• PC World
• »Tech Industry

Advocates for the free availability of encryption technology are on the defensive as U.S. lawmakers raise questions about the future of the technology in the aftermath of last week's terrorist attacks.

Some observers suggest that plotters of the attacks may have used encrypted Internet communication to evade law enforcement detection. U.S. Senator Judd Gregg, Democrat of New Hampshire, raised some hackles among encryption advocates with comments in the Senate last week suggesting legal limits on encryption.

"We have electronic intelligence of immense capability. It needs to be improved, especially in the area of encryption," Gregg says in remarks published in Wednesday's Congressional Record.

His remarks were widely interpreted to mean that law enforcement should be granted back-door access to encryption technology, such as the e-mail scrambling program Pretty Good Privacy, developed by PGP Security, a division of Network Associates.

Bye-Bye Privacy?

"We've already seen government proposals for increased wiretapping capabilities and renewed rhetoric about encryption limitations," writes privacy advocate Bruce Schneier, founder of Counterpane Internet Security and publisher of the Crypto-Gram newsletter.

"I fully expect more automatic surveillance of ordinary citizens, limits on information flow and digital-security technologies, and general xenophobia . . . If our freedoms erode because of those attacks, then the terrorists have won," he writes in his latest newsletter.

But aides insist Gregg is calling for voluntary cooperation from encryption companies, not for new legislation.

"He does not legislatively desire a moratorium. He does want some cooperation, as needed under search and seizure laws and with a court order. But he does not support a complete ban," says Gregg spokesman Brian Hart.

Terrorists Using Encryption?

It's possible that suspected terrorist mastermind Osama bin Laden has used some sort of encryption technology to evade monitoring, says James Bamford, the author of two books on the U.S. National Security Agency, which conducts electronic espionage.

"In the past, NSA had been able to eavesdrop on bin Laden's communications; they were listening in on him fairly regularly, and all of a sudden they lost him about a year ago. They suspect it's because he's changed his technology," Bamford says.

NSA director General Mike Hayden warned last February that bin Laden had access to more sophisticated technology than did the agency.

"Osama bin Laden has at his disposal the wealth of a $3-trillion-a-year telecommunications industry that he can rely on," Hayden told the TV news program 60 Minutes II.

"We are behind the curve in keeping up with the global telecommunications revolution," he says.

However, Bamford says terrorists can easily elude surveillance without using encryption technology.

"I think he's mostly using methods that are not susceptible to eavesdropping--using couriers, hiding things in the Internet--not the standard telephone calls," he says.

Hiding in Site

"There are so many easy, less visible ways of transmitting information across the Web; one can bury things within news groups, bury things on Web sites," says Peter Sommer, a senior fellow at the Computer Security Research Centre at the London School of Economics.

"From a terrorist point of view, the fact that you are using encryption at all will draw attention to you . . . but the reality is that your dedicated terrorist can get his message across the Internet without using particularly sophisticated technology."

Sommer cautions against precipitous legislation, along the lines of the United Kingdom's Regulation of Investigatory Powers Act, which empowers government officials to demand encryption keys to any and all data communications, on pain of penalties of up to two years in prison.

"The mistake that was made in the United Kingdom was that law enforcement was allowed too free a rein in terms of the framing of legislation," Sommer says.

Overzealous limitations on encryption could pose problems for electronic commerce, which relies on encryption for identification and secure payment procedures, he adds.

"Yes, there's a possibility that your terrorists are going to use it, but there is a certainty that you are going to incur considerable economic costs," he says.

• See more like this:
• encryption,
• terrorist,
• PGP,
• strike