[1] This paper was originally prepared by Teddy Kang (HLS ’01) as a description of the background of encryption as related to cyberspace. Section V (Another Way to Look at the Encryption Policy Debate: Individuals v. Marketeers) has been substantially altered to focus on potential future risks to privacy posed by encryption itself.

[2] Such as a hacker or a snooper.

[3] How does this interception work? Recall that after typing up the “HELLO” message to Bill and clicking the “send” button to transmit the message, the TCP/IP software on your computer breaks down the message into datagrams. These datagrams then get directed by routers from your LAN to Bill’s LAN via regional networks and, if necessary, backbones. However, the routing process is not completely secure. Therefore, hackers, expert programmers who find special tricks for getting around computer security, or other Internet snoopers, have the ability to intercept the datagrams as they get sent over the Internet public wires. By intercepting these datagrams, they can easily read your email message.

[4] Lawrence Lessig, Code and Other Laws of Cyberspace 36 (1999).

[5] Id.

[6] Id.

[7] Id.

[8] Id.

[9] Id.

[10] See id.

[11] Id.

[12] Ronald D. Lee, Associate Deputy Attorney General of the Department of Justice, Statement Before the House Committee on the Judiciary, Subcommittee on Courts and Intellectual Property (March 4, 1999).

[13] Id.

[14] Id.

[15] See Dan Froomkin, Deciphering Encryption, Washington Post, May 8, 1998, at A4.

[16] Id.

[17] Id.

[18] See Lee, supra note 12.

[19] See Louis J. Freeh, Director of the Federal of Investigations, Statement Before the Permanent Select Committee on Intelligence, United States House of Representatives (Sep. 9, 1997).

[20] See id.

[21] See id.

[22] See id.

[23] See id.

[24] Id.

[25] See Robert S. Litt, Principal Associate Deputy Attorney General, Testimony Before the Subcommittee on the Constitution, Federalism, and Property Rights Committee, United States Senate (Mar. 17, 1998).

[26] See id.

[27] See id.

[28] See id.

[29] It was the VIN in the Oklahoma City bombing case that led the FBI to the truck rental office at which Timothy McVeigh rented the truck he used.

[30] Litt, supra note 25.

[31] See id.

[32] See Kenneth Flamm, Deciphering the Cryptography Debate, Brookings Institute Policy Debate #21, July 1997.

[33] See id.

[34] See id.

[35] See id.

[36] Froomkin, supra note 15.

[37] Id.

[38] Id.

[39] See id.

[40] See id.

[41] See id.

[42] Flamm, supra note 32.

[43] See id.

[44] See Roberto Suro and Elizabeth Corcoran, U.S. Law Enforcement Wants Keys to High-Tech Cover, Washington Post, March 30, 1998, at A4.

[45] See id.

[46] A system that enabled recovery of their own encrypted business data, in fact, was actually useful to companies in dealing with the risks of employee turnover.

[47] Suro and Corcoran, supra note 44.

[48] See id.

[49] H.R. 695, 105th Cong. (1997).

[50] Id.

[51] S. 2067, 105th Cong. (1998).

[52] Id.

[53] S. 909, 105th Cong. (1998).

[54] Id.

[55] David E. Sanger and Jeri Clausing, U.S. Removes More Limits On Encryption, New York Times, Jan. 13, 2000, at D1.

[56] U.S. Policy on Encryption (visited Apr. 4, 2001) <>.

[57] See Flamm, supra note 32.

[58] See id.

[59] See id.

[60] See id.

[61] See id.

[62] Big Brother in the Wires: Wiretapping in the Digital Age, ACLU Special Report (Mar. 1998).

[63] See id.

[64] See id.

[65] See id.

[66] Id.

[67] See id.

[68] Id.

[69] See id.

[70] Id.

[71] Id.

[72] Id.

[73] Id.

[74] Kenneth W. Dam and Herbert S. Lin, Cryptography’s Role in Securing the Information Society 181 (1996).

[75] See id at 182.

[76] Id.

[77] Sanger and Clausing, supra note 55.

[78] See id.

[79] ACP Extremely Gratified by Modernized Encryption Policy (posted Jan. 12, 2000).

[80] Lessig, supra note 4 at 35.

[81] Id. at 36.

[82] See id.

[83] Yahoo recently announced that it will start sending users of its site e-mail marketing messages on behalf of its own services, even if its users had previously requested not to receive any marketing from Yahoo.

[84] It should be noted that Amazon is being used for illustrative purposes. Amazon’s present privacy policy states it is not in the business of selling information to others. However, it also states that as it develops its business it might sell stores or assets, which includes its database. Significantly, it also states that it handles promotions to its own customers made on behalf of other businesses. In other words, while it may not sell transactional or surfing information to other businesses, it will use that information itself on behalf of the other businesses. See

[85] A recent New York Times article describes just how valuable even limited information is:

“Direct Media, a mailing list broker in Greenwich, Conn., offers access to 2.9 million Lycos users at a cost of $125 per thousand names for a single mailing. (An extra $15 per thousand lets marketers select users showing an interest in a topic like cats or gambling.) Advertisers typically pay for the right to send a single mailing or make a single phone call to a name on a list they rent; they do not own the information outright.”

New York Times, online edition April 11, 2002, “Seeking Profits, Internet Companies Alter Privacy Policy”

[86] See Lessig, supra note 4 at 35.

[87] See id.

[88] Sanger and Clausing, supra note 55.

Next: Discussion questions...

Please send inquiries to

Welcome | Registration | Discussion | Resources |
The Berkman Center for Internet & Society