UIC John Marshall Journal of Information Technology & Privacy Law


Both businesses and private individuals are trying to protect the confidentiality of electronic proprietary data and communications through the use of encryption technology. Encryption technology includes methods such as digital encryption, which uses an encryption algorithm to convert a plain text message to an encoded ciphertext. However, the use of such technology raises concerns for the federal law enforcement and national security authorities, who are concerned that criminals and terrorists will use the technology for their own purposes. Thus, the federal government has used United States national security policy coupled with law enforcement strategies to shape the regulation of encryption technology. The regulation of encryption has been primarily accomplished through the use of export restrictions. In order to export encryption items, a license is necessary, with some limited exceptions. The regulations enacted have been challenged in the courts under the First Amendment, with mixed results as to the constitutionality of the export restrictions. It is likely that there will be future challenges to the encryption export restrictions, on the same ground. The government has also been unable to keep up with fast moving advances in technology. Ronald Rivest proposed a new method of securing data transactions and communications over the Internet, known as chaffing and winnowing, in 1998. The sender will send a combination of "good" packets (wheat) and "bad" packets (chaff), and the recipient will remove the chaff to get to the real message. This process involves authentication of messages by use of a private key shared by the sender and recipient, and does not constitute encryption. While this process may qualify as encryption in its broadest sense, the confidentiality sought can be obtained even without the knowledge or permission of the original sender. Because it is not technically encryption, this technology would not be subject to controls. The costs of attempting to regulate this new method would be high; it would require that the government gain access to all authentication keys, which would greatly increase the rise of fraud and undermine the privacy of the information infrastructure. In addition, it would hamper the United States' competitive position of encryption manufacturers in the world market. Because of the likelihood of methods such as the chaffing and winnowing method to be used to ensure confidentiality and because it is not reasonable to believe that those who will use cryptonology for illegal purposes will not find it, the regulatory policies put forward by the national security and law enforcement authorities are impractical and must deal with the realities of technological advances.