Pretty Good Privacy PGP stands for “Pretty Good Privacy.” It is an encryption program. What encryption does is hide information from people who do not know the “secret word” to reveal the information. Louis J. Freeh, the Director of the Federal Bureau of Investigation, says the honest have nothing to hide, and only criminals would use encryption. The honest, goes the implication, have no need of encryption.
Let us think about that, for just a minute. The honest have no need of encryption: they can live completely open lives, and this is desirable. Their virtue is their defense. This is an attractive argument, but let us see where it takes us. By this same reasoning, the honest have no need of shades on their windows.
The honest have no need for bathroom doors — or front doors, for that matter. The honest have no need to seal the envelopes into which they put their letters or their bill payments. The honest have no need to take their credit card receipts — complete with account number, expiration date, and signature — but should just leave them at the sales counter for whoever needs a piece of scrap paper. The honest have no need to look at anything anyone asks them to sign, but should just sign. The honest should publish their medical records in their local newspaper.
The honest should have their social security numbers and birth dates on their checks, along with their names and addresses. The honest should write their PINs on their ATM cards. I think we can imagine a world where being “honest” as in these examples would be, shall we say, “differently clued.” I also think that world could easily look a lot like the one in which we live. Virtue is a defense, and a good one. But virtue is a defense against false accusation — not victimization. One would think the FBI could tell the difference.
That I use encryption does not mean I am a criminal. It means I recognize that there are people about who are, or could be tempted into being, less than perfectly honorable. This recognition has a name. It is called “prudence.” It is a virtue. What I find truly amusing, though, is that while the FBI argues that I must be a criminal if I use encryption, the Privacy Act of 1974 requires that I use it if I interact with the government. The Privacy Act of 1974 imposes the legislative requirement on all government agencies to: establish appropriate administrative, technical, and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained.
The Federal agencies, of course, in turn impose this requirement on their vendors. For example, the Health Care Financing Administration, through its rule making body, requires all health care organizations accepting Federal funds (including Medicare, Medicaid, and Children’s Health Insurance Program) to use, at a minimum, 112 bit symmetric key encryption and 512 bit asymmetric key encryption. The FBI says only a pedophile or terrorist would use encryption of this strength. When information is confidential, using encryption is not furtive: it is responsible. We do not normally confuse “prudent” and “criminal,” or “responsible” and “furtive.” That the Clinton administration consistently cannot tell the difference between these when it comes to encryption is curious. That the Clinton administration feels the need to convince the rest of us that there is no difference is absolutely fascinating.
The only explanation that springs to mind is that the Clinton administration has a difficult time distinguishing between “public” and “private,” or imagining that anyone could have a legitimate secret. Given the number of Clinton administration illegitimate secrets that have been exposed — certain adult activities in the Oval Office, and certain failures to notice espionage by foreign powers that happen to make large campaign contributions, for example — I suppose I can understand this point of view. I do not agree with it, however. It may be that the existence of a pair of underwear may give the Clinton administration an uncontrollable urge to rummage around in them. I can imagine the sympathy the Clinton administration has for someone who really wants to rummage around in someone else’s shorts, and cannot.
But I believe most people would understand that an urge to rummage around in someone else’s underwear should be suppressed, not made a “right” under law. Maybe after they outlaw encryption, they will outlaw belts — after all, belts block access to people’s shorts. “Only someone with something to hide would use a belt. What is wrong with them? Are they ashamed of what is inside their pants?” I do not have to be ashamed of what is inside my pants to decline to show it to you, thank you very much. It says right here in the Constitution: “The right of the citizen to be free of others rummaging around in his or her shorts shall not be abridged.” Well, actually, it does not say that, but apparently it should. Perhaps that would be language the Clinton administration could understand.
Ah, but, the argument goes, encryption may prevent the exercise of purient curiosity, but it also prevents law enforcement from gathering evidence. Well, this is indeed a concern. None of us wants criminals and scofflaws to have no fear of law enforcement. However, encryption in fact does not prevent law enforcement from gathering evidence. There has not been a single case where encryption has prevented law enforcement from obtaining a conviction. Not one.
Zero. Zip. Nada. This is because encryption merely raises the bar on obtaining information — it does not prevent it. And it raises the bar only for the criminal and the curious, not for law enforcement.
Encryption does not encumber action of law: search warrants are not prevented by encryption; subpoenas are not prevented by encryption; interrogation is not prevented by encryption. Then the argument goes, but what if there is no evidence other than the encrypted data? As Freeh says in his testimony before Congress, Police soon may be unable through legal process and with sufficient probable cause to conduct a reasonable and lawful search or seizure, because they cannot gain access to evidence being channeled or stored by criminals, terrorists and spies. Clearly, this is not desirable. But, let us think about this, for just a second: how could that be? If the only evidence of my criminal activity is encrypted data on my computer, it must be some awfully strange criminal activity. I cannot have stolen anything, for example, the Mona Lisa: the Mona Lisa is on a block of wood, and it is difficult to encrypt a block of wood.
I cannot have threatened anyone, say, my sister: threatening my sister would be rather ineffective if no one knew about it. I cannot have killed anyone: a body and a weapon cannot be encrypted. I cannot have evaded taxes by concealing income: the bank has to know about my ill-gotten gains for me to write a check against them. I cannot even have committed copyright infringement: I need to make illicit copies of something to do that, and if they are all encrypted their market value is low. Seriously: what possible crime could there be where the criminal could encrypt all the evidence? Or even enough evidence to prevent conviction? So, then, why is the Clinton administration so anti-encryption? It has to be that it just likes rummaging around in other people’s shorts — or thongs. There really is no other explanation that makes sense.
Encryption does not prevent law enforcement from enforcing the law. What it does do, however, is keep nosy neighbors’ no …