We can't stop terrorists from using uncrackable codes. So we shouldn't even try.
Here’s a tip for Treasury Department agents tracking al-Qaida’s finances: You might want to pay a visit to the volume discount department at Dell Computer. Al-Qaida, it seems, has been an avid consumer of computers over the last several years, and is especially fond of laptops. It isn’t hard to understand why. With his hectic, on-the-go lifestyle, no self-respecting terrorist can function without a computer that fits comfortably on an airplane tray table. Alleged “20th hijacker” Zacarias Moussaoui, for instance, used his to research crop dusters, quite possibly in preparation for a biological attack on a densely populated American city. Ramsi Yousef used a laptop he accidentally left in a Manila apartment to plan his extensive itinerary, which included assassinating the pope in the Philippines, attacking an Israeli Embassy in Thailand, and bombing the World Trade Center in 1993.
It’s not surprising, then, that the seizure of computers has become a primary goal for U.S. soldiers scouring Afghan caves and ambushing Taliban and al-Qaida operatives. Ironically, though, winning possession of this equipment on the battlefield may be the easy part; terrorists today have the capacity to protect data with encryption schemes that not even America’s high-tech big guns can crack. The number of possible keys in the new 256-bit Advanced Encryption Standard (AES), for example, is 1 followed by 77 zeros — a figure comparable to the total number of atoms in the universe.
Luckily, not all encryption is hopelessly secure. Ramsi Yousef was careless in protecting the password to his encrypted files, giving the FBI relatively easy access to their contents. It took the Wall Street Journal only days to decrypt files on two Al-Qaida computers that used a weak version of the Windows 2000 AES cipher in Afghanistan. The U.S. cannot, however, count on such carelessness indefinitely.
But recent changes in U.S. policy have actually reduced restrictions on the spread of sophisticated encryption. In January 2000, for instance, the Clinton administration ruled that “retail products” that undergo a one-time, 30-day government review can be exported to nearly all countries (with the exception of Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria) without any government licensing requirement. Revisions published later that year relaxed even these limitations for products exported to the 15 nations of the European Union and several of their major trading partners. The practical effect of these reforms has been that the industrial-strength Windows 2000 128-bit High Encryption Pack is now freely available over the Internet to anyone, including Hamburg residents such as presumed Sept. 11 ringleader Mohammed Atta.
Since Sept. 11, some commentators and lawmakers have suggested that the U.S. reverse itself once again, and redouble efforts to control encryption. On the surface, this sentiment is understandable — it is difficult to argue against any moves that may prevent future terrorist attacks on the scale of the WTC disaster. This position is, however, dead wrong.
Quite simply, the U.S. regime of strict encryption controls didn’t make sense before Sept. 11, and it doesn’t make sense now. The starkest illustration of this reasoning is the case study of Israel, which is simultaneously a leader in encryption product exports and a major focus of terrorist attacks.
Before President Clinton’s 2000 reforms, proponents of encryption export controls were besieged from all sides: on the left and right flanks privacy advocates argued that strong encryption is vital to protecting individual liberty against government intrusion. First Amendment devotees launched a frontal attack in the courts, claiming that encryption code was essentially speech. Most effective, however, was the carpet bombing of lobbyists and campaign contributions from the software industry — the Microsofts, IBMs and Suns of the world — who argued that export controls simply drove customers seeking secure products to companies in other countries — such as Israel. These companies estimated their losses in billions of dollars, and noted the costs to workers as well; even domestic companies were hiring independent overseas software developers to create encryption products.
Though their agendas differed, the above parties were united in their claims that the government’s policy stood little chance of significantly controlling criminal use of encryption. First, they noted that producing encryption algorithms takes few resources beyond advanced mathematical training. In fact, sometimes even these skills are not necessary; in early 1999 a 16-year-old Irish high school student named Sarah Flannery developed a new data-encryption algorithm that was 22 times faster than the popular RSA algorithm used in many business transactions today.
Second, reform advocates stressed that there is no practical way to keep encryption within or without the confines of physical borders. For instance, anyone can purchase a copy of the encryption program Crypto II on the streets of Moscow for $5, and then e-mail it to a friend in New York.
Third, legal controls on encryption will bind only those who decide to follow the law. Terrorists who are willing to fly a jet into the side of a building will have no qualms about breaking laws against illegal encryption. Finally, encryption advocates claim that government control stifles development of the strong encryption we need to protect computer networks from attacks by hackers and other criminals, and to secure our systems for air traffic control, electrical distribution, financial markets and telecommunications.
But hasn’t Sept. 11 changed the equation? Americans have, after all, now come to accept that they will have to compromise on issues like privacy or economic growth in favor of increased security.
It is specifically in the aftermath of this trauma that where it becomes instructive to look at the policy of Israel, a country defined by its obsession with security. The Israeli predicament is essentially a starker version of that of the U.S. On the one hand, Israel has faced six wars in its first 50 years, and confronts terrorist shootings and suicide bombings virtually every week. Both the Israeli army and the FBI have confirmed that Hamas and other Islamic militants regularly use the Internet to transmit encrypted instructions for terrorist attacks — including maps, photographs, directions, codes and technical details about how to use bombs. On the other hand, Israel’s economy is among the most reliant in the world on high technology exports. In fact, the share of Israel’s information technology exports as a percentage of services exports is surpassed only by Japan. All of this has helped earn a country with few natural resources other than potash a per capita GDP of $17,500 — higher than that of several members of the European Union.
In this context it is significant that in 1998 Israel, too, revised its rather draconian encryption laws, granting regulators a great deal of flexibility to permit the export of strong encryption products — including a “free means” category for which all license requirements are waived. These changes were prefaced by a government report that noted the futility of limiting “the use of means that can be freely obtained from many public sources,” and said that the law should permit Israeli companies to develop and export “competitive products that can be marketed in most of the world’s countries as off-the-shelf products.” In fact, even before the 1998 liberalization, flexible enforcement had allowed Israeli companies such as Checkpoint Software to dominate the network security field.
The lesson from the Israelis is not how to control terror — they don’t seem to have better answers than anyone else — but rather how to live with it and continue to function with as little social and economic disruption as possible. If, as President Bush tells us, we’re in this war for the long haul, we simply cannot afford to sap our economic strength to prop up the fantasy that we can control the actions of terrorists by fiat. There are some battles we just shouldn’t fight.
More Related Stories
- What's behind New York's anti-gay hate crimes?
- Paul McCartney backs Pussy Riot
- Cannes: Ryan Gosling's new movie draws the boo-birds
- Radio host tweets rape joke, blames journalists for reporting on it
- Juror responds to Joe Francis' insults with thoughtful email
- New track from the Lonely Island features Solange Knowles, semicolons
- Amazon introduces fan fiction publishing platform
- Naomi Watts, "Argo," "Wonderstone" among bizarre Teen Choice Awards nominees
- Imprisoned Pussy Riot member declares hunger strike
- The camp-free "Behind the Candelabra"
- Justin Bieber will destroy you if you live-tweet his parties
- Marc Maron on Twitter feud with Michael Ian Black: "We have an understanding"
- "Girls Gone Wild" creator Joe Francis to jury: "You should be euthanized"
- Ai Weiwei releases heavy metal music video
- Actually, Beyoncé is a feminist
- Marc Maron and Michael Ian Black's epic Twitter battle
- Cannes: Directing 101 with James Franco
- Welcome to the jungle: The definitive oral history of '80s metal
- Burt Bacharach opens up on daughter's suicide
- Steven Spielberg to produce "Halo" television series
- Amazon set to launch fine-art gallery
Featured Slide Shows
The week in 10 picsclose X
- 1 of 11
Lisa Montgomery embraces her nephew Thursday after a tornado tore apart her home in Cleburne, Texas. The twister killed six people and destroyed entire swaths of the North Texas town.
Credit: AP/LM Otero
Jack McMahon, the defense attorney for abortion doctor Kermit Gosnell, speaks outside the Criminal Justice Center in Philadelphia Tuesday. His client was convicted of killing three babies in his clinic, and will serve multiple life sentences.
Credit: AP/Matt Rourke
A photo taken Monday captures Vice President Joe Biden's response to a Milwaukee second-grader's innovative proposal to end America's epidemic of gun violence. This guy!
Credit: AP/Jenny Aicher
Sen. Rand Paul, R-Ky., flanked by a grouper-eyed Michele Bachmann, addresses the IRS' admission that it targeted Tea Party groups in advance of the 2012 election. In an op-ed for CNN Thursday, the Kentucky senator slammed the president for his faux outrage.
Credit: AP/Molly Riley
Ousted IRS chief Steven Miller is sworn in on Capitol Hill Friday. Miller testified before the House Ways and Means Committee on the extra scrutiny the agency gave conservative groups applying for tax-exempt status.
Credit: AP/J. Scott Applewhite
Attorney General Eric Holder pauses as he testifies on Capitol Hill before the House Judiciary Committee Wednesday. Holder is under fire, among other things, for the Justice Department's gathering of phone records at the Associated Press.
Credit: AP/Carolyn Kaster
O.J. Simpson sits during an evidentiary hearing at Clark County District Court in Las Vegas, Nev., Thursday. Simpson, who is currently serving a nine-to-33-year sentence in state prison for armed robbery and kidnapping, is using a writ of habeas corpus to seek a new trial.
Credit: AP/Las Vegas Review-Journal/Jeff Scheid
Major Tom to ground control: On Sunday astronaut Chris Hadfield recorded the first music video from space, a cover of David Bowie's "Space Oddity."
Credit: AP/NASA/Chris Hadfield
When it rains it pours. President Barack Obama speaks during a news conference Thursday with Turkish Prime Minister Recep Tayyip Erdogan, inexplicably inspiring an #umbrellagate Twitter meme.
Credit: AP/Jacquelyn Martin
A smoke plume rises high above a road block at the intersection of County A and Ross Road east of Solon Springs, Wis., Tuesday. No injuries were reported, but the the wildfire caused evacuations across northwestern Wisconsin.
Credit: AP/The Duluth News-Tribune/Clint Austin
Recent Slide Shows
- 1 of 11