ZDNet reports that some members of Congress want a worldwide ban on “uncrackable” computer encryption in the wake of the terrorist attacks on the United States.
First, no existing system of computer encryption is uncrackable. Very difficult to crack if implemented correctly, but not uncrackable. Even systems using what should be an uncrackable scheme — one time pads — usually end up being cracked given enough time due to human factors that for a number of reason are almost impossible to eliminate.
Second, we need “uncrackable” computer encryption. As computers have gotten faster and advances in mathematical theory and programming have occurred, we’ve seen one after another encryption scheme brought down to the ground by some creative folks. Look at SSH, for example, which is a widely deployed and extremely secure system, except it is possible in theory to crack it because of idiosyncracies about how people tend to type (i.e. in theory, you might be able to guess my password by seeing how long it takes me to go from one letter to the next and then inferring from that which keys I must be typing). The more uncrackable, the better.
Third, even if it were a good idea, the possibility of a global ban on something like public-key encryption is ludicrous. There is no way such a ban could ever work. Would they really want to go around and arrest anyone who posts a PGP key? It’s just a silly proposal, especially when it comes to terrorists. Afghanistan let Osama bin Laden set up terrorist training camps in that country — does Congress really think they would have demanded that he relinquish his copy of PGP?