555 West 57th Street
New York, NY 10019
Dear 60 Minutes,
Your February 26 story on computer security missed the most important point
-- the United States Government requires network providers to keep their
systems easily exploited. Encryption would enable companies to thwart
unwanted intrusion by disguising the content of messages, making the
messages virtually unreadable to anyone who does not possess the decryption
key. Computer intruders would not be able to steal passwords or credit
card information because they would not be able to read the data.
Furthermore, encryption helps authenticate users by making it difficult to
forge information used to identify messages.
But network security poses an interesting threat to U.S. law enforcement.
If the system is secure, how can the National Security Agency intercept the
messages of evil terrorists? Rather than "ramp up" their own law
enforcement techniques, the NSA and others have made a requirement that the
networks "dumb down" to their level. Such antiquated Cold War thinking has
resulted in the State Department refusing to remove encryption from the
U.S. Munitions List, -- where it currently sits right alongside
flamethrowers and B-1 bombers -- severely restricting its legal use on
international networks like the Internet.
The Electronic Frontier Foundation has just filed a lawsuit challenging the
the current Arms Export Control Law on First Amendment grounds. (The press
release is included.) Hopefully, this will open the door for technological
solutions to protecting security that are currently available but remain
Director of Legal Services