintain a page that contains information related to these issues.