Activists Alarmed by Measure Aimed at Blocking Encryption
Cheating on income taxes or neglecting to pay sales taxes on online purchases could get you five extra years in prison if the government succeeds in restricting data-scrambling technology, encryption-rights advocates fear.
Such a measure, they worry, also may discourage human rights workers in, say, Sri Lanka from encrypting the names and addresses of their confidants, in case they fall into the wrong hands.
Draft legislation circulating in the Justice Department would extend prison sentences for scrambling data in the commission of a crime, something encryption advocates fear would achieve little in catching terrorists and hurt only legitimate uses of cryptography.
“Why should the fact that you use encryption have anything to do with how guilty you are and what the punishment should be?” said Stanton McCandlish of the CryptoRights Foundation, which teaches human rights workers to use encryption. “Should we have enhanced penalties because someone wore an overcoat?”
Such law enforcement tools sought after the Sept. 11 attacks are expected to be among top discussion items at the annual Computers, Freedom and Privacy conference, which begins Wednesday in New York.
The measures are sought by police and intelligence agents who worry that criminals who use encryption will commit crimes that will be tougher to solve or prevent.
Law enforcement hopes the threat of added penalties -- up to five years for the first offense and 10 years after that -- would make criminals think twice before scrambling their messages. Longer sentences already have been approved for using guns in robberies, for instance.
“If you went the extra step to keep us from getting evidence, you should pay an extra price,” said Jimmy Doyle, a former computer crimes investigator with the New York Police Department.
It’s not the first time encryption is under assault.
For years, the government restricted the export of high-strength encryption. It also sought to require software developers to create a backdoor and hand investigators a set of keys upon request.
Encryption advocates, supported by the technology industry, resisted and thought they had won in September 1999, when the Clinton administration relaxed the export controls over the objections of his attorney general and FBI director.
Then came Sept. 11.
The new proposal is part of legislation dubbed Patriot II and comes after the 2001 USA Patriot Act, which gave law enforcers broad new powers.
Atty. Gen. John Ashcroft has said any draft circulating at the Justice Department is far from official policy and has yet to be submitted to Congress. But when he was a senator, Ashcroft in 1998 introduced a similar bill, which never passed.
The latest proposal would apply only to individuals who willfully and knowingly use encryption to commit a federal felony.
But critics worry that the language could cover almost all conduct online as encryption gets incorporated in Web browsers for e-commerce, virtual private networks for telecommuters and other day-to-day applications.
A mistake on an electronic tax return, if it leads to a conviction, could mean longer prison terms, warns Mark Rasch, a former Justice Department computer crimes prosecutor.
Or in the extreme, someone who neglects to pay a state tax for online shopping -- few people do -- could be prosecuted for federal mail fraud and face five extra years “for avoiding two dollars’ worth of taxes,” Rasch said.
“If suddenly I find myself facing this big criminal penalty because I happen to use encryption, will that discourage people from using it?” asked Alan Davidson of the Center for Democracy and Technology.