NetWorld! What People Are Really Doing on the Internet and What It Means to You - David H. Rothman

We see a serious need for crypto to protect client records regarding their telephone systems and computer networks, to protect our internal company memos sent via e-mail, and to protect strategic business information sent via e-mail. We figure that a misrouted piece of client data is a potentially serious liability issue, and a misrouted sales proposal or similar business document is like leaving a credit card on a park bench. Due diligence, fiscal responsibility, and all that. The big plus is simply that we will be able to confidently move a lot more of our business online, which will make a huge difference to us. More efficient handling of client requests, more efficient internal discussions, and more effective communication with investors. In particular I do a lot of strategic business planning online, and it always bugs me in the back of my mind—‘What happens if this gets lost on the Internet?’ In one sense good crypto is like a good business dinner. It facilitates[facilitates] the flow of ideas in a relaxed atmosphere.

At the same time, needless to say, PGP could improve the flow of political ideas. In 1993 Boris Yeltsin had been at odds with foes nostalgic for the old Soviet state. “If a dictatorship takes over Russia,” a message from Latvia had told Zimmermann, “your PGP is widespread from the Baltic to the Far East now and will help democratic people if necessary. Thanks.”[^[6.30]] In Burma rebels used PGP against an oppressive regime. A writer in Thailand said that before PGP reached them, captured papers had “resulted directly in arrest, including whole families, and their torture and death.” Activists in El Salvador and Guatemala also relied on the program. “In this business, lots of people have been killed,” said Daniel Salcedo, a member of the Human Rights Project of the American Association for the Advancement of Science.[^[6.31]] David Banisar of the Electronic Privacy Information Center told me of PGP being used in Kenya, Mali, Senegal, Egypt, and Mali[Mali], among other countries.

“Wire tapping is conducted in nearly every country in the world,” Banisar wrote in a paper with the marvelous title of “Bug Off!” “It is frequently abused.” A 1992 State Department report, for example, told of governments and private organizations snooping away in dozens of countries. And it hadn’t happened just in the Third World. “There have been numerous cases in the United Kingdom which revealed that the British intelligence services monitor social activists, labor unions, and civil liberties groups,” Banisar said in a paper written for Privacy International.[^[6.32]] What’s more, the Canadian Communications Security Establishment had shelled out more than $1.1 million to scan through millions of messages and pick out dangerous words and phrases.[^[6.33]] Would the CCSE abuse the system and routinely compile dossiers on law-respecting people? And what about the FBI here in the States? Many Netfolks took it for granted that Louis Freeh’s people were keeping up with Usenet.

“The FBI has the ability to police the Internet and, indeed, has been doing so,” David Nadler and Kendrick Fong, two tech-oriented lawyers, would write later on in Computer Digest: The Journal of Professional Development for the Washington-Baltimore Technology Community. “In fact, the FBI has been collecting Usenet postings since the late 1980s.”

A formulaic condemnation of all FBI monitoring, however, would be unfair. I could hardly object to the Feds reading the public messages of egotistical nuts with a clear-cut predilection for violence. What better reason not to censor Usenet and any audio and video equivalents that might follow? Let the kooks rant away, hour after hour, educating Louis Freeh about their plans. Usenet wasn’t anyone’s living room. Posting messages there was like publishing a book or speaking in a town square. Via the free Stanford Netnews Filtering Service, I could receive electronic mail messages whenever a specified word showed up in a major area of Usenet. Yes, I could track people by name. I could also choose words associated with a topic. That was the magic of the Net; it gave us small-fry many of the same tools available to the intelligence bureaucracies. The same kind of wizardry that might let Canadian cops snoop on citizens could allow me to track the utterances of Al Gore on the subject, say, of the Internet.

One technology, however, may have bureaucrats more uncomfortable than any other—encryption. A U.S. database expert named Patrick Ball found this out the hard way when he was in Ethiopia to help the Office of the Special Prosecutor. Ball efficiently helped build a database of crimes that had occurred under the regime of Mengistu Haile Mariam. He was accomplishing plenty. Then a bureaucratic rival started a turf war with him. The man falsely claimed that Ball had been using PGP for secret correspondence, probably with the CIA, even though the truth was a little more mundane. Ball hadn’t used PGP for anything but test messages; the people at the other end lacked the technical skills. But the rival didn’t know. He confused PGP with uuencoding[uuencoding]—a way to prepare programs for accurate transmission via e-mail—and unfortunately the chief special prosecutor believed Ball’s accuser and forced the database expert to resign.

So often that was the case with police: They displayed a mix of fear and ignorance. And they were not totally wrong to be worried. One computer expert predicted that in the next few years criminals would routinely use electronic scrambling. “This could signal the end of computer forensics,” said William Spernow, “before it even gets off the ground.” A criminal relied on a double set of books, employing PGP to conceal the accurate one, and dope-peddlers in Miami used encryption.[^[6.34]]

Not only that, just as I was writing part of this chapter, the newspapers told how terrorists in Japan had killed 10 people and injured about 5,500 by spreading nerve gas in a Tokyo subway station. Wouldn’t restrictions on encryption make such acts harder to commit with impunity?

Strong counterarguments existed, however, against the jackbooters who would ban strong encryption or impose the Clipper variety on us. I would rather that nations not spy on each other. But I fully recall the naiveté of the past, the fantasy that “gentlemen do not open other gentlemen’s mail”; whether we liked it or not, espionage and counterespionage would always go on. In that spirit, instead of wasting money on Clipperish schemes, countries could spend money developing more powerful computers to crack encryption, and they could also refine the unscrambling techniques. That would not be cheap. But since bad guys wouldn’t let Clipper or successors be the apex of technology, the United States hadn’t any other choice. Other countries might feel otherwise. Bureaucrats just couldn’t contain technology. Clipperish schemes would be brainless in any country.

As one alternative, governments could rely more heavily on open sources—for example, newspapers and other media outlets, especially those online. The more journalists out there, and the more independent they were, the harder it would be for nations to keep secrets and conspire against each other. The United States and friends had the most selfish of reasons for encouraging the spread of the free press.