By Robert Moskowitz
Although the average person may have little interest in personal cryptography, it's becoming an increasingly important topic that all of us should think about. It provides us with a practical way to live our lives in reasonable freedom from the fear of being "overheard" by unwanted others.
If you think this isn't important, pay attention the next time you're in a restaurant with your family. Most people not only modulate their tones so as not to be overheard, but will often halt the conversation whenever the server comes near.
Theoretically, there would be an equally effective way to "quiet down" in computer-based communications whenever someone came into position to overhear what we're saying. But since we have no control over 99% of the network carrying our communications, that's not a practical approach. What turns out to be far more practical is the regular use of person-to-person encryption.
The newly emerging technology for making encrypted telephone calls over the Internet provides a good example of how useful it can be to learn encryption techniques.
Without some form of encryption technology, it's impossible to truly feel secure in conversations over the telephone. That's why during the past decade or two there has been such a strong market for telephone "scramblers"--devices that operate to encrypt telephone signals before they ever reach the public telephone network, and decrypt them again when they come out at the other end.
But while "scramblers" have generally been priced beyond the reach of the average telephone user with nothing in particular to hide, modern public-key encryption for Internet-based telephone calls is much more suited to use by the rest of us.
Once both parties to a telephone call have the necessary software installed, establishing a secure connection is as easy as having your computer connect to the other, and allowing the two software systems to establish an unbreakable, encoded link.
The best secure-telephone software provides a virtual certainty that there is no third party present on the line.
For example, with PGP Fone, each end of the secure conversation displays a unique "checksum" at the start of the conversation. To guarantee their privacy, users read each other their "checksum" before they say anything intended to be private. If there is a third party intruding, his or her presence will change the checksum on both ends of the conversation. To avoid detection, the intruder must surreptitiously change the displayed checksum or the voice data--in real time! So far, this is a task that no one has been able to come close to doing successfully.
Ensuring authenticity of the messages you receive over a secure channel takes on a different dimension when you're exchanging email instead of speech. During a phone call, you can usually count on recognizing the voice of the other party. Via email, there's no such intrinsic way you can know who originated the message you're reading.
It's relatively easy for a knowledgeable network wizard to intercept a message, change it, and pass it along as though it was still pristine.
Originally, a mail system like Privacy Enhanced Mail (PEM) was thought to be as safe for messages as a secure telephone was for speech. Unfortunately, most PEM software has proven to be vulnerable to eavesdropping in several ways, including such a simple trick as the substitution of modified PEM programs into the user's working environment.
Here's how it can work: To increase the security of their messages, a user downloads the PEM program from a convenient server. In most instances, it's easy for a determined intruder to be monitoring such activity, and to send not the true and original PEM software, but a subtly modified version that provides all the same features of the original PEM, plus a secret capability for passing the user's password and private key directly to the intruder.
Unless all the communications between the user's computer and the file server--including the original downloading of the software--are subject to authentication, the bogus copy of PEM received by the user will generally be taken at face value, and put into use without much examination.
To prevent this, it's important to find some way to verify that the security software you're using hasn't itself been compromised.
Today, this is usually done by downloading an authenticated copy of the encryption software from a trusted server, and then checking the "digital signature" that comes with the downloaded software against a publicly available copy to make sure the original file has not been tampered with.
During the Cold War, the other side was constantly threatening to open a new "gap," which we were constantly struggling to close with new and better (and more expensive) technology.
It's the same in the newly emerging privacy war.
As early as the Civil War, each side found virtue and value in eavesdropping on the other's telegraphic communications.
Later, those evading the police learned to use telephones to make their plans and communicate during their implementation. Eventually, the police were empowered to listen in. At first, only foreign spies were targeted for electronic eavesdropping. Later, rum-runners and Prohibition-era gangsters were also targeted. In more recent years, the FBI, CIA, and local law enforcement have been happy to wiretap in hopes of intercepting bombers, bank robbers, and hit men.
At every turn, the government has shown a strong interest in eavesdropping on private citizens, and the Courts have been willing to go along. At first, there were few if any restrictions on wiretaps, but by the '60s and '70s, the principle of electronic eavesdropping as a search that required a duly authorized warrant was well established.
It hasn't proved to be much of a restraint. Every year, there are about 5,000 judicially authorized wiretaps in the US (and several times as many unauthorized ones, say the experts).
So it's no surprise that another set of battle lines is forming. In the modern era, those wishing to keep matters private from the police, and others just wishing to keep matters generally private, are learning to use encryption. To date, neither governments nor private citizens have figured out how to muster an effective counter-measure.
Aware that diverting an electronic signal is useful only if you can understand what you receive, the government is making a strong effort to limit the spread of encryption software. In fact it even wants to force all makers of such software to put in a back door the government will be able to open when it wants and needs to (this is the essence of the Clipper Chip proposal, now presumed to be in danger of cancellation, as was--you may remember--the B-1, the B-2, and "Star Wars").
One concern is that weakened privacy protections create problems and vulnerabilities for domestic businesses trying to maintain a competitive edge in an increasingly competitive world economy. Another is that US makers of encryption products--currently among the best in the world--know they can expect no foreign sales if they're providing encryption protections that the US government can bypass at will.
From a police or government point of view, making entirely secure communications technology widely available is a short-cut to pure anarchy. Theoretically, this scenario may be a possibility. But historically, many technological advances have threatened social control and/or entrenched power structures, yet we still live in a fairly civil society, and anarchy has never been very popular.
In practice, the advantages of stronger encryption capabilities will probably outweigh the disadvantages--not only for private individuals, but for commercial organizations and for governments.
For example, good encryption techniques make it far easier and reliable to verify and authenticate messages. In the practical world, this translates into a system for conducting secure financial transactions that says nothing about whether or not the content of the message itself will be secured.
But many who want their privacy are simply not satisfied with compromises. Many Americans--from armed militia to suburban Dads and Moms--just want to be left alone. They see the new computerized encryption systems as a fence they can put up to keep the rest of the world out of their business.
Much has been written about the invasion of privacy now taking place as governments, private "credit" bureaus, employers, marketers, and others seek to learn as much about what we do, what we like, and what we think as they possibly can.
By some counts, more than five hundred companies now regularly trade in private information about ordinary citizens. The number of databases on private citizens, and the amount of data they contain, is already well beyond anyone's ability to tally.
Is it paranoid to fear the intrusion of a government that has a demonstrated track record of civil rights violations? Federal agencies have incarcerated American citizens of Asian heritage, spied on ordinary citizens engaged in peaceful protest, and conducted organized campaigns of mis-information and subversion against private organizations engaged not only in political but in humanitarian action. And they've done a lot more.
Our Constitution was founded on the principle of restraining government from unnecessarily interfering with the actions and lives of ordinary people. Wherever you now see the balance of power between today's government and we, the people, it's difficult to argue persuasively that we shouldn't be able to take more definite actions to protect our privacy.
And it's not just government that we're trying to keep out of our private affairs.
For example, Lotus and the Equifax credit bureau recently had plans to tabulate, record, and sell the names, annual incomes, and purchasing patterns of some 120 million Americans. Public outcry forced them to reconsider, but how long will it be until such a database is for sale on your local computer retailer's shelf?
Today, the market for encryption software is probably less than $50 million a year, chicken-feed in a computer market amounting to tens of billions annually. But the future looks extremely bright. As computers become involved in more and more everyday tasks, and people recognize the damage potential of computer-compromised security, simple but effective encryption products will almost certainly enjoy much increased demand.
As with laptops, networks, and wireless connections, encryption is a technology whose day will sometime come.
If you compare encryption technology to various forms of insurance, it's easy to see that as their risks and losses increase, consumers will eventually learn the advantages of paying a little extra to prevent catastrophic problems. It's not an easy sell, but there's plenty of precedent for believing it'll gain a great deal of popularity.
One factor holding back the growth of encryption in everyday messsaging is the current inconvenience of most encryption systems. Encoding a message requires at least one extra step for each message passing in each direction.
I've always wondered why this is so. For example, files are automatically encoded on your disk, and on my disk. There's no "A" stamped on the magnetic surface; it's represented by a specific pattern of bits that we all agree will be taken as an "A." So why couldn't the operating system itself encode the "A" on my disk differently from the "A" on your disk, depending on some personal information or choices we entered when we first formatted our drives the day we installed them?
With this approach, no one but me could make any sense out of the files on my drive, no one but you could make any sense out of the files on your drive, and we wouldn't have to do anything extra or different to maintain our privacy.
Of course, this wouldn't solve the problem of exchanging files securely, but that's already been addressed by today's encryption software. It only remains to see these products and technologies more widely included in the email and other file-exchange software we can easily buy and use.
Copyright © 1996 by Robert Moskowitz. All rights reserved.