PGP and Cryptography

“In furtherance of world peace and the security and foreign policy of the United States, the president is authorized to control the import and the export of defense articles and defense services and to provide foreign policy guidance to persons of the United States involved in the export and import of such articles and services.”  –Arms Export Control Act (22 USC Sec.2778)

Sounds pretty harmless right.  After all, it is in the interest of world peace.  But things are not always what they seem, especially in the murky world of federal law.  The provisions in the Arms Export Control Act have been applied to all sorts of exports of cryptographic material, material which most reasonable people would hesitate to call “arms”.

What is cryptography?  Cryptography is literally “secret writing”.  It is the art of encoding or enciphering material such that it is unreadable to anyone except those who have the “key” to decode it.  So what is the US federal government doing restricting the export of complicated locks? This is something many of us fail to understand. After all, locks are used to protect one’s property and who’d think of them as being harmful to world peace?  And we’re not even talking of physical locks here. Cryptography will only encode information, and is information in itself.

The Department of State has however used these laws to restrict the distribution of cryptographic material to foreign nationals, and to an extent attempted to control its application within this country.  The reason we cannot transmit data over computer networks as securely as we would like, with as much ease as we demand is precisely because of laws such as this.  These laws will not permit software authors to implement freely available cryptographic techniques to make transmissions over networks as secure as they can be.  If someone wants true security in transmission they currently have to encode the data manually and then transmit it.  Ideally this should all be done behind the scenes so that the user will not have to be concerned about it.  Precisely because it is such a bother, most users on computer networks do not care to encrypt information they transmit over computer networks.  Quite obviously this means that all e-mail you send, all files you transfer can be read by anyone while in transit.  Why doesn’t the US federal government want you to have access to the best locks available?

But it seems rather silly to ask such a question.  Of course we know why they don’t want your conversations to be secure.  For the exact same reasons that they want you to use a cryptographic system (the clipper chip) to which they always have a back-door, i.e. one that is not completely secure.  It is also why the federal government would like to pass the “wiretap” bill forcing telecommunications companies to invest in producing switching exchanges that will permit federal agents to listen in on your phone calls whenever they want to.  And they want to subsidise the telephone companies as they go about doing this.  what the federal govenrment really wants to do is use your taxes to spy on you.  Sound like big brother yet?

Thankfully there are people who are fighting govenrment regulation and action that will threaten your privacy.  One such individual is Phil Zimmerman.  Phil Zimmerman is the author of PGP (Pretty Good Privacy), an encryption program that is currently imossible to crack.  Phil Zimmerman has made PGP available to the world free of cost for a number of years.  He has been spending large amounts of time further improving this program to provide people all over the country with the degree of privacy that they desire.  Phil sounds like a nice guy doesn’t he?  But the Department of State doesn’t think so.  They’re accusing Phil and a number of other people involved with PGP of exporting munitions outside of the US.  The Department of State considers PGP a threat to “world peace”.  Incidentally the law invoked against Phil (International Traffic in Arms Control Regulations, ITAR) classifies Automatic Teller Machines as “Auxilliary Military Equipment”.  Yes those machines you use to get money from your account at night are considered lethal.

Phil Zimmerman is apparently being prosecuted because software he has written may have found its way outside the country.  This is undeniable; it must have.  After all, “information wants to be free”.  The point is however, that Phil has not been directly involved in any such distribution.  These can only be called “trumped up charges”.  Other questions are raised of course, questions that had been asked during the cold war.  Is it really in the interest of humanity that we hoard our knowledge and force each nation to re-invent the wheel?  Is it not much more desireable that the international academic community share its finding so as to minimize wasteful repetition of research efforts?  The US government doesn’t seem to think so.  The Department of State has turned down requests from academics who wished to post their own work on cryptography on worldwide discussion groups.  On the other hand the US supreme court has upheld the right of a publication to print instructions on constructing a homemade nuclear bomb, we can only hope that the judiciary will display similar judgement and guard our rights when these cases do come to court.  As is to be expected, the department of State has managed to find all sorts of excuses to delay hearings in most of these cases.

But this isn’t all, these laws constitute an infringement of free speech as well.  In it’s “Munitions Control Newsletter, No. 80”, the department of state stated: “The public is reminded that professional and academic presentations and informal discussions, as well as demonstrations of equipment, constituting disclosure of cryptologic technical data are prohibited without the prior approval of this office.”  What this means is that any foreign students at NYU who may have taken a course in advanced algorithm design, and their instructors, may have violated US federal regulation.  Something must be wrong here, after all the first amendment grants us the right to free speech right?

Phil Karn wrote a book on cryptography called “Applied Cryptography” that was distributed within the US with a floppy disk containing some programs that were described (and printed) in the book.  When Karn tried to distribute the book outside the US however, the Department of State did not permit him to sell the floppy disk with the book.  This seemed rather silly because the C code on the disks was printed in the book anyway.  But this tells us something about the federal government’s thinking.  Though the information may be the same, they are apt to treat printed matter and digital data in very different ways.  Why?  Because they can.

The federal government does not wish to stunt the growth of the computer industry, in fact various departments are working towards assisting companies in this sector become more viable in the global market.  The federal government has also for a number of years supported the activities of real defense manufacturers and encouraged the export of advanced weapons to countries all over the world.  Obviously world peace is not as much of a value when we’re considering a government supported company, but world peace is of prime importance when an individual attempts to disseminate information.  But the federal government works in mysterious ways.  What is of great concern however is that those rights which are afforded to the print media are not afforded to digital media.  With a very warped reading of the First amendment, the federal government has managed to convince itself that Computer Mediated Communication is not protected speech, and that it can therefore run rough-shod over the individual’s right to speak on a computer network. This becomes very clear when we understand that it is politically impossible for the federal government to censor the press, but that the populace in general knows so little about the digital medium that laws restricting free speech in a networked environment become non-issues. Yet, as the world becomes networked, or webbed or whatever, all of us will have to rely on computers and telecommunications to accomplish much of our work.  How would you like to have your telephone conversations tapped, or your faxes intercepted and read, or your e-mail opened?  The US govenrment cannot open your surface mail and we must ensure that no-one can read your computereized correspondence either.

We must remember that it was a struggle to pass the First amendment and it will be a struggle to pass a “Telecommunications privacy bill of rights” as well.  The government’s attitude on this is clear, in a letter to the administrators of the acadmeic computer network BITNET, the Commerce department stated that : “You have mentioned that BITNET does not monitor traffic on the network.  It is a non-secure network.” The question of course is non-secure for whom?  Is a netowrk that ensures privacy to its users, non-secure for them?  Of course not.  Is it non-secure for a tyrannical state?  Pirobably.  We must remember that free speech has been a value this country has been founded on.  The Federalist Papers, essays that moulded the future of this country were published anonymously.  If an individual’s right to privacy is not protected, the world will soon be an unbearable place.

Those interested in finding out more about these issues may wish to search the excellent archives maintained by the Electronic Frontier Foundation,  The Phil Zimmerman Legal Defense fund can be found at http://www.netresponse/zldf/.  I maintain a page that contains information related to these issues.

What brave new world we’ve wrought

For a while now, people at NYU have been wondering when we, like students and staff at other universities, would be able to publish our own web pages.  Well the capability has just arrived.  As of September 14, anyone with an NYU-Internet account (one of those ACF IS/IS2 accounts) can publish web pages that would be available to anyone, anywhere inthe world, who is interested in reading them.  Yet what exactly does this mean?  Is this like hiring out a billboard on 42nd street with red and white lights, is it equivalent to having a page to yourself in the telephone directory, or is it like publishing a book?

Writing pages for the web is perhaps analogous to writing a book, yet not exactly, and as we will see, the web might just change the way we look at publishing itself.  The World Wide Web, like the global computer network we call WorldNet affords possibilities that have never existed before. Never has it been as easy to distribute information to people half-way across the globe, it has never been as easy to engage in discourse with individuals whom one has never met.  And for the first time, anyone with the will to do so and a little spare time can become a publisher.  Though these opportunities exist, one is often unaware of what is to be made of them.  How are we supposed to do this, and why?

Some people write web pages to inform, and many other to entertain. Your homepage is often the only chance you will get to describe yourself to people on the Net, this is where you indulge yourself, write about your dog, your ant-farm, maybe even list your CD collection.  A homepage becomes an extension of your person, the place where people who’ve been conversing with you about the relative merits of non-stick frying pans, as opposed to traditional ones, go when they are curious enough to find out more about you.  And this is also the place to tell people what you’re having for lunch.  There are however, other uses for the web. One can use it to promote a personal political cause, make some writing freely accessible or simply provide information that may be of interest to a group of people.  What is astounding about the Web, and Compter Mediated Communication in general, is that individuals can interact on a scale hitherto unknown.  The Web makes it possible for anyone to utilize the same medium the New York Times or NBC would.  Unlike the sort of pre-packaged, processed entertainment and information we have been become accustomed to with the advent of radio and television, the Web provides us with a variety of sources that is in itself astounding.  It is no longer necessary to “believe everything you read in the paper”, or see on television for that matter, you can simply find out from someone who is close enough to know about the details.  And if you have the inclination, you can be the person who informs the Net community about a particular issue.

In a sense this is a move back to the times when people in a particular community actually gathered together every evening to exchange news and  talk about it.  The idea remains the same, but the community has enlarged to embrace a large part of the world.  The standards by which we judge what is worth paying attention to however haven’t changed. Though any web page is ostensibly available to anyone and everyone in the world who has access to the web, it’s unlikely that everyone on the Net is going to visit the page.

Unless, there’s something of interest there.  The web has the power to create a new media, one that is fed by individuals with personal concerns, not by large institutions.  Yet, if this capability is to come into its own every individual has to work towards realizing it.  The competition has never been fiercer yet never has the market for information been as open.  The probability that the web may become another distribution network for packaged media runs very high.  We only have a commercial media today because the costs of providing accurate information have always been very high (and will remain high for the forseeable future), this is especially true of the news media.  “The Press” has evolved because it is virtually impossible for individuals to provide the sort of coverage the press can without formalizing the relationship between the consumer and the producer.  Yet this is just the tip of the iceberg. After the large newspapers, wire services and cable networks come the fringe media.  A mosaic of ‘zines, pamphletes, newsletters and grafitti this discourse is sustained by a community of “information providers” who can touch upon topics that the increasingly national and international media cannot.  It is this group of people, call them activists, idealists, or even fetishists if you will, who will dress the web in its finest.  Yet this will hardly happen if we fail to provide the thread out of which this quilt is woven, or the eyes with which to appreciate the dedication of the maker.  The web is perhaps the closest analogy we have for the sum total of human knowledge (the only problem is that the majority of material on the web is in English).  We have in the web a continuously evolving structure of closely/loosely bound documents that are being revised by many people at the same time, that create a space for us to exchange ideas and thoughts.  The web contains both the ephemeral (individual discussion and maybe even IRC), the semi permanent records of our interests (web documents) and even a little of the virtually permanent (the classic web documents that will remain as reminders of what was).  This is nothing but an outline for the sort of interaction that has been occuring amongst individuals for aeons in one guise or another.  The only way to assure that the web evolves into such an entity is to place your own mind up there to be seen and wondered at.  This has always been true for writers and speakers who could make their views known to the world, and it is now potentially true for everyone.

Almost everyone has a cause, a concern, something they like talking about. If you’ve never been able to find a forum to discuss these issues in, or a place to go to find out the latest on this topic, the web might be the place for you.  If you can’t find a page on a particular topic, make one yourself, register it at the “web catalogues” and watch a community build itself around you.  The greatest service any member of the WorldNet community can render to others is to provide information of this sort, whether it is a political issue, something to do with entertainment or just life in general.  This is after all exactly what we’d been promised the Net would do for us, create an environment within which we could find expression for those selves within us that had never before been exposed
to the world.

[originally published in the Washington Square News]