Though almost every American instinctively cringes at the mention of government limiting freedoms and invading privacy, I believe that often this invasion of privacy is a necessary evil to ensure safety. By limiting the DES, or Data Encryption Standard, to 56 bits or less for civilian business use, the NSA ensured that they would be able to crack an encryption through brute force if needed. Though this meant that businesses would be less secure, it also meant that the NSA would be able to investigate any dubious behavior by cracking the encryption. This is only a small example of the greater debate of privacy vs security. Unfortunately, it is almost impossible for a government to ensure both privacy and security; one must be greater than the other.
Though the business encryption of 56 bits is less secure than it could be, Singh states that 56 bits would be almost impossible for any civilian computer to brute-force break (250). Though some might argue that civilian computer power has increased to be able to break 56 bit encryption and the NSA has left businesses vulnerable, this is not true. Within the U.S., there is no restriction on the level of cryptography that one can use, and the only restrictions lie on exporting cryptography (Johnson 2002). This is because the NSA needs to be able to break encryption from possible terrorists or other groups that might want to harm the U.S. The government has even realized the weakness of DES and has encouraged a new encryption system called Advanced Data Encryption that can use up to 256 bits instead of 56 (Institute 2001). By increasing the standard encryption level, the NSA has shown that they are working to promote security for civilians, not intentionally limiting security to put people in danger.
A small amount of limiting of security, though it may put companies at risk, is a small price to pay to allow the NSA to, if necessary, break the encryption of data that would help protect the U.S. from a disaster that would cost lives. Though a break in security at a large company might cost them millions of dollars, the cost of lives lost from not being able to decrypt data is priceless.
Johnson, M. (2002, October 14). Where to Get PGP. Cryptography.org. Retrieved November 5, 2012, from http://www.cryptography.org/getpgp.htm#IS_PGP_LEGAL_
Institute of Standards and Technology. (2001, November 26). Federal Information Processing Standards Publication 197. Csrc.nist.gov. Retrieved November 5, 2012, from csrc.nist.gov/publications/fips/fips197/fips-197.pdf
Leave a Reply