Cryptographic Abundance ::: Anybody remember Pretty Good Privacy back in ’94 and ’95? I was a volunteer law clerk for the Electronic Frontier Foundation (aka EFF) at the time, working on the Bernstein case. I was amazed that (a) crypto was available for free that was allegedly “crack-proof”, and (b) more people weren’t using it.
It was considered such a threat by the U.S. government, that it prohibited a math professor from “exporting” encryption software he wrote. (His “export” consisted of simply posting the software on a Usenet newsgroup.)
Today, the rules have changed. An article in today’s Salon titled “The encrypted jihad” looks at the recent history of U.S. export control restrictions, and points out that the Clinton administration relaxed the export control restrictions – to a point where many terrorists today can use sophisticated technology to protect their communications from other eyes.
It all comes down to how private you want to be. What the first article points out is that privacy is possible today – with just a little effort from any computer user. But it’s a bit sad that today the only groups reliably using crypto are those who seek to exploit our freedoms to take them away.
Ironically enough, much of the same base technology that makes crypto so useful can be used to uniquely identify people… which could ultimately be the hook that the government uses to try and ferret out some of the individuals illegally in the country, waiting in the wings to be part of the sequel to September 11. More on digital fingerprints later.
One last thought: there’s a comment in the Salon article that irks me:
Americans have, after all, now come to accept that they will have to compromise on issues like privacy or economic growth in favor of increased security.
Is this really true? Are we all willing to give up such basic freedoms in pursuit of a “security” that’s only in place until the next threat comes along? Where do we draw the line? Just because the bad guys use the technology doesn’t mean that we should give up our own right to use it.
What about you? Do you use any cryptographic products to secure your own communications? Why or why not?