One in five adults in this country now regularly communicates and shops electronically. Vast quantities of confidential and sensitive information are stored in computers. They’re also transferred electronically – via the Internet – from individuals to banks, businesses and hospitals.
And the government wants to be able to read all of it.
The computer industry has developed a technology called “encryption” which scrambles electronic information so it can’t be easily read by prying eyes.
Citing the dangers of internet crime and terrorism, the federal government also wants the tools to crack each individual’s encryption code. But millions of innocent people shouldn’t have their own privacy put at risk just so the government can listen for the guilty few.
Everyone who uses a phone – especially a cordless or cellular one – already uses encryption. However, the government-approved encryption programs are so weak they’ve already been broken. So, our privacy is already in jeopardy, everyday.
The government should stay out of our private lives – and that applies to computers, phones and the Internet, too.
THE ENVELOPE, PLEASE
You wouldn’t write information you wanted to keep private on a post card. Think of encryption as a digital envelope, protecting your e-mail, credit card numbers and medical information from being read by strangers during electronic transactions. (See box.)
Privacy, anonymity and security in the digital world depend on encryption.
Banks, brokers and other financial organizations transfer billions of dollars electronically every day. Doctors regularly send confidential patient records from labs to hospitals and insurance companies. And human rights workers around the globe want to protect their information sources from harassment and retaliation.
Encryption techniques scramble sensitive information so that it can only be read with a key code – a passkey that unlocks the scrambled electronic data. Encryption techniques can also be used to create unique “digital signatures” that verify the real identity of the sender and are at heart of secure electronic commerce.
Just as you wouldn’t give the President your automatic bank card’s PIN code, you wouldn’t want the government to snoop on your stored information or communications. Yet the President is pushing for a key recovery system that requires encryption users to deposit their key codes with “key recovery agents.” The agents would then be required to turn the codes over to the government under a wide range of circumstances and without your knowledge.
NONE OF YOUR BUSINESS
Even though it may seem instantaneous, an e-mail message travels from your computer to several computer hosts across the globe before finally getting to its destination.
At each of those stopping points, it could be intercepted and read by anyone who has access to those intermediary computer hosts.
Encryption protects against these intrusions.
OUR MARKET, OURSELVES
The government has succeeded in limiting the distribution of encryption technology by classifying stronger codes as “munitions,” making it very difficult to export them to other countries. Since the U.S. companies that produce encryption software don’t want to absorb the cost of creating two versions – one for domestic sale, and one for foreign – only weak encryption is widely distributed in this country. Like see-through envelopes, these codes do a poor job of protecting privacy.
The Clinton Administration has proposed rules that would allow for the export of strong encryption, but only if tied to a key recovery scheme. This anti-cryptography policy has been rejected by the international community. In fact, the 24 large industrial nations belonging to the Organization for Economic Cooperation and Development have rejected Clinton’s effort to impose an international key recovery program. And even our own National Research Council supports stronger encryption as an absolutely necessary measure in combatting computer crime.
The ACLU believes that government control of cryptography code keys is unconstitutional, and the courts are beginning to agree.
- Free speech. In one recent case, a computer scholar wrote a new encryption program but when he submitted it for export approval, he was told that not only was his code a “munition,” but even a paper he wrote about it could not be sent abroad. A federal court disagreed, ruling that encryption is a form of speech protected by the First Amendment.
- Compelled speech. If encryption is speech, then being required to give your key code to the government is a form of forced, or compelled, speech – also prohibited by the First Amendment.
- Academic freedom. Classifying encryption technology as a form of munitions compromises academic freedom, since academics must refrain from discussing their work with foreigners (considered exportation), and American instructors are afraid to teach encryption technology to foreign students – even in their stateside classrooms.
- Search and seizure. The Fourth Amendment protects people from unreasonable searches and seizures. A blanket requirement that all individuals, whether or not they are suspected of criminal activities, turn over their encryption keys to the government, or its licensed agents, is an unconstitutional seizure.
The government should foster privacy protection through encryption technology – not demand the keys to our telephone, computer and online privacy.
Resources: E. Hendricks et al., Your Right to Privacy, ACLU Handbook, 1990. The Electronic Privacy Information Center provides valuable cryptography information. Its website is: http://www.epic.org/crypto/. The Internet Privacy Coalition supports encryption to protect privacy. Its website is http://www.privacy.org/ipc/. The Global Internet Liberty Campaign, an international coalition supporting privacy and free speech online, is at http://gilc.org/. Privacy Times, available in some libraries, is a twice-a-month newsletter covering developments in privacy and access to information; its website is http://www.privacy.times.com. Privacy Journal is a monthly newsletter on privacy, and is also available in some libraries or through e-mail at firstname.lastname@example.org.
WHAT WE ARE DOING
The ever-expanding communications platforms of our information age provide exciting, convenient and cost-effective means of communication. Unfortunately, new technology necessitates new vigilance if we are to hold back government attempts to overstep individual privacy and free speech.
This is why the ACLU is actively engaged in many efforts to restrict government’s attempts to access private communications through imposed controls on encryption technology. We actively support bills in Congress that would eliminate unconstitutional restrictions on the developing encryption industry.
We are a founding member of the Global Internet Liberty Campaign (GILC), an international coalition of organizations dedicated to protecting freedom of speech and the right to privacy in cyberspace. GILC advocates allowing online users to encrypt their communications and information without restriction. (See “Resources” inside for info.)
We participate in litigation supporting the principle that encryption is a form of speech protected by the First Amendment. And the courts have begun to agree with our point of view: In December 1996, a federal judge ruled in favor of an Illinois math professor who was prevented from publishing his encryption codes on the Internet. And in June, 1997 in Reno v. ACLU, the Supreme Court ruled that online speech is entitled to the same First Amendment protection as printed speech.
We undertake a great deal of public education – media work, publications and our website – to inform people about privacy and encryption.
WHAT YOU CAN DO
Support “Pro-CODE” (Promotion of Commerce in the Digital Era, S.377), a bill introduced by Sen. Conrad Burns (R-Mont). If passed, the bill would relax export controls now being used to prevent the development of effective encryption technology. A similar bill, called the “SAFE Act” (Security and Freedom Through Encryption, H.R. 695), was introduced by Rep. Bob Goodlatte (R-Va) and has been moving through the House.
Oppose all bills that would limit the right to use or export encryption without being forced to keep keys elsewhere, including S. 909 introduced by Senators John McCain (R-AZ) and Bob Kerrey (D-NE), or that would set in place the structure to limit such privacy protection in the future, such as S. 376 introduced by Senator Patrick Leahy (D-VT).
The “ACLU in Congress” section of our website contains an Action Alert on this issue, allowing you to send a free fax to your members of Congress. Reach our website at http://archive.aclu.org
Write us for a Take Back Your Data Info Kit!
ACLU Take Back Your Data Campaign
125 Broad Street, New York, NY 10004
Every month, you'll receive regular roundups of the most important civil rights and civil liberties developments. Remember: a well-informed citizenry is the best defense against tyranny.