Nor is limiting the use of encryption the way to go. Listening to Senator Gregg’s scary talk about terrorists using unbreakable encryption systems, it is hard to imagine any American contesting restrictions on such an inherently dangerous technology. Gregg and the FBI have long opposed strong encryption on the grounds it limits the ability to conduct searches and execute wiretaps. That’s because in recent years, cops have been increasingly frustrated by encrypted files on seized computers in cases involving financial crimes, child pornography and drug dealing. To the FBI’s vaunted Carnivore system, encrypted email is, as they say, a cipher. And voice encryption can render a telephone wiretap useless.
But despite reports that Osama bin Laden is a big fan of encryption, a ban on tough encryption systems wouldn’t have prevented the terrorist attacks of September 11. For starters, all the terrorists had to do to scramble their conversations was speak quickly in Dari or Pashto-two Afghan languages for which we have few translators available. This is not a new trick: in World War II, the U.S. military used Navajo “code talkers” speaking in their native language to create an unbreakable communications system.
Even if we could persuade our enemies to speak in English, there is nothing to prevent them from using strong encryption. After all, software that makes unbreakable codes has been available worldwide for more than a decade. Laws banning crypto will have no more effect than laws against flying fully fueled Boeing 767s into 100-story skyscrapers.
On the other hand, laws mandating the use of weakened encryption or “key escrow” could have a devastating impact on business and e-commerce.What Gregg and others fail to realize is that the vast majority of Cryptography users today are not terrorists and drug dealers but U.S. businesses. Many banks and brokerage firms, for example, demand that their customers use an “unbreakable” encryption scheme based on a digital key 128 bits long when accessing electronic banking systems. Encryption likewise protects credit card numbers used to make purchases over the Internet. And a growing number of U.S. companies operating overseas use encryption to give branch offices secure links to the home office’s computers. Over the last 10 years, corporations have experimented with weaker forms of encryption that include “back doors” for law enforcement. Their almost universal conclusion: the technology is too complex to deploy, and it creates risks and vulnerabilities that are unacceptable to many users.
The third infotech weapon commonly called upon to fight terrorists is a national ID card. But the United States already has a de facto national identity card: it’s called a driver’s license. Over the past 10 years, driver’s licenses have been standardized, they have been equipped with bar codes and magnetic strips, and states have created databases of digitized driver’s-license photographs. Indeed, a driver’s license is the most readily accepted identification for anyone flying on an airplane, opening a bank account or obtaining most social services.
Adding biometric identifiers like fingerprints or face prints to the driver’s license and requiring that it be carried at all times would not have prevented the September 11 attacks. Don’t forget, Mohamed Atta and at least several other hijackers had valid driver’s licenses. And while many of the attackers were using stolen identities, those identities were stolen overseas. If the United States had a biometrically enabled national identity card, the hijackers would have been issued those cards when they legally entered our country-under whatever names they had already stolen.
If we really want to ban technologies that have been used by international terrorists, we should start with box cutters: they are small, hard to detect and have a proven track record. Ceramic knives are equally stealthy and dangerous: better ban them too.While we’re at it, we might as well ban commercial airliners: let’s see those terrorists try to hijack a train!
Banning additional carry-on items is not the way to go. Instead of loading the plane with five terrorists, next time the enemy might use 20. A contingent that large could take over the passenger cabin without any weapons whatsoever. That’s why aviation experts are sensibly calling for stronger doors separating pilots from passenger cabins.
Meanwhile, we need to harden the rest of our society, because the next assault will almost certainly not involve the hijacking of a civilian airliner. Two weeks after the attacks in New York, the sight of small planes flying low over Massachusetts’s Quabbin Reservoir, which supplies Boston’s water, prompted fears that the reservoir might be poisoned. The Massachusetts Water Resources Authority dismissed such fears as baseless, saying that it performs 100 safety tests on the reservoir every week, and that in any event, Quabbin is too big to poison. This made me feel somewhat safe-until I learned that these weekly checks don’t include tests for radioactivity.
We have the capacity to turn the United States into a surveillance society the likes of which the world has never seen. We could also significantly reduce the chances of a successful terrorist action in the future-a quite separate pursuit. It looks like Bush and Ashcroft are using September 11 as an excuse to clamp down on civil liberties, not as a wake-up call for solving these hard problems.