1 2 3 4 5 6 7 8 9 10

physical goods for which good tracking systems exist. We've heard of tax exiles; in such a world it might be possible to set up a business in a foreign country and operate it without leaving home.

These are distant problems and are unlikely to affect more than a small group of people for the near future. But they are the kind of thing that key escrow theoretically might deter if you believe that people would be less likely to cheat on their taxes if they knew they could be caught. These are not, however, the issues we hear about. Instead, the specters most commonly invoked to argue against the ready availability of non-escrowed strong encryption for the masses are what Timothy C. May called the "Four Horsemen of the Infocalypse": terrorists, pedophiles, drug traffickers, and spies. These people undoubtedly exist, but in what numbers compared to the vast majority of innocent citizens who want something more to stand between them and government attention than a court order? As Bruce Sterling put it at CFP'94, "Are we to allow our entire information infrastructure to be dictated by the existence of pedophiles? Are they that important and precious to us? ... If you're that concerned for children, go down to the projects and rescue some real ones."

That's not to say that there will never be serious dangers or crimes where encryption isn't a problem for the security forces. But Net technology is going to have to add an awful lot of functions before someone can digitize drugs. These crimes are physical events that take place largely off the Net and are most likely to be proven by physical, not digital, evidence. Which would you believe first: a decrypted email message from a drug trafficker to a supplier, or a pound of cocaine found in his house?

There are some serious questions being raised about the government's most recent set of proposals. How, for example, will a public-key infrastructure work? No one has ever tried to manage what is likely to run into millions of keys before. (In fact, the CRISIS report recommends the government begin doing its own key escrow to get a handle on how such a system can work.) What will be the liability for key holders? If all those millions of keys are held in one location, what kind of a target will that location be, and how can the nation's keys be protected? How will authenticating those keys and tying them to their owners be handled? Will other forms of encryption be criminalized? If not, what's the point of escrow? What other penalties might be imposed for using non-approved cryptography? (Already one government report could be interpreted as proposing that those using non-escrowed keys or encryption might be locked out of tomorrow's electronic commerce markets and in early 1997 news circulated that draft legislation to this effect had been proposed.)[21] What will happen if the approved encryption system is cracked unexpectedly? Security systems have so many bases to cover that it's not unusual for weaknesses to be found only after they've been deployed. In early 1996, Netscape's built-in secure sockets layer, the facility that sends sensitive information such as credit card details and passwords between browser and Web site, was cracked by two French students. It was only the 40-bit export version, but the problem was traced to a flaw in the random number generator, which was supposed to ensure that patterns didn't develop to make the encryption easier to crack. Such tiny errors can reduce the security of cryptosystems in unexpectedly important ways--another argument against introducing the security risk of key escrow without fully understanding the mathematical implications behind it.

"The design and implementation of even the simplest encryption systems is an extraordinarily difficult and delicate process. Very small changes frequently introduce fatal security flaws," notes Matt Blaze in his draft December 1996 paper "Cryptography Policy and the Information Economy."[22] "It is possible, even likely, that lurking in any key recovery system are one or more design weaknesses that allow recovery of data by unauthorized parties. The commercial and academic world simply does not have the tools to analyze or design the complex systems that arise from key recovery." Blaze names one additional serious problem: the "enormous expense" of building and operating such an infrastructure. One thing Blaze doesn't ask, as anyone with a minimum of experience with computers might, is why the government thinks that this extremely important, very large, never-before-tried computer system is going to work first time. Can you think