Every tool is a weapon if you hold it right

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

The Fourth Amendment is not so often quoted as the fighting words of the First Amendment: "Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances."

but it is, in its own way, as strong as the First.

It's been thirteen days since Americans were reminded that they were not the inviolate nation they had fancied themselves to be since the ending of World War II. It has been so many years since we understood the concept of a true, mortal, threat; so many years that, until last week, it had become a distant, happily-forgotten memory in our parents' and grandparents' minds.

Attacks lead to fear. Fear leads to anger. Anger, in its turn, leads to national determination to prevent such destruction from happening again. Such determination, unfortunately, often leads to the suspension of civil liberties, and sometimes even to the suspension of things that our Constitution considers "rights."

At the beginning of the Civil War, Abraham Lincoln temporarily revoked the right of habeas corpus, a decision which, rightly, angered many—yet history has forgiven him.

On February 19, 1942, Franklin Roosevelt signed Executive Order 9066, interning over 100,000 people—all of them of Japanese descent, many of them American citizens—in "internment camps" because they were Japanese, and therefore the enemy. Appearance meant more than innocence. The end result: most everyone, but me, hails him as one of our greatest Presidents.

But that's in the past, right?

We'd like to believe that our elected officials are past the need to automatically revoke civil liberties when Americans are under attack or waging war. Sadly, this does not seem to be the case, judging by actions like Attorney General John Ashcroft's recent proposal to make many computer crimes fall under the definition of "acts of terrorism."

The topic of "strong encryption" has been brought up many times since September 11, and the tone of the discussions I have heard in recent days bothers me greatly.

Strong encryption cannot be discussed in layman's terms without discussing PGP and distributed.net. Distributed.net arose as the answer to an RSA challenge. A full description would defeat the point of this commentary, but suffice it to say that the RSA provides an encrypted message to anyone who wishes to attempt to decrypt it. In an attempt to prove that encryption should be made stronger, a small program was devised that attempts to break the code using brute-force 'distributed computing' (using spare CPU cycles from computers all over the world). PGP, on the other hand, stands for Pretty Good Privacy, and is a program, created by Phil Zimmerman, that allows anyone to strongly encrypt their email.

Both distributed.net and PGP are, currently, legal—but I have to wonder for how long. The current atmosphere of American paranoia is leading our leaders down the path of overcompensating toward security at the cost of Constitutionally-guaranteed liberties. It is all too easy to do: their belief is that our freedom should be restricted, in order to preserve our security. I am torn about this. I understand why they think they are right, but I also understand that this is political knee-jerking in the guise of true protection.

If it can be demonstrated that terrorists and other garden-variety criminals are using strong encryption, then the government has a powerful argument toward banning strong encryption of any kind. After all—if the government can't read their communications, then it will be much, much more difficult to find these people and bring them to justice.

I never thought I'd quote Ani DiFranco in a posting about cryptography, but there is a snippet of song lyric that says it better than I ever could: "Every tool is a weapon if you hold it right." It is true of physical tools—hammers, baseball bats—as it is for cryptography.

Don't believe me? Think about this: the same strong encryption that can be used by criminals is the same strong encryption you use to make sure that your online banking transactions aren't sniffed by third parties. It's the same strong encryption you use to protect your credit card information when ordering books from amazon.com.

The prevailing wisdom is that government officials support the addition of "back doors" to cryptography products. It's for our protection, they say, but answer me this—where does the cat go when it's out of the bag?

Ever seen the bumper stickers that read "When guns are outlawed, only outlaws will have guns"? Ever seen the shirts that contain crypto code and the words, "This shirt is a munition!" The same bit of truth applies here: we can outlaw strong encryption in the United States, but the internet is global, and we can no more eradicate strong encryption in every country in the world than we can eradicate the memory of how to create strong encryption from the people who have already created it.

Take it as a given that even if strong encryption is outlawed, that it will still be available on the black market. Do you truly believe that government agencies will use encryption systems with back doors? Of course they won't.

Do you truly believe that government officials will only use the back doors for official uses? Do you really trust them that much? Who decides what "official use" is? Even if they say, "We'll only use it for our benefit," who constitutes "our"? Does it change with every new administration?

Who will be allowed to decide who "us," the good guys, are? If the Senators and Representatives decide, it's certainly not going to be the people who spend their lives protesting the actions of Congress. (Remember the students who protested the Vietnam War? Some of them got killed for their beliefs—do you really think Congress would have given them strong encryption?)

After all, "we" are the good guys. At least, from our point of view, we are. If you look at it from other nations' point of view, the groups of people who "should" get secure cryptography change radically: in Russia, the mafiosi will have it; in Afghanistan, the Taliban; in Iraq, Saddam Hussein… In Ireland, it'll depend on who you're talking to at the moment. The Palestinians and Israelis will both claim they should have it: one group in their desperate pursuit of a homeland and another in the desperate attempt to keep theirs.

In the end, it matters not a whit. The programs for strong encryption exist, and will continue to exist -if not legally, then underground. I have no plans on making Jeff delete our copy of PGP anytime soon. We have no compelling reason to do so and, in fact, we feel we have very compelling reasons to distribute it openly and widely to every person who will take a copy from us.

Even if our legislators take away programs for strong encryption, one-time pads are still unbreakable and still require no programs to make them work. Taking away strong encryption solves no problems for us and creates myriad inconveniences in its stead—inconveniences and security risks that I cannot accept.

Freedom and security are a continuum; you must give up some of one to get more of the other. I recognize that supporting strong encryption means that I cannot just use it to protect my credit card number, but that I must accept the consequences when someone uses it for a destructive or criminal reason. It is the price I pay, and I accept that.

(The Republican Party believes I have a right to own a gun—preferably without a waiting period—but I'm a terrorist if I believe that I should be able to protect my credit card numbers and my emails.)

I had hoped our leaders would have learned from previous errors that choosing to revoke constitutional liberties in the name of national security is a grave error. Judging by current events, I have no reason to believe that they have learned anything. We will bomb, and we will retaliate, and they will 'temporarily' take away our liberties in the guise of national security—liberties whose restriction will not make me or my loved ones any safer. Our politicians, I fear, cannot see the liberties of their constituents for the righteous anger that clouds their eyes.