                                                                                                                                                                                                               
If privacy is outlawed, only outlaws will have privacy. If you're among the people skeptical of that aphorism in its more traditional form, I invite you to reconsider in the light of recent revelations about the insecurity of supposedly secure wireless digital telephones.
A team of cryptography experts announced March 20 that they had broken the code protecting the secrecy of numbers tapped into the keypad of a phone -- which could include credit card numbers, personal identification numbers or the number of the person being called.
Bruce Schneier and John Kelsey, of Counterpane Systems in Minneapolis, a consulting firm specializing in cryptography, were joined by David Wagner, a graduate student in computer science at UC-Berkeley. Their analysis shows the encryption system is so weak that it can be evaded in a few minutes, using no hardware more powerful than an ordinary personal computer.
The researchers blame weaknesses in the system on government and military pressure to restrict the use of powerful encryption techniques and the secretive process adopted by the telecommunications industry to develop its new standards.
"The importance of this is it shows, yet again, that you don't do cryptography behind, closed doors," Schneier told the Washington Post. "The only way to get security is through public review."
This is the second of three privacy barriers to fall. The first was voice communications, compromised as long ago as 1992. The third, which protects the identity of the calling phone, is important in preventing fraud, and still stands, for the moment.
Of course, privacy hasn't been outlawed entirely -- not yet. But the Clinton administration, leading a flock of snoops and spooks of various feather, aims to make it a rare bird indeed. In the name of fighting crime, it has been promoting schemes to require everyone using encrypted communications to hand over the keys to the government. Back in 1993, it was the "Clipper Chip," a built-in encryption system based on a secret algorithm developed by the National Security Agency. That chip was cashed in after more than 50,000 people signed petitions in protest. The most recent scheme, floated late in 1996, offered to relax export restrictions on cryptography in return for an industry pledge to make the keys to all their encryption systems available to government snoops in two years.
In theory, the keys would be safeguarded by an independent agency, and the government could gain access only with good reason. But with a wiretap-happy administration like the present one, any reason at all might be "good" enough. In 1992 there were 340 federal court approvals of electronic surveillance in criminal cases; four years later there were twice that many.
The argument is that criminals could operate with impunity if they could communicate secretly, so everyone's communications must be subject to monitoring. That's like confiscating your car keys and mine because somebody else, somewhere, might drive drunk, lt's a fundamental principle of liberty that the innocent shall not be burdened by efforts to convict the guilty, and that applies to electronic eavesdropping too.
National security gets into the act because cryptography was, before the spread of computers, mostly a military preoccupation. Powerful encryption algorithms are classified as "munitions" and their export is forbidden. This is absurd, because the United States has no monopoly on brilliant programmers, and Internet material diffuses beyond national borders.
If the administration's plan could be implemented it would be an economic disaster. Other countries are not following America down the path of inadequate security; last week the 29-nation Organization for Economic Development declined to support restrictive policies. If American computers do not offer privacy, people who want it will simply buy elsewhere.
Congress is of two minds about what to do about all this. Several bills have been introduced to guarantee the legal right to use all forms of encryption, but most of them also give the government preferred access.
One of the better ones is H.R 695, the "Security and Freedom Through Encryption Act," introduced by Rep. Bob Goodlatte, R-Va., which has attracted more than 50 co-sponsors so far. It would roll back export controls and ban the government from imposing policies giving it access to encryption keys.
Marc Rotenberg, director of the Electronic Privacy Information Center in Washington, testified March 20 in favor of H.R. 695 before a sub-committee of the House Judiciary Committee.
"Much of the problem with the White House position is that it continues to place the interests of crime detection ahead of crime prevention," he said, "and in this course has also sacrificed privacy, security, business development and ultimately user confidence."
Rotenberg opposes one provision of H.R. 695, which would create criminal penalties for using encryption to further a criminal act. Prosecutors could use the presence of encryption as a pretext for investigating perfectly legal activity.
"It may he the case that a ransom note from a typewriter poses a more difficult challenge for forensic investigators than a handwriting sample," he said, but that does not make the use of a typewriter criminal.
Rotenberg believes privacy is a basic human right. "Our own Department of State has reported each year on the growing use of electronic surveillance by governments against dissidents, journalists and human rights organizations," he said.
It can happen here, and now is the time to stop it.