As noted earlier, one of the vulnerabilities of encryption software is a security hole known as a "back door," which may be present in a piece of software by accident or because someone created it in the software with malicious intent. For years, federal investigators tried to convince lawmakers that software developers should be required to intentionally create "back doors" to give authorities access to encrypted communications between individuals who are under surveillance for suspected criminal activities. Proponents referred to this as a "key escrow" system because authorities could go to court to get permission to use the key to unlock encrypted communications.
Privacy and civil liberties advocates fought these efforts, citing the importance of encryption to the work of human rights activists and the need for secure communications for online commerce. In the late 1990s, they were successful in convincing federal policy makers to loosen U.S. laws banning the export of strong encryption. However, the September 11, 2001 terrorist attacks on the World Trade Center and the Pentagon have prompted renewed calls for increased restrictions or outright bans on encryption. This, in turn, has generated renewed concern among privacy and civil liberties advocates about the potential loss of constitutionally protected rights. Lauren Weinstein and Peter G. Neumann, co-founders of People For Internet Responsibility, offered this perspective in a September 23, 2001 "PFIR Statement on Terrorism, Civil Liberties, and the Internet:"
"The techniques for strong encryption are now widely known and can be implemented on any PC or handheld computer. Attempts to outlaw, weaken, or mandate surveillance backdoors' for such systems can only result in the vast honest population being saddled with vulnerable encryption systems for commerce and a wide range of other communications both on and off the Internet, all subject to a wide array of monitoring. Such surveillance could be instigated not only by benign' governments, but also by a range of private parties who would inevitably penetrate the back-doors of such systems, not to mention other governments and entities (either now or in the future) who most decidedly won't be benign in nature."
There are many good sources of up-to-date information on the calls for increased restrictions on encryption that started after the September 11, 2001 terrorist attacks, including:
For more general information on the public policy aspects of encryption see "Links to further resources, focusing on encryption politics" in the following section.
Next: Where can I read more about encryption? | Back to Guide