SPY VS. COMPUTER NERD: THE FIGHT OVER DATA SECURITY
Philip Zimmermann wanted to strike a blow for freedom. To help computer users keep data safe from snoopers, the Boulder (Colo.) software consultant and self-described "privacy activist" wrote a program making it easy to encode messages with an all-but-unbreakable cipher. And he offered it free through the network known as the Internet.
Now, Zimmermann's gift to cyberspace has exposed an enormous gap in the Administration's vision of a high-tech future. The White House is promoting a data superhighway as a key to a competitive future. But the National Security Agency is trying to restrict the use of high-quality encryption, which experts believe business will need to take full advantage of the "information infrastructure."
The focus of the fight is a program Zimmermann calls "pretty good privacy" (PGP). On Sept. 9, two software companies in Texas and Arizona that have been involved in publishing PGP received federal grand-jury subpoenas requesting documents and information about the program.
CRACKDOWN. Although the government won't discuss the investigation, the computer world has a pretty good idea what's going on. Because sophisticated encryption allows friends and foes alike to protect communications, the software is subject to the same export controls as munitions. But PGP has popped up all over the world. The probe, says Zimmermann's lawyer, Philip Dubois, is aimed at "finding out how it occurred and whether an offense was committed."
Oddly, the crackdown on software comes just as the Administration is loosening export controls on computer hardware. But the schizophrenia may be more apparent than real. "I don't think they've got the export policy together enough to be split," says a key congressional staffer. The underlying problem, explains Paul Freedenberg, a Washington attorney and export-control specialist, is that "Clinton is very cautious about dabbling in national security. This is an area that has essentially been turned over to the spooks."
Meanwhile, there is growing concern in Congress about possible damage to exports. Quality encryption software "is available from foreign manufacturers...and is easily transmitted using only a long-distance telephone line and a modem," complained Representative Sam Gejdenson (D-Conn.) and a high-powered bipartisan group of colleagues in a Sept. 20 letter to the President. "Yet the U.S. continues to control this computer software as a Munitions List item." Says Douglas Miller of the Software Publishers Assn.: "The U.S. government is succeeding only in crippling an American industry's exporting ability."
While the goal of the NSA and other security agencies--keeping U.S. messages secure while allowing Uncle Sam to read those of both domestic and foreign bad guys--is laudable, technology may be rendering it impossible. "Law enforcers no longer have the inside track," says Eben Moglen of Columbia University law school.
Experts agree that NSA officials are smart enough to see the writing on the wall, encrypted or not. But, says James Bitzos, president of RSA Data Security Inc. in Redwood City, Calif., the agency wants to maintain as much control as possible for as long as possible. Today, intelligence agencies still have a shot at finding "needles in the haystack," he says. "If they lift export controls, they might as well go home."
Still, the NSA can't stave off the inevitable for long. Gejdenson hopes to produce legislation by early next year to revamp government policy on high-tech exports. The result will probably include looser restrictions on encryption software--and a victory for Phil Zimmermann in his battle to keep snoops out of his cyberspace.EDITED BY STEPHEN H. WILDSTROM John Carey