Public Key Encryption & Pretty Good Privacy ---------------------------------------------------------------------------- You may distribute the text of this article freely, but I would appreciate knowing about anything interesting that you do with them. Tom Maddox tmaddox@well.sf.ca.us ---------------------------------------------------------------------------- Tom Maddox As I discussed in my most recent column ("Fear, Freedom, & the Singapore Question," Locus, June, 1994), the Federal government is mounting a concerted attack on our civil liberties. The attack comes in two forms: the Clipper Chip, which I discussed at some length in that article, and the FBI's "digital telephony" initiative. In this column, I want to make clear the implications of the FBI's proposal and, probably more importantly, explain the limited but significant means every citizen has to combat any such intrusions into their private affairs. The FBI's immediate concern is that our phone systems worldwide are changing from analog systems to digital systems. Analog systems are easily tapped: you stick alligator clips onto the wires anywhere along them, and any conversation taking place can be heard. Tap into a digital system, on the other hand, and you get nothing but a blooming, buzzing confusion: the sound of bits of digitally encoded information passing through the channel. To police agencies everywhere, this means that the (brief) era of the tappable phone system could be ending, and they don't much like it. Civil liberties groups claim the FBI has no inalienable right to tap our phones; law enforcement groups that they must have this capability--constitutionally administered, with appropriate judicial oversight--in order to do their jobs effectively. Which brings up, once again, what I have called the Singapore Question: how much chaos are you willing to endure in the name of liberty? or how much liberty are you willing to forfeit in order to secure a more orderly society? I believe the answers we give to this question tell much about who we are and what we're interested in. For instance, the FBI has particular mandates with regard to social order; it is the closest thing we have to a national police force. Those who work in the agency see in the United States too much chaos, too much irrational exercise of liberty--in general, too much crime--and they want to have more weapons to combat it, not fewer. I understand their position and respect it. We cannot expect them to defend individual liberties except insofar as they are required to do so by the U. S. Constitution. We also cannot expect the A.C.L.U. to catch bank robbers. So the FBI wants to introduce legislation requiring that all digital telephone systems have tapping capabilities built in. They even want consumers to pay the cost. And here, I confess, my mind boggled the first time I heard this proposal. After all, why stop there? Why not require all homes to have built in surveillance cameras (given that the FBI could insure us such cameras would not be used without a proper court order)? The FBI also apparently wants access to data about particular telephone communications in addition to their content. This latter capability was one of the main topics addressed in a letter to Louis Freeh, Director of the FBI by the Digital Privacy and Security Working Group. The FBI apparently feels that they can ask for "call setup information," the telephone systems' data about every phone call we make. The DPSWG--to create an unpronounceable, or at least unlikely, acronym-- said in their letter to Mr. Freeh: In the era of personal communications services ("PCS") and of the information highway, transactional data will reveal far more about individuals than it has in the past. In fact, in some cases it may be equivalent to content information. This transactional data certainly could make it possible to build a detailed model of an individual's behavior and movements. The net result could be government dictating to industry that it create a surveillance-based system that will allow federal, state, and local government to use a service provider's electronic communication facilities to conduct minute-by-minute surveillance of individuals. In short, the FBI is reaching not only for powers it currently has but also for powers that far exceed any it currently possesses. I would suggest that, regardless of whether the FBI backs down on either of these issues-- digital telephony in general or call setup information--this situation shows us clearly what the future will bring with regard to privacy. The combination of widespread computer networks, intelligent agents, increases in processing power, and more effective modeling of individual behavior will result in the potential for far more productive and total surveillance than any law enforcement agency could now achieve. At the same time, developing technologies always threaten to outrun established practices--for instance, by rendering alligator clips and headphones obsolete as telephone tapping devices. In summary, then, technology as it is used has no special propensity to help the proponents of police authority or individual freedom. (There is a moral here for writers or would-be writers of science fiction, which is that simplistic treatments of these matters will likely be false--not fictive but untrue.) Given this situation--developing technologies with unclear social consequences and government agencies and branches attempting to serve their own needs--what can mere citizens do? Alas, we cannot expect that elected officials or the judiciary they appoint will defend individual liberties. The Clinton Administration's attempts to institute the Clipper standard provide a cautionary instance of what governments--even purportedly enlightened and liberal ones--will do to further what they regard as their best interests. Thus, I believe we must look to whatever means we can use as individuals to secure individual privacy no matter what the outcomes of the various governmental attempts to forward proposals such as Clipper and the FBI's Digital Telephony Act. Currently the most effective weapon I know of, though its uses are largely symbolic--a topic I will discuss below--is a form of encryption called public key encryption, most generally available as a program named Pretty Good Privacy. In general, encryption is a topic we might think of slight interest or general utility-- something that spies, some mathematicians, and some hobbyists might find enthralling, but nothing that a regular citizen would need to know anything about. However, in the late 20th century, these commonplace assumptions aren't true. Encryption almost certainly represents the individual's last line of defense against government snooping. Be that as it may, until quite recently encryption remained, for practical reasons, too difficult for the non-technical public to use in any effective way. To create a sophisticated "key," a particular way of encrypting a specific document, required laborious arithmetic if nothing else. And to transmit a message securely required a secure channel for the key--which the receiver of the message needs to decrypt the message, that is, to put it back into decoded, readable form. Vast governmental resources were used to accomplish these tasks. With the wide spread of powerful computers (such as that MSDOS machine or Mac sitting on your desk) and the discovery of public key encryption, this all has changed. The computers made possible software that can take care of all the dirty work of encryption, and public key encryption made possible the seemingly impossible: using it, you can transmit a secure message over an insecure channel. Public key encryption works this way: instead of having one key for encrypting and decrypting a message, you have a public key used to encrypt it and a private key, which only you possess and never transmit to anyone else, to decrypt it. If you wish to send a secure message to someone, you obtain a copy of that person's public key through any channel, including so-called "public key servers," computer databases that exist simply to make these keys available; using that, you encrypt the message and send it off to the recipient, again by any channel. Using the private key that only he or she possesses, the recipient decrypts the message. To send a message in reply, the recipient encrypts it with your public key and sends it, and you decrypt it with the private key that only you possess. Stunning: which is why David Kahn, author of The Codebreakers, the standard popular history of cryptography, regards public key cryptography as the biggest breakthrough in this realm since the Renaissance. One no longer needs scrambled lines, one-time pads, or secret agents with the plans for the X-13 in their teeth in order to conduct secure communications--secure from anyone, including the NSA and its supercomputers (there are technical issues here that make this statement practically true though perhaps theoretically untrue--those interested can follow Usenet discussions on newsgroups such as sci.crypt and alt.security.pgp for the details. Public key encryption is the theoretical method; PGP (Pretty Good Privacy) is the most widely available implementation of the theory, written by Phil Zimmerman and made available as free software in 1991. (A company called Rsaref wrote and marketed a commercial version and has consistently claimed that PGP is in violation of their copyright; this dispute, which has made the adoption of widespread public key encryption very difficult, has apparently been resolved through the mediation of a group at MIT that has released a free version of PGP endorsed by Zimmerman and Rsaref.) Among popularly used computers, it works on MSDOS and Windows, OS/2, Macintosh, Amiga,Atari ST, Vax/VMS, and Unix machines. It is freely available at a number of Internet sites. The PGP FAQ, which goes into some detail about general issues and availability, can be found in the Usenet newsgroup alt.security.pgp. The point is this: PGP works, it probably works for the computer you use, and you can have it free. Using PGP, you can both encrypt and sign messages so that they are secure from anyone except their intended recipient and they contain a cryptographic guarantee that they come from you and no one else. This is a powerful technology, widely available--I am reminded of the scene at the end of Alfred Bester's The Stars My Destination, where Gully Foyle strews PyRE, an immensely powerful explosive that can be detonated by thought alone, to the masses. Unfortunately, using PGP requires coming to terms in rudimentary fashion with the ideas I've been discussing (in my own rudimentary fashion), and this is beyond most people's interests or capabilities. Most people who use computers don't want to acquire even a surface-level technical expertise in cryptography, and so they simply won't be bothered to use PGP. Further, the social context at present militates against widespread PGP use. People don't expect to be sent encrypted messages or to be required to send them. Many people even regard the existence of an encrypted text as proof that the sender and/or receiver have something to hide. Finally, using PGP is a bit of a pain in the butt. The documentation is confusing, the command structure likewise, and for the Macintosh, as an example, the program feels awkward. Using it, I'm never quite sure that I've done the right thing. Typically, then, PGP is extremely restricted in practical application. Its users tend to be techies, cryptography buffs, paranoids, professional civil libertarians, and other enemies of the state (just kidding--few enemies of the state appear to know about PGP; though enemies of what they refer to as statism, Randroids and the like, are another matter). Nonetheless, PGP has enormous symbolic importance. If I or you must, we can encrypt our communications. We can defy the NSA, CIA, FBI, or anyone else who wishes to have access to our private matters, and there's not, at this point, a hell of a lot they can do about it. In this context, governmental tactics such as the Clinton Administration's Clipper initiative look more subtly sinister. As proposed, Clipper would not outlaw PGP; it would simply make PGP irrelevant by creating a social context where no one bothers to use PGP or any other encryption method that the government hasn't sanctioned. As several people have remarked, the simplest way to accomplish this is to require Clipper as a prerequisite to doing business with the Federal Government. ======================================================================= This document is from the WELL gopher server: gopher://gopher.well.com Questions and comments to: gopher@well.com .