After the terrorist attack on the United States, politicians and security experts are emerging from the woodwork to essentially revive the Clipper chip initiative. All cryptographic systems, these folks claim, should have built-in backdoors which government authorities could use to decrypt messages if need be. Aside from the civil liberties issues, the main problem is that this seems to be based on a false premise — that the terrorists were able to pull of their brazen attack because, at least in part, they encrypted their communications.
Piecing together what little has been publicly revealed, it seems that rather than rely on PGP or other encryption schemes, the terrorists used plain old unencrypted web mail, public access terminals, and the ages old practice of code words to talk about their plans. According to a story in The Guardian,
FBI investigators had been able to locate hundreds of email communications, sent 30 to 45 days before the attack. Records had been obtained from internet service providers and from public libraries. The messages, in both English and Arabic, were sent within the US and internationally. They had been sent from personal computers or from public sites such as libraries. They used a variety of ISPs, including accounts on Hotmail.
According to the FBI, the conspirators had not used encryption or concealment methods. Once found, the emails could be openly read.
In fact, as a security expert told The Guardian, if the terrorists had used PGP their plot would have had a higher chance of being uncovered since the steady stream of encrypted messages would have stood out.
Terrorists and criminals who are not already known to authorities can hide in this way because of the sheer volume of communication over the Internet. The NSA, for example, is reportedly building one of the largest electronic archival systems in the world, capable of holding up to 20 million gigabytes of information … an amazing amount of information, but according to The Guardian, only enough space to archive intercepted Internet communications for 90 days.
And just think how much larger that traffic is going to be 5 or 10 years from now, as the rest of the world starts to become as wired as the United States and Europe already are, and new applications and uses for the Internet take off within the already Internet-saturated countries.