Who Should Keep the Keys?

(3 of 3)

The Diffie public-key encryption system could solve one of the big problems facing companies that want to do business on the emerging information highway: how to collect the cash. On a computer or telephone network, it's not easy to verify that the person whose name is on a credit card is the one who is using it to buy a new stereo system -- which is one of the reasons catalog sales are * rife with fraud. But if an order confirmation encoded with someone's public key can be decoded by his or her private key -- and only his or her private key -- that confirmation becomes like an unforgeable digital signature.

However, public-key encryption created a headache for the NSA by giving ordinary citizens -- and savvy criminals -- a way to exchange coded messages that could not be easily cracked. That headache became a nightmare in 1991, when a cypherpunk programmer named Phil Zimmermann combined public-key encryption with some conventional algorithms in a piece of software he called PGP -- pretty good privacy -- and proceeded to give it away, free of charge, on the Internet.

Rather than outlaw PGP and other such programs, a policy that would probably be unconstitutional, the Administration is taking a marketing approach. By using its purchasing power to lower the cost of Clipper technology, and by vigilantly enforcing restrictions against overseas sales of competing encryption systems, the government is trying to make it difficult for any alternative schemes to become widespread. If Clipper manages to establish itself as a market standard -- if, for example, it is built into almost every telephone, modem and fax machine sold -- people who buy a nonstandard system might find themselves with an untappable phone but no one to call.

That's still a big if. Zimmermann is already working on a version of PGP for voice communications that could compete directly with Clipper, and if it finds a market, similar products are sure to follow. "The crypto genie is out of the bottle," says Steven Levy, who is writing a book about encryption. If that's true, even the NSA may not have the power to put it back.