by / November 30, 1995
Just about the time you thought you were getting a grip on computer networking -- or were at least clinging to it by your fingernails -- there's another 14-wheeler racing toward you on the information superhighway. Electronic commerce and digital signatures will become central issues in public access to government in the very near future.

Electronic commerce, like ol' fashioned commerce, includes written contracts, legally binding signatures and associated payments.

Contracts are the easy part -- text is text, whether it is on paper or on screen. But what about guaranteeing that all copies of an electronic contract are identical and remain unchanged? And how does one sign paperless contracts or authenticate such signatures? And how can one send or receive payments online?

Crypto is useful for far more than merely scrambling files and messages that one wishes to keep secret. A particular class of crypto, known as public key cryptography, is especially useful.

All crypto uses one or more keys to lock and unlock scrambled information. And, of course, the keys are not metal, and [un]locking is simply a computer process that [un]scrambles the [un]protected information. The keys are merely long sequences of 0's and 1's (binary digits or "bits"), and can be represented by decimal digits or even alpha-numeric sequences that are much shorter (but still tediously long).

Public key crypto uses matched pairs of keys -- one known as a "public" key; the other known as the matching "private" key. Either key can be used to scramble information, and the other matching key is the only one that can be used to unscramble the information.

One's public key can be freely shared and is often published in lists of public keys, just like people publish their phone numbers. Then, anyone wishing to securely communicate with the key owner uses their public key to encrypt the communication; sends it to them; and the recipient uses their other key -- that they keep secret to themselves -- to decrypt the message.

Furthermore, any change whatsoever in the encrypted document will make it un-decryptable, thus guaranteeing against undetected modifications -- accidental or intentional.

Similarly, a public key owner can encrypt a document with their secret key, and the document can be decrypted only by using their matching public key, thus providing authentication that the document came from the key owner. Such authentication used to be done with much-more-forgeable written signatures, thus this is called "digital signatures" -- which has NOTHING to do with digitizing an actual hand-written signature.

The same techniques are used to protect and exchange what is often called "digital cash" or "electronic money" -- and to conduct global "anonymous banking," an exciting prospect for taxing agencies.

Public key crypto techniques have been world-published for 15 years, and well-tested computer programs that provide very robust implementations of "p.k." are available globally. The most popular version -- known as PGP -- is available worldwide as freeware! (PGP stands for "Pretty Good Privacy," but it is actually very good -- so good that surveillance agencies are very upset that it is globally available. Cryptographers consider p.k. in general, and PGP in particular, to be uncrackable, if keys are used that are 100 bits long or longer.)

How can these cheap and free global computer programs enhance public access to government?

* They can guarantee to agencies and recipients that agency-scrambled copies of public documents remain unchanged as they are distributed and circulated online.

* They permit secure financial transactions so citizens and corporations can electronically pay for government records received online -- limited, of course, only to the actual cost of providing the incremental access or copy, as one would expect in a nation that advocates equal access.

* They also facilitate electronic exchange of unmodifiable documents with unforgeable, automatically verifiable digital "signatures" -- everything from driver's license applications and voter registrations to electronic ballot initiatives and even online voting -- now that states and the federal government are beginning to consider and adopt standards for conducting electronic commerce with public agencies.

Jim Warren has served on the California Secretary of State's Electronic Filings Advisory panel, received John Dvorak's Lifetime Achievement Award, the Northern California Society of Professional Journalists' James Madison Freedom-of-Information Award, the Hugh M. Hefner First-Amendment Award, and the Electronic Frontier Foundation Pioneer Award in its first year. He founded the Computers, Freedom & Privacy conferences and InfoWorld magazine. He lives near Woodside, Calif. E-mail: