Monday, Oct. 14, 1996

BIG BROTHER VS. CYPHERPUNKS

By JOSHUA QUITTNER

For more than three years, the White House and the U.S. computer industry have sat locked, eyeball to eyeball, in a seemingly intractable face-off over who will control the secret codes that protect our most sensitive communications. The government claimed to be working to protect us from nuke-carrying terrorists; the computer industry said it was championing the individual's right to privacy. Neither was telling the whole truth.

Last week, in a concession to Silicon Valley, the Administration blinked--or perhaps it merely winked. Fittingly, in the arcane world of code making and breaking, it's difficult to ferret out who's doing what to whom. And why.

A few things are incontrovertible. Vice President Al Gore announced the new encryption initiative at midweek, timed to coincide with support from an alliance of high-tech businesses that included such hardware heavyweights as IBM, Sun Microsystems and Hewlett-Packard. However, most of the big software makers--and every civil liberties group--still opposed it.

At the core of the initiative is a new code-making scheme known as "key recovery." Here at last, the government and its supporters claimed, was a way to get around the more noxious aspects of the reviled Clipper chip, the Administration's first doomed attempt to balance the industry's call for stronger encryption with law enforcement's need to surveil our shadier citizens. Clipper, as proposed, would use a powerful encryption formula to encode communications sent over telephones and computer networks but would require that a "back door" key be built into each chip that would give police--where warranted, of course--a means to eavesdrop.

Nobody--especially foreign companies--liked the idea of the U.S. and its agents holding those keys. The new key-recovery proposal tries to get around that objection by chopping the keys into several pieces and storing them with "trusted agents" of the user's choosing. Some nice Swiss banks, perhaps.

But the Administration's plan still falls short of what civil libertarians, and especially a vocal group of cryptoextremists who call themselves cypherpunks, say they need: encryption powerful enough to give back to the citizenry the right to absolute privacy, which we have lost in the information age. According to the cypherpunks, the so-called 56-bit code the Administration has okayed for export can be cracked by the National Security Agency's supercomputers in a matter of hours.

Are they right? It's hard to know whom to believe in this cloak-and-dagger debate. Civil libertarians tend to gloss over the fact that the world is full of bad people with crimes to hide. The software industry--which makes 48% of its profit overseas--is clearly less concerned with privacy than with losing foreign sales. And it may be no accident that the Administration chose to start making concessions the same week an influential software CEO--Netscape's Jim Barksdale--excoriated Clinton's cryptopolicy and endorsed Bob Dole.

The issue is too complex--and too important--for political gamesmanship. It will never get sorted out until somebody starts playing it straight.

Read the Netly News daily at netlynews.com on the World Wide Web