5 Second Download!

Home
The Issue
Myths
Rules&Tools

Join the Privacy Avalanche and hide your words in Pure Noise™.

Your privacy is everything. Guard it now, DOWNLOAD PureNoise™ and tell your friends.

Protect the future of your privacy, register your copy of PureNoise™ and get a free second license to give a copy to your friends or colleagues.

Support the Internet Freedom Case
PGP Now!
Electronic Frontiers Foundation
Electronic Frontiers Foundation Links
Free Crypto
Electronic Frontiers Foundation
Internet Free Expression Alliance
Global Internet Libery Campaign
Electronic Frontiers Foundation of Canada
Digital Future Coalition
Free Expression Network
Myths vs. Reality on Encryption

Myth # 1: Strong encryption is not necessary to protect consumer privacy and ensure security on electronic networks.

Reality: In fact, encryption is a critical foundation of electronic transactions. Almost all transactions (involving sensitive data) conducted over the Internet are currently protected by strong 128-bit encryption. For example, 128-bit encryption is currently required by all major banks in order to conduct banking transactions over the Internet.

Myth # 2: The widespread use of encryption will leave Americans more vulnerable to crime and terrorism.

Reality: Actually the opposite is true. Strong encryption will help protect America from growing computer crime, fraud, and theft. Moreover, in a 1996 Presidential Commission report, the National Research Council, recognizing the vulnerabilities of the nation's critical infrastructure, called for the "broad use of cryptography Š" to meet today's information security needs.

Myth # 3: Encryption technology currently is controlled by the National Security Agency and law enforcement.

Reality: Encryption is not controlled by law enforcement. It is prevalent today and used regularly to protect bank records, financial transactions, e-mail, and medical records. State-of-the-art encryption is sold in the United States "over the counter" at thousands of retail outlets and over the Internet. Any attempt by the FBI to mandate a system in which "third parties" hold encryption "keys" would represent a substantial new limitation on an individual's ability to protect his or her privacy.

Myth # 3: The Fourth Amendment gives law enforcement the right to access your data and computer communications without your knowledge.

Reality: The Fourth Amendment establishes only a right of the people against unreasonable searches and seizures. It does not grant an affirmative power to the federal government ensuring reasonable and convenient access to evidence. The federal government has only the power to search - it does not have the right to find. Outlawing the use of encryption where no "key" is held by a "third-party" turns the Fourth Amendment inside-out. The police would have a "right to find" evidence, while the people would be jailed for best securing their "papers and effects."

Myth # 4: The FBI's "key recovery" plan is workable.

The Administration and the FBI have proposed a "key recovery" infrastructure designed to enable law enforcement access to the plaintext of encrypted data and communications. Specifically, the FBI wants "immediate access to the plaintext of encrypted communications or electronic information without the knowledge or cooperation of the person using such product or service."

Reality: For today's commercially sold encryption products, the technology does not exist to provide "immediate access" to "communication without the knowledge of the user." (This can be roughly comparable to the FBI mandating compact disk quality sound recording in the days of the 45-RPM record.)

Myth # 5: Because law enforcement officers would be required to obtain a court order to view personal information without the owner's knowledge, innocent people are not at risk.

Reality: Law-abiding citizens are most at risk. Imagine a system where all citizens, not just criminals, would have to deposit a copy of their house key or a copy of their safe combination with a "trusted third party," just in case law enforcement ever wanted covert access to their private information. So-called "key recovery" gives the government and third-party key holders the ability to access the private data of every American -- well before a crime is committed or a court order is secured.

Myth # 6: "Trusted third parties" would ensure that encryption keys aren't misused.

Reality: "Key recovery" is an inherently insecure system because "keys" would be held by either "trusted third parties" or governments. Under such a system, security rests with the integrity of the institutions and individuals holding the "keys," not with the underlying technology. The 1996 National Research Council stated it best: "Escrowed encryption (encryption for which a "third party" holds a key) by design introduces a system weakness Š and so if the procedures that protect against improper use of that access somehow fail, information is left unprotected." No government policy can guarantee those "third parties" will be scrupulous with those "keys."

Myth # 7: Strong encryption is available only in the United States.

Reality: Strong, state-of-the-art, non-"key recovery" encryption is freely available abroad from major multinational corporations like Siemens and Brokat. Some foreign companies market unrestricted products as "stronger security than any U.S. company can provide."

Myth # 8: The Administration and the FBI have secured global support for their "key recovery" infrastructure.

Reality: Since the Internet is global, any "key recovery" technology scheme must be global AND interrelated. There is no global legal infrastructure to support "key recovery." In fact many countries have already decided not to participate. Currently, the OECD (26 countries) and the European Commission have both indicated opposition to a mandatory "key recovery" scheme. Moreover, despite the Administration's best efforts over a number of years, not one bilateral or multilateral agreement has been reached regarding the global exchange of encryption keys.

Myth # 9: Current U.S. export controls are constitutional.

Reality: This is not a settled matter. Today's export controls may be unconstitutional as "prior restraint" of speech under the First Amendment. The District Court in the Northern District of California has already held that the current export control regulations are unconstitutional.

Above information coutesy of the Computer Privacy Organization

Next

 


[Pure Noise] [Privacy] [AES Tests] [Download] [Resources] [About Us] [Support]

Copyright 1996-1999 by PureNoise Ltd.

Site developed by PureNoise Web Design Team