The following text is copyright 1997 by Network World, permission is hearby given for reproduction, as long as attribution is given and this notice is included.
Permission to whisper in the field, sir?
"There was no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to." - George Orwell 1984 .
It seems that the administration is shopping a draft of a proposed Electronic Data Security Act of 1997 around to various members of Congress. ( See http:/www.cdt.org/crypto/ ) In the guise of establishing an infrastructure for electronic commerce, this bill would significantly reduce the protection that an individual has against capricious government eavesdropping.
There are a lot of good words and even some good ideas in this draft. It proposes a framework for the registration of private certification authorities (CAs). Such CAs are a required prerequisite for many types of secure communication and electronic commerce over the Internet. It proposes a framework for the registration of private key recovery agents, potentially very useful in the recovery of lost keys in a business context. It proposes to establish specifically that the use of encryption by individuals in the US is legal, without regard to the type or strength of encryption. It also says that the use of encryption technologies amenable to key recovery would be voluntary.
But, one may not use a registered CA unless one also agrees to support the key recovery. The use of such a CA is important if you want others to be able to exchange secure communication with you without having to contact you first. It would be one thing if the government was required to get a court order to get a copy of your secret keys from the key recovery agent (as most interpretations of the Constitution would seem to require) but this draft also permits unidentified people from "a law enforcement or national security government agency" to retrieve keys without court order.
Trying to catch up to Orwell's future (which was set in London), and not to be outdone by the US administration, the government of the UK has put forth its own version of 'to be exposed is to be safe': http://dtiinfo1.dti.gov.uk/pubs/.
In days of old, if a peasant wanted to converse with a friend out of earshot of the King, they could take a walk in a field. Up to now, the US government has not required its citizens to speak only within hearing of the government--we are still permitted that walk in the field (even if "improvements" in surveillance technology make the field harder to find). This draft bill is starting to withdraw this permission, not just after due deliberation by an independent judiciary, but at the unchecked whim of unspecified people.
In efforts such as this one we are asked to give up little liberties for some greater good, and like a frog in a slowly heating pot of water, we do not recognize the cumulative effect of the little changes until it is too late.
disclaimer: Relative to the place down the street, Harvard's heat is applied with subtle panache but the above are my lamentations.