Letter to the Editor

April 30, 1999

Andrew Katz, Brethertons

Thank you for yet another interesting and informative Computers and Law.May I be permitted to make the following point about computer cryptography:

Since the technology is now widely available to enable anyone with access tothe Internet to encrypt information in a way which we are led to believe ispractically uncrackable (for example see http://www.pgpi.comfor the excellent encryption package, PGP) isn’t the government wasting its timeeven considering any form of regulation of cryptography? Perhaps it would bepolitically disastrous for the government to admit that it has lost the battlebefore it has even been fought, but if the government’s aim in regulatingencryption is to prevent and detect crime (see, for example, the DTi document`net benefit’ at http://www.dti.gov.uk.Cll/netbenefit.html)then I fail to see that any possible proposal can work. The most extrememeasures – criminalising the use or possession of cryptographic software – aredoomed to failure. The use of cryptography can be easily and effectivelyconcealed by the process of `steganography’ (one technique of which involvesinserting the data constituting the encrypted message into a largehigh-resolution picture by varying the intensity of individual pixels by a bitor two which is sufficiently small for the encrypted data to beindistinguishable from the background noise constituting any digitisedhigh-resolution picture). Steganography programs are available commercially forless than £30. It is also possible to conceal the possession of cryptographicsoftware itself relatively straightforwardly. However, even this may not benecessary: encryption programs can be downloaded as and when needed and deletedafter use. Alternatively, the encryption process could be carried out by a JAVAapplet which is simply downloaded onto the user’s browser and run from there,with no trace remaining after it has been used).

It seems to me that for the government even to suggest any form of regulationof cryptography demonstrates its ignorance both of the technology and theissues. Any legislation arising from such proposals can only serve to reduce thefreedom and privacy of law-abiding citizens, as well as reducing competitivenessof the UK in international markets. Any government which passes legislationwhich is doomed to failure will become a laughing stock. The government shouldadmit that its proposals are doomed to failure and concentrate its energies inmore productive projects (like repealing those provisions of the Copyright andRelated Rights Regulations 1996 which make it, for no rational reason,potentially unlawful for me to import into and resell in this country CDs andDVDs purchased outside the EEA).