Since the arrival of the new communication technologies, the police and law enforcement have issued repeated warnings about the dangers posed by encryption. For a long time, the interests of police and law enforcement were diametrically opposed to individuals’ and organisations’ need for privacy and the business community’s need for both privacy and the protection of their commercial interests. This essentially political discussion was influenced to a large degree by technological developments. The police and law enforcement’s wish to keep communication comprehensible and legible were threatened by the distribution of relatively high quality encryption via the Internet. When efforts to restrict the use of encryption techniques failed because they were technically and legally unviable, law enforcement agencies were forced to consider other options. Since then, a broad packet of measures has been created to give the authorities enough scope to restrict any problems caused by encryption to a minimum.
These measures consist of regulations and creative bypasses such as the following examples. Firstly, there is an obligation to decrypt for anyone who is not a suspect. This applies to telecom providers who have encrypted the communications themselves, Trusted Third Parties who keep other people’s keys, and those to whom the encrypted message is addressed. In fact, the impossibility of cracking encrypted data remains restricted to encrypted information that can only be decrypted by the suspect himself, or to information that non-suspects refuse to decrypt thereby running the risk of a prison sentence.
Secondly, there are alternative investigative methods that circumvent encryption. These concern the powers given to the police to intercept messages directly, to place microphones in keyboards, to break in and to infiltrate. All these powers can lead to the recovery of key words or the interception of encrypted (data) communication. Placing infiltrators and the use of crown witnesses also offers opportunities for unravelling a key word or bringing evidence to court. Intelligence services are also allowed to hack into and manipulate computers in order to obtain access to encrypted data.
Thirdly, the authorities, in collusion with scientists and the business community, are investing in code cracking technology. The police are allowed to attempt to crack confiscated computers; the intelligence services are authorised to keep all intercepted encrypted material until it is possible to decrypt it. After it has been decrypted, they can keep this information for another year to see if it can be of any use to them.
Fourthly, there are less visible methods open to the authorities such as the construction of secret back doors in encryption programs, or the deliberate weakening of encryption programs. The authorities have not spent so much time lecturing each other on the importance of close cooperation with business and software developers just for fun. The police and law enforcement are eagerly awaiting the arrival of better anti-virus programs and firewalls (a defence against unwanted visitors). It is not their intention that a Trojan horse that was placed with much difficulty should be detected and reported the next day by some such security program. A good chat between software producers and the authorities is on the cards.
Now that the authorities have gathered together a number of different options to neutralise the effects of encryption as much as possible, one would expect them to redirect their efforts towards the next problem; the enormous increase in anonymous users. Providers of free Internet connections have no reason to determine the identity of their users, as they don’t have to send out invoices or chase up tardy payers.
The first tentative steps have already been taken. During a hearing on the new Computer Criminality Act at the end of 1999, the Dutch police suggested introducing a sort of license for Internet users. Every Internet user would be given a registered IP number, which would be recorded in a national register. A court ruling could give the police and law enforcement access to this national register.
Another experiment is the use of so-called caller ID, to make number recovery obligatory. It is now possible to protect the identification number of the telephone making the connection to the Internet. In this way, the caller can remain anonymous.
Furthermore, the police have announced their intention to patrol the Internet more thoroughly in order to discover the identity of an anonymous caller by using other activities and contact networks of the suspect.
The police and law enforcement have in any case found a sympathetic audience amongst the conservative-liberal party VVD. ICT spokesperson Oussama Cheribi stated recently; “anonymous surfing should be regarded as a crime, unrestricted anonymity on the Internet must be made punishable”. According to Cherribi, this is a matter of state security. He also advocated the establishment of a group of specialised civil servants to follow developments on the Internet in order to prepare new legislation.
The progress of technological developments will remain a reason for the police and law enforcement to request new powers. Mobile access to the Internet (wireless application protocol) will become more important. The nightmare scenario of the police and the judicial authorities must be an anonymous user communicating with a prepaid telephone card using encrypted e-mail.
The police and law enforcement sometimes find themselves diametrically opposed to the telecom industry, as their wishes run contrary to commercial interests. They can, however, become allies whenever their interests are analogous. In February this year, the TMF web provider banned anonymous surfing. The users of the TMF web misbehaved themselves to such an extent (e-mail bombardments, polluting newsgroups, hacking attempts), that other providers threatened to blockade all e-mail from TMF. TMF is now the only free provider to make number recovery compulsory, so that they can trace the miscreants. Of course, the police are only too pleased to go along with such developments.
In their struggle to gain more powers, the police tend to exaggerate. The gigantic dangers posed by hacking attacks are mostly due to carelessness and slack security methods. Investing in security, including strong encryption is a better and more direct means of making the digital word safer than extending all sorts of powers that have a direct impact upon citizen’s privacy and civil liberties.
The authorities’ complaint that they are threatening to lose control of cyberspace, must be taken with a large pinch of salt. The statistics and examples of the enormous increase in criminal activity caused by the Internet and the threat of criminals enjoying encrypted given immunity, which are currently doing the rounds are persistent, but, in general are not backed up by hard facts.
In practise, criminals seem to make surprisingly little use of good encryption, so that they still chat away till their heart’s content on mobile telephones, even though it is common knowledge that the Dutch police intercept such messages on a large scale. “Encryption is not yet crucially important” was the conclusion reached by researchers from the Police Advice Centre In-pact, in their study Criminality in Cyberspace (see Chapter 5). The question is how quickly the police will implement new large-scale investigative methods, considering the disappointing lack of fully qualified high-tech criminals. In the meantime, the special investigative powers have been extended considerably, and international agreements have been made on supple and informal investigations.
It looks as if the police and law enforcement have gratefully grabbed the chance offered by the mysterious digital world and elusive new technologies to obtain extensions of their own powers that are generally extremely useful.
Luckily, the government is not behaving like a monolith in this respect. Inside government circles and advice bodies, there are people who want to define anonymity as a right. Examples are the “Constitutional Rights in the Digital Era Commission” and the Council for public governance.
The cyber world is experiencing a remarkable paradox. On the one hand, digital communication makes anonymity possible, but on the other hand, anyone using virtual communication leaves a large number of digital trails behind. It is easy to trace these trails and compare them with all sorts of other registers, allowing for the compilation of detailed individual profiles that can cover a considerable part of an individual’s life. The life of the modern citizen is becoming increasingly transparent rather than increasingly anonymous. This in itself provides an argument for sharpening privacy legislation and defining the investigative powers given to the police and law enforcement very carefully indeed.
 Joris Evers, VVD: Anonymity on the Internet should become a criminal offence, Webwereld, 16 December 1999 http://www.webwereld.nl/nieuws/dysta/3300.phtml
 Council for Public Governance, “ICT and the right to remain anonymous”, The Hague, January 2000
 See: Karin Spaink, A life in shreds, Het Parool, 8 February 1999, http://www.xs4all.nl/~kspaink/parool/19990208.html