Книга: Code 2.0
The examples so far have involved regulations directed to code writers as a way indirectly to change behavior. But sometimes, the government is doubly indirect: Sometimes it creates market incentives as a way to change code writing, so that the code writing will indirectly change behavior. An example is the U.S. government’s failed attempt to secure Clipper as the standard for encryption technology.
I have already sketched the Janus-faced nature of encryption: The same technology enables both confidentiality and identification. The government is concerned with the confidentiality part. Encryption allows individuals to make their conversations or data exchanges untranslatable except by someone with a key. How untranslatable is a matter of debate, but we can put that debate aside for the moment, because, regardless, it is too untranslatable for the government’s liking. So the government sought to control the use of encryption technology by getting the Clipper chip accepted as a standard for encryption.
The mechanics of the Clipper chip are not easily summarized, but its aim was to encourage encryption technologies that left a back door open for the government. A conversation could be encrypted so that others could not understand it, but the government would have the ability (in most cases with a court order) to decrypt the conversation using a special key.
The question for the government then was how it could spread the Clipper chip technology. At first, the Clinton administration thought that the best way was simply to ban all other encryption technology. This strategy proved very controversial, so the government then fixed on a different technique: It subsidized the development and deployment of the Clipper chip.
The thinking was obvious: If the government could get industry to use Clipper by making Clipper the cheapest technology, then it could indirectly regulate the use of encryption. The market would do the regulation for the government.
The subsidy plan failed. Skepticism about the quality of the code itself, and about the secrecy with which it had been developed, as well as strong opposition to any governmentally directed encryption regime (especially a U.S.-sponsored regime), led most to reject the technology. This forced the government to take another path.
That alternative is for our purposes the most interesting. For a time, some were pushing for authority to regulate authors of encryption code directly — with a requirement that they build into their code a back door through which the government could gain access. While the proposals have been various, they all aim at ensuring that the government has a way to crack whatever encryption code a user selects.
Compared with other strategies — banning the use of encryption or flooding the market with an alternative encryption standard — this mode presents a number of advantages.
First, unlike banning the use of encryption, this mode of regulation does not directly interfere with the rights of use by individuals. It therefore is not vulnerable to a strong, if yet unproven constitutional claim that an individual has a right “to speak through encryption.” It aims only to change the mix of encryption technologies available, not to control directly any particular use by an individual. State regulation of the writing of encryption code is just like state regulation of the design of automobiles: Individual use is not regulated. Second, unlike the technique of subsidizing one market solution, this solution allows the market to compete to provide the best encryption system, given this regulatory constraint. Finally, unlike both other solutions, this one involves the regulation of only a relatively small number of actors, since manufacturers of encryption technology are far fewer in number than users or buyers of encryption systems.
Like the other examples in this section, then, this solution is an example of the government regulating code directly so as to better regulate behavior indirectly; the government uses the architecture of the code to reach a particular substantive end. Here the end, as with digital telephony, is to ensure that the government’s ability to search certain conversations is not blocked by emerging technology. And again, the government pursues that end not by regulating primary behavior but by regulating the conditions under which primary behavior happens.
- BitLocker Drive Encryption (Шифрование тома)
- Encryption and Decryption
- Restoring encryption certificates
- Backing up encryption certificates
- Understanding encryption and the encrypting file system
- Managing encryption recovery policy
- Understanding encryption certificates and recovery policy
- Часть 1
- Configuring Remote Login and Execution
- Chapter 3 Creating and Managing Virtual Networks
- 24.3 Стратегия безопасности