Privacy on the Line: The Politics of Wiretapping and Encryption

Lee Ridgway

Privacy of information is a hot topic. Pick up any major news publication and almost weekly you will find some article having to do with breaches of privacy. Pharmacies sell individuals' prescription records to drug companies. Sensitive information in credit-record databases is readily obtained by anyone knowing just a few facts about a person. Passwords and credit-card numbers are stolen from an insecure Internet. Hackers testify before Congress that they could cut this country's connection to the Internet in less than 30 minutes.

Periodically, calls for action are put forward to protect personal information, as well as to make systems more secure. In mid-May, Vice President Al Gore announced a legislative initiative for an "electronic bill of rights" that would ensure the privacy of a person's medical records, Internet transactions, and other computerized personal data. In publications and at conferences, experts discuss the need for effective encryption products for businesses and individuals.

What we have here is something as old as recorded history: privacy and security of information vs. unauthorized access (as in eavesdropping and spying). What is new is the ubiquitousness of telecommunications, including computer networks, and the ease of tapping into and transferring data.

Encryption as the Key
A new book by Whitfield Diffie and Susan Landau, Privacy on the Line (The MIT Press), reminds us that our privacy concerns should extend to all forms of telecommunications, from telephones (especially cellular and cordless), to email, to electronic transactions. Their conclusion is that we can best protect our communications through encryption. They carry their argument further by insisting that gov- ernment and law-enforcement agencies be barred from automatic access to those encrypted communications through "back doors" ­ and therein lies much of the tale in this book.

Diffie and Landau have written a book that touches on the technology of cryptography (also known by its newer synonym, encryption), but is more focused on the history and politics of cryptography in the United States. As such, it is a brief but comprehensive summary of the debates, conflicts, legal actions, and legislation related to U.S. cryptographic policies, especially in recent years.

Invasions of Privacy
The heart of Privacy on the Line is what the authors see as the U.S. government's invasions of privacy. Their discussion pulls together several threads:

  Wiretapping and other electronic surveillance by law-enforcement agencies

  Recent cryptographic schemes, such as public keys (encode data with one key, decrypt it with another)

  Government attempts to require access to encrypted data through key escrow (storage of cryptographic keys)

  Attempts to limit the quality of cryptography available to businesses and the general public.

The points Diffie and Landau want to get across can be summarized as follows. Businesses and individuals realize that, to protect confidential or private information in electronic forms, high-quality encryption is needed. This means that cryptography, until recently mostly of concern only to the government, moves from the highly secret realms of national security agencies into a more public arena ­ and becomes a consumer product.

Law-enforcement agencies contend that, if cryptographic tools become readily available, criminals will be able to hide their electronic activities, especially by encrypting phone calls, making wiretaps practically useless. Perceiving a threat to their ability to fight crime, these agencies ­ the FBI in particular ­ have engaged in intense lobbying of Congress and other agencies that make law and policy around cryptography. The intent is two-pronged: to limit development of and access to privacy-protection technology; and to require "back doors" by which law-enforcement agencies can decipher any coded messages.

When statistical studies are made of how effective wiretaps are in fighting crime, as Diffie and Landau have done, the evidence shows that wiretaps are expensive to implement, but have been only modestly effective in criminal convictions, even of major organized crime leaders. In fairness, the authors did find that other forms of electronic surveillance (such as "bugs") in which encryption would not be applicable do contribute significantly to convictions.

The U.S. government's record of respecting its citizens' privacy is not exemplary. One need only recall how census data were used to round up Americans of Japanese descent for detention during World War II, or the FBI's almost wholesale gathering of personal information on civil rights leaders in the 1960s, or the CIAšs monitoring of research requests in libraries in the 1970s.

U.S. citizens tend to place a high value on privacy ­ even though it is not specifically covered in our Constitution. Diffie and Landau share this value and support its strengthening, especially where electronic media are concerned.

Online Reading
Privacy on the Line is the MIT Press Book of the Month. For more information, including interviews with the authors, go to http://mitpress.mit.edu/news/diffie/index.html.

For a list of sites that focus on privacy issues in the electronic age, see "Privacy Online" on p. 8 of this issue.