FreeWire

Debating Encryption Privacy Vs. Electronic Piracy

Does this mean that government intelligence agencies, who will always have the biggest computers, will eventually gain the upper hand, destroying the dream that, someday, unconditional privacy will set us free? By a quirk of fate, the processing time required to crack codes grows exponentially as key lengths increase, while the processing time required for public-key encryption and decryption grows at a much slower geometric rate. Even if supercomputers double in power every 18 months--as quickly a s commercial microprocessors do--users can leave crackers behind by increasing their key lengths as they m igrate to more powerful PCs. The intelligence agencies couldn't keep up even if their budgets grew faster than Medicaid. Achieving widespread surveillance will become totally infeasible, particularly if a significant fraction of Internet traffic gets encrypted.

As a benchmark for today's cracker-gap, RSA estimates that a message encrypted using its public-key system with the shortest 512-bit "export grade" keys can be cracked with available technology for less than $1 million and eight months of effort. Doing this, by the way, requires sorting through all the prime numbers of length 512 bits or less, which is greater than the number of atoms in the known universe. Even so, RSA considers this insecure, recommending the use of 1,024-bit or 2,048-bit keys for sensitive information. (Don't you wish you had a secret that was worth more than $1 million?)

OK, so ongoing hardware improvements will make us more secure, not less. But what if deep in the basement of the National Security Agency a brilliant mathe matician invents a new factoring algorithm a million times more efficient? Fine. If this happens, do you think they will tell anyone? Do you think the existence of this invaluable intelligence asset would be revealed in court just to produce evidence prosecuting John Q. Public for evading income taxes, or Random G. Offshore Corp. for selling dirty pictures? Don't you think this capability would be reserved for prying into Saddam Hussein's affairs, which is what these spooks are supposed to be doing anyway? Any profound mathematical advantage used by intelligence agencies to overcome the cracker-gap is going to be one of the most closely guarded secrets on the planet--at least until an independent mathematician comes up with it and publishes it on the Web, in which case we all get fair warning to upgrade our tools.

So what's a black-budget bureaucrat to do? Obviously, throw sand in industry's gears, sprea d confusion and disinformation among the naive electorate, create new bogeymen to replace the red thre at that once justified massive spy-shop expenditures, and lobby congress for more money.

The Little Engine That Could Into this environment, new products insist on clawing there way to market. One of the most interesting comes from a company called Deming Software, (www.deming.com) , a start-up allied with RSA that recently introduced a product called Secure Messenger. Incorporating the new Secure Multipurpose Internet Mail Extension (S/MIME) standard for cross-platform message exchange, Secure Messenger includes RSA's public-key encryption technology as well as VeriSign digital IDs. The product works best as a plug-in for both the popular Microsoft Exchange and Eudora Pro e-mail clients, though it can be used with any e-mail product or service. This thing is so simple to use that even your mother can travel incognito with the mere click of a mouse. Four levels of security are provided from Export grade, using 512-bit RSA and 40-bit DES, to military grade, based on 2,048-bit RSA and 255-bit DES. Oh, yes, it's still illegal to export the latter, so if you are a bad guy, make sure you turn your floppy disk over to the FBI before you leave the country. Right.

Bill Frezza is the President of Wireless Computing Associates. He can be reached via e-mail at frezza@interramp.com.