In practice, this means that advocacy groups like the Privacy Rights Clearing House and the Electronic Privacy Information Center are forced to rely less on litigation and more on public statements and moral suasion when corporations act in ways that threaten privacy. (It was such public outcry/education strategies by public interest groups that compelled Intel to promise customers a way of concealing the serial numbers of PIII chips, and that forced Microsoft to provide a means of erasing the serial-number document stamp imposed by recent editions of Office.)

But even when Etzioni has a point, it's hard to get past his paternalistic communitarian agenda. You get the feeling as you read "The Limits of Privacy" that Etzioni is only casually concerned about privacy issues per se; what he's really interested in is vindicating the role of government. This is particularly apparent in the chapter promoting government access to encrypted communications. Here, the knowledgeable reader will find much that casts doubt on Etzioni's understanding -- not only of encryption but also of the other issues he addresses in this book.

As someone who's been contributing to the public debate about encryption and wiretapping policy over the last seven years, I was startled to find that Etzioni gets some of the most basic details of the crypto debate spectacularly wrong. Most notably, he confuses key recovery (the holding of decryption keys by the government, sometimes referred to as "key escrow") with public-key cryptography (crypto schemes like PGP, or Pretty Good Privacy, that depend on paired keys, one of which is freely available to the public). Absurdly, he keeps referring to the government's policy as one of "public key recovery." If the keys are public already, you don't need a policy to enable the government to "recover" them.

But even if you ignore a howler like that one, you'll be troubled by the quality of Etzioni's analysis, which is grounded in two approaches: a) attempting to cast doubt on every argument advanced by crypto proponents and b) accepting uncritically every argument the government advances in favor of guaranteeing governmental access to private encrypted communications -- especially those arguments couched in terms of the threat posed by drug dealers and terrorists who may use encryption to escape detection. (One can imagine a vastly different, vastly better, book whose author was equally skeptical of both sides of the encryption debate.)

This one-sided approach results in some peculiar blind spots. At one point Etzioni writes that "events that have a very low probability but a very high disutility (such as the terrorist scenario depicted) deserve as much public attention as those that have a relatively high probability but a relatively low disutility (e.g., the acts of individual drug dealers or pedophiles)." Here Etzioni embraces what I have called the Pascal's Wager fallacy of the anti-encryption contingent. This fallacy derives from factoring an infinitely terrible event (the terrorist detonation of a nuclear device in Manhattan, say) into your risk calculations. The result is that, regardless of how low the probability of such an occurrence is, any measure that might prevent it is pseudomathematically justified. For all Etzioni's talk of "balancing" rights against the collective good, he doesn't seem to get that the balancing doesn't work when the government gets to put its finger on the scale.

Etzioni confronts us with a similarly unbalanced "balancing" when he discusses the now-discredited and abandoned "Clipper chip" proposal. Here's how he characterizes the issue: "Initially, the United States offered users of encryption a choice: They could freely use whatever encryption software they could find on the market (or the Internet), or they could purchase a more powerful program (powered by the Clipper chip's Skipjack coding algorithm) provided by the U.S. government. The latter would include a key allowing U.S. law enforcement authorities to decipher the messages."

Etzioni characterizes the Skipjack algorithm as "more powerful" because, well, the government assures us that this is the case. In comparison, he says, nongovernmental encryption schemes "may be unreliable or include trapdoors [he means "back doors" -- "trapdoor" has a different meaning in cryptography] that can be exploited by unknown parties." In short, he argues that an encryption technology designed by the government with a known built-in back door is somehow more secure than publicly available software, based on well-known, published algorithms, that might have a back door. This is topsy-turvy reasoning.

The hidden assumption here is that the government means well, so its guaranteed access to our private communications and data is somehow more acceptable than the mere possibility (unsupported by actual evidence) that programs like Pretty Good Privacy may have a back door.

But of course that assumption is the whole ballgame. If there's been a common theme in American political life over the last quarter-century, it has been the growing consensus on both the left and the right that the government, even when it indisputably means well, can't be trusted with too much power.

Next page | A big "come hither" to the government Leviathan