Recent front page articles in a number of newspapers have discussed the controversy over government control of encryption, in the context both of the Clinton admiminstration's Clipper Chip proposal and the recent controversy over whether Philip Zimmerman is guilty of exporting munitions by making his public domain encryption program available on the Internet. Like most public discussions of encryption, these articles understate the importance of the issues at stake. The result is to make the arguments both for and against government control of encryption appear weaker than they really are.
There are two ways of protecting privacy. One is to let people have information about each other but impose legal controls on what they do with it. That is the approach of our current privacy law, embodied in statutes such as the Fair Credit Reporting Act. Anyone who considers that an effective approach can readily test it by offering a reasonably unscrupulous investigator a thousand dollars for a copy of a credit report on a random stranger.
The other way of protecting privacy, the way that works, is to keep other people from getting information about you in the first place. If you are worried about evesdroppers, check under the eves--or hold important conversations in the middle of wide open spaces. Seal your letters and entrust them to reliable messengers. Tell your deepest, darkest secrets to your horse--and nobody else.
Over the past century, technological advance has made that approach more difficult. Many conversations take place over telephone wires--and it is hard to check the entire phone line and every switching station for evesdroppers. Even meetings in the middle of the Mojave desert may not be entirely private in a world of shotgun microphones and spy satellites. A cellular phone conversation can be intercepted by anyone with a suitable receiver. EMail across the Internet is bounced from one machine to another until it finds its destination--and can be read by anyone controlling any one of those machines.
EMail at present makes up only a small part of our communication--less important than ordinary mail and far less important than telephone conversations Only a few tens of millions of people are connected to each other over computer networks and what they send is mostly limited to written text. Both of those constraints are rapidly disappearing. Within a decade or so, most of the people most of us wish to communicate with will be accessible over computer networks--and the bandwidth of those networks, their ability to carry information, will be orders of magnitude greater than it now is. As the rapidly decreasing cost of computer power brings virtual reality out of science fiction and into common use, communicating over a computer network will become an ever closer substitute for being in the same place. The result will be a radical shift in the technology of how we interact with each other and how we keep our interactions private.
The year is 2010. From the viewpoint of an observer, I am alone in my office, wearing goggles and earphones. From my viewpoint I am at a table in a conference room, with a dozen other people. The other people are real--seated in offices scattered around the world. The table and the room exist only in the mind of a computer. The scene is being drawn, at a rate of sixty frames a second, on my goggles--a little differently for each eye, to give three dimensional vision. The meeting is virtual, but to my sight and hearing, the two most important senses for communication, it might as well be real. It is sufficiently real for the purposes of a large fraction of human interactions--consulting, teaching, meeting. There is little point to shuttling people around the world when you can achieve the same effect by shuttling electrical signals instead. As wide band networks and sufficiently powerful computers become generally available, a large part of our communication will shift to cyberspace.
This raises an obvious problem for privacy. When communication is on a worldwide network, used simultaneously by tens or hundreds of millions of people, it is hard to know who may be listening. With powerful computers, it is relatively easy for a snoop to sort through millions of intercepted messages to find the interesting ones--already, at least one information utility uses a primitive version of that approach to pre-censor postings for obscenity. The combination of easy interception and computerised searching seems to imply cyberspace as a fishbowl--the end of privacy for a large fraction of our personal and business interactions.
It does no good to intercept a message if you cannot read it. The solution to the problem of privacy in such a world is encryption. The key technology is public key encryption. Every person on the net, using readily available software, creates for himself a pair of keys--each a number of perhaps two hundred digits. The keys function as inverses of each other. Using either key and the appropriate software, I can encrypt a message. To decrypt it requires the other key.
Each person publishes one of his pair of keys--his public key. The public keys of the entire population are available, to anyone who wants them, in the phonebook or some digital equivalent. My private key I keep a closely guarded secret. You wish to send a message to me; today it might be Email, ten years from now it might be the message stream containing your end of our virtual reality conversation. You encrypt it with my public key. Anyone can intercept it--but it can only be decrypted with my private key, which only I have.
I wish to send a message to you and prove that it is from me. I encrypt it with my private key. You decrypt it with my public key. The fact that what comes out of the decryption process is a message and not gibberish means that it was encrypted with my private key. Since only I possess my private key, I must be the source of the message. Thus public key encryption provides not only privacy but verification as well--a digital signature. By encrypting first with my private key and then with your public key, I can send you a message that is both secure and verifiable. Only you can read it, and only I could have sent it.
Related technologies will provide additional elements of privacy. Protocols exist to make communications untracable as well as secure. Others can provide the digital equivalent of cash--transfers of value that cannot be traced, even by someone who intercepts the communications containing the transfers. Combine all of these and we are in a world of strong privacy.
Public discussion of attempts by government to regulate encryption, whether the longstanding policy of discouraging encryption by prohibiting its export or the more recent "Clipper Chip initiative," which attempts to establish a form of encryption good against everyone except the government, focuses mainly on the ability of law enforcement agents to intercept phone calls by drug dealers, international terrorists, and the like. That is a small part of the real issue. Computers and computer networks make possible a level of privacy stronger than we have ever had. In a world of strong privacy, a large part of human activity will be unobservable to anyone save the participants. What cannot be observed cannot be taxed or regulated. The results will be attractive in some ways, unattractive in others, and very different from the world we now live in.
Consider, as one example, income from information services. With high bandwidth networks and strong privacy, I can sell my services as a teacher, lawyer, or business consultant without anyone, even my customers, knowing who I am. My business name and attached reputation are defined by my public key: I can demonstrate that I am the person who does business under that name by my ability to read messages encrypted with that key.. A large and growing part of the economy will no longer be taxable.
The IRS has the alternative of deducing income from expenditure--a traditional approach to dealing with those engaged in illegal professions. But in a world of strong privacy, a substantial part of my expenditure will also be invisible--spent as digital cash to buy information and services over the net. In such a world taxes, whether of production or consumption, will shift away from information goods and services and towards goods that can be physically observed.
Another consequence of strong privacy will be to make certain sorts of legal regulation impractical. In many ways, this will be a good thing--political censorship, for example, will become enormously more difficult. Many professions will no longer be able to use professional licensing or trade barriers to restrict competition. Other consequences are less obviously attractive. In a world of strong privacy, violation of copyright becomes easy. A pirate publisher, operating anonymously, can set up a commercial archive of copyrighted books, music, or programs and sell them over the net just like a legitimate dealer. His customers will be able to communicate with him and he with them, but neither party to the transaction need know the physical location or true identity of the other.
One can imagine the use of privacy for more serious criminal enterprises as well. Buying and selling of trade secrets, purchasing embarassing information for purposes of blackmail, even hiring a contract killer, become easier in a world where businesses can operate, and establish reputations, without revealing their physical location or proprietors. Potential victims will get less protection than they now do from law, but more from the use of privacy in their own defense. It is hard to have a competitor killed, or even to steal his trade secrets, if you have no idea what he looks like or where on the globe he lives.
All of this sounds like, and is, the stuff of science fiction. It is also the world we may be living in twenty or thirty years from now. Without encryption, computers may mean a sharp reduction in individual privacy. With encryption, we may be very private indeed. Large parts of our lives will be lived in a world of voluntary association and no government--with both the advantages and disadvantages that such a world implies. That makes the present controversy over encryption, largely ignored by most outside the computer industry, easily the most important privacy issue of the decade, and perhaps the most important policy issue.
This is unpublished; any journal interesting in
publishing a version of it should EMail me. David Friedman