In a new novel, Digital Fortress by Dan Brown, the National Security Agency (NSA) has built a code-breaking supercomputer called TRANSLTR that can crack any cryptographic cipher in a matter of seconds. Ostensibly, the purpose of this computer is to monitor the encrypted communications of terrorist groups, but the designer of this supercomputer recognizes the danger presented to the privacy of ordinary citizens by his creation and invents an unbreakable code called Digital Fortress. He threatens that, if the NSA does not make the existence of TRANSLTR publicly known, he will distribute Digital Fortress on the Internet.

Unfortunately, only in novels, I suspect, do NSA employees have consciences, much less concern for the privacy of Jane Q. Citizen. Fortunately, only in novels does the NSA have a computer that can crack codes in seconds - even the world's most powerful supercomputer, the Intel Paragon, would take a bit longer than a few seconds to crack a message by brute force that was encrypted with PGP (Pretty Good Privacy, a freely available encryption program that runs on PCs and Macs).

However, the NSA does indeed monitor all Internet communication, just as it monitors all telephone, radio, and satellite communication, and, therefore, our collective right to privacy is routinely violated by the Government without our knowledge.

But what is different about the NSA's activity on the Internet has to do with the Internet itself and the public's understanding of it. The Internet is inherently open and insecure, which makes it incredibly easy to monitor and intercept communication traffic like e-mail messages, for instance. Furthermore, the majority of the American public is largely unaware of how insecure the Internet really is - it is interesting that, thanks largely to the mainstream media's successful manufacturing of Internet paranoia, technophobic or computer illiterate people are more conscious of this aspect of the Internet than many people who use the Internet regularly. Most people have heard about government agencies tapping phone lines or even steaming open paper mail, but it seems that most people are not aware of the government's routine monitoring of Internet communication traffic, particularly e-mail traffic. This ignorance is dangerous for a society that has become almost wholly dependent on electronic mediums of communication.

The NSA's surveillance of Internet communication began at the early stages of the Internet's development when it was still populated only by government employees, university researchers, and government contractors. Many people involved with the early Internet (known then as ARPANet) were aware of this surveillance. In fact, Richard Stallman, an MIT computer scientist who was then involved with the ARPANet (and later would found the Free Software Foundation), added an optional feature to a text editor/e-mail client that he had created called EMACS; the purpose of this feature was to undermine the NSA's surveillance efforts. The optional feature added randomly selected keywords at the end of an e-mail message composed in EMACS; these keywords (i.e. revolution, terrorist, etc.) he believed would trigger interception by the NSA computers and, hopefully, if enough people made use of this feature, clog the NSA's computers with irrelevant e-mail.

In former New Zealand intelligence agent Nicky Hager's book Secret Power, one discovers that the NSA's surveillance capabilities are not hindered by political borders. Under the code-name ECHELON, and with the help of the British, Australian,New Zealand and Canadian Governments, the NSA has established a global communication surveillance network that is capable of monitoring most of the world's electronic communication.

The ECHELON system was created by the NSA as a means to interconnect surveillance systems that had existed in these countries since WWII, and to put these foreign surveillance operations under the control of the NSA. What ECHELON became was an international network of computer systems, each intercepting all fax, telex, e-mail and satellite communications in their region of the world. The intercepted communications are scanned with "dictionary" programs for certain keywords; these dictionaries not only contain keywords of interest to the intercepting agency, but also keywords that are of interest to the other intelligence agencies around the world involved in the ECHELON network. If the intercepted message contains a matching keyword, it is immediately passed on to the headquarters of the agency concerned.

Given this massive technological arsenal, how can citizens protect their privacy on the Internet? There is one method that has proven to be an effective monkey wrench in the Government's efficient surveillance machine, and that is strong encryption. Despite the claims of fiction writers, there is no such thing as an unbreakable code or uncrackable encryption, but what good encryption can ensure is that if someone wants to snoop on your e-mail communications they are going to have to put a good deal of effort into it. Cracking encrypted electronic communications is the labor-intensive equivalent of steaming open envelopes, whereas intercepting and reading unencrypted mail is as easy as reading the back of a postcard. Not surprisingly, the FBI and NSA have asked Congress to outlaw strong encryption. We as citizens should be fighting their efforts every step of the way.

In the documentation for PGP, the program's author, Phil Zimmermann, poses the following to users who may be skeptical about the need for publicly available strong encryption programs:

"Perhaps you think your E-mail is legitimate enough that encryption is unwarranted. If you really are a law-abiding citizen with nothing to hide, then why don't you always send your paper mail on postcards? Why not submit to drug testing on demand? Why require a warrant for police searches of your house? Are you trying to hide something? You must be a subversive or a drug dealer if you hide your mail inside envelopes. Or maybe a paranoid nut. Do law-abiding citizens have any need to encrypt their E-mail?"

The answer is obvious, of course they do. In the next issue I'll demonstrate how to use PGP (still the best personal encryption software, and it's free) as well as demonstrate other ways one can enhance one's privacy and security on the Internet.

Suggested Reading and Websites:

Secret Power: New Zealand's Role in the International Spy Network

by Nicky Hager (http://caq.com/CAQ/CAQSecretPower.html)

The Puzzle Palace: A Report on America's Most SecretAgency

by James Bamford; Viking, ISBN: 0140067485

The Crypt Newsletter

http://sun.soci.niu.edu/~crypt/

Secrecy & Government Bulletin

http://www.fas.org/sgp/bulletin/index.html

PGP: Pretty Good Privacy

by Simson Garfinkel; O'Reilly & Associates, ISBN: 1565920988