The Federal Government has a large input on how encryption is used in everyday life. Because a large amount of software and standards development takes place in the United States, the Federal Government controls how ubiquitous encryption technology is in a variety of ways. Congress has considered legislation ranging from preventing the distribution of software to forcing (by law) and encryption method to have a back door known to government agencies.

Compared to what has been proposed in the past, the US Government currently has a relatively laissez-faire approach. However, the US Department of Commerce has a powerful influence on government policy in that regard. The US Commerce Secretary, as the head of that organization, will help to set US encryption-related policies. We can foresee the direction those will take by looking at Judd Gregg, President Obama’s appointee for Commerce Secretary.

While Mr Gregg has a mostly pro-technology stance, he immediately called for a ban on all encrypted products after September 11, 2001. These products could only be used, according to Gregg, if they included a decryption back door which would allow federal agencies to access any content. The legislation didn’t find a lot of traction in Washington, and was never enacted. This proposal from Mr Gregg is fairly disturbing on many levels.

First, citizens in the Unites States have a right to privacy, and also to the expectation of privacy. Explicitly requiring any encryption product to have a back door would destroy any expectation of privacy, even if an actual violation of privacy is more difficult to prove.

Second, software is freely available (and was in 2001) which can perform secure encryption without a government back door. If Gregg’s ideas were passed into law, all that would happen is that law-abiding companies and citizens would make themselves vulnerable to the the back door in their systems while criminal organizations, terrorists, and residents of any foreign country would happily not. The ability of US government agencies to monitor communications outside the country would be no better than today. It’s interesting that this sort of policy can only be used for domestic spying. Did Gregg realize this when he proposed it?

And if there’s one thing the Internet has taught us, its that the world is very good at finding back doors. It would only be a matter of time before this one would become public knowledge — jeopardizing all lawful US companies.

One can hope that Mr Gregg’s proposal was a poor snap decision in the wake of the terrible events of the day, and that the combination of time and sanity have tempered his judgment. Or, we can at least hope that he has access to better advisers.

* Update * Mr Gregg has declined to accept the cabinet position, claiming that it is “too difficult” for him.