(FORTUNE Magazine) – Don't believe what I saw A hundred million bottles Washed up on the shore --Police, "Message in a Bottle"

In the weeks following the World Trade Center tragedy, many government officials were actively lobbying for increased Internet surveillance as a method of restricting terrorist activity. No surprise: Numerous reports detailed the ways Osama bin Laden and his many supporters use the Internet to help organize and share information. Senator Judd Gregg of New Hampshire called for "a global prohibition on encryption products without backdoors for government surveillance"--a request that presumably would enable the government to decode any message sent across the Net. Many large ISPs, including AOL, Earthlink, and @Home, reported that the FBI approached them after the tragedy and served them with Federal Intelligence Surveillance Act orders to search for possible communications that may have aided in the attacks.

This type of activity sends shivers down the spines of many pro-privacy technology activists. Of course, these outspoken and knowledgeable people are not pro-terrorist, and surely they were as disturbed by the terrorist action as the rest of us. That said, they do not believe that you can protect freedom by restricting or destroying it. Their sentiments tend to reflect a quote from Benjamin Franklin: "They that give up essential liberty to obtain temporary safety, deserve neither liberty nor safety."

But putting aside any debate on civil liberties, a stronger case against the government's Internet surveillance attempts is that there may well be huge problems in both implementation and effectiveness. One predicament is just how much of the genie is already out of the bottle. So called "strong" encryption techniques--those that are nearly impossible to decipher--are broadly available on the Internet. Moreover, those tools are cataloged and archived in many forms: from ready-to-run software to source code to simple algorithms that describe the general concepts. Also, importantly, many of these algorithms have been developed outside the United States.

Another disturbing development is the increased use and availability of steganography--the act of embedding or hiding a message inside a seemingly innocent digital vessel. Several programs on the Internet, many of which are shareware or free to download, make it easy to embed one file in another. Typically the transport file is large and dense, such as a JPEG photo or an MP3 file. These encoding techniques are so slick that the resulting file is indistinguishable to the human eye or ear. As a result, a covert communication may appear as innocent as two parties sharing a Britney Spears song over the Internet. USA Today has reported that Osama bin Laden and his followers are heavy users of steganography.

Proposals like Senator Gregg's are unlikely to filter out much of the steganography. But what about his demands for "backdoor" access to encryption techniques? Couldn't that give the U.S. a huge new tool in tracking the progress of terrorists? Proposals like these--and other attempts to make the Net less accessible to terrorists--certainly sound good, but they raise more questions than they answer:

Whom do we trust?

We're having a hard enough time getting a majority of leading countries to join a coalition against terrorism. How realistic is it to think we can line everyone up in an organized assault on encryption? Many countries have much stronger feelings about personal privacy and are therefore unlikely to participate. Other less industrialized countries are going to have a hard time considering this a relevant priority. More important, how will we implement the dissemination of government keys that would unlock messages? Do we trust all governments that join the effort? Who gets to see cross-border communication?

What do we ban?

Many in the scientific community have pointed out the silliness in outlawing an algorithm (basically a flow chart of how the code works). First, any good programmer can convert a detailed algorithm into software code, and as such, the algorithm (or formula) is the tersest representation of the offending material. Second, these algorithms are everywhere. They're on the Internet, they're on hard drives all over the world, they're in books, and they have even been printed on T-shirts to highlight the free-speech implications of such an attempted prohibition. There is absolutely no way to rein in all the copies of these ideas or to restrict their trade among those determined to do so.

With steganography, the problem is even worse. As Muhammad Ali used to say, referring to his lightning-fast moves, "Your hands can't hit what your eyes can't see." The same statement is true for messages embedded via steganography. How will the government identify potentially hazardous communications if every photo, music, and video file on the Internet is an unidentifiable transport? And even if you found the transport and decoded it, the message could still be encrypted using "strong" encryption.

Who would obey?

The only people I know who actually use encryption products are those who loathe or at the very least mistrust the government. Government-vetted encryption programs will see about as much use as a sauna in the desert.

Is it too late?

Many have suggested that the terrorists are more intelligent than we think, pointing out their clever use of these technologies. Another Senator, Jon Kyl of Arizona, has commented frequently on the "sophistication" of the terrorists for this very reason. This isn't sophistication; it's more likely ignorance on the part of the accusers. Encryption tools and the like are ridiculously easy to obtain. Go to Google, type "steganography program," and start downloading. You will be able to put an e-mail message into a family photograph within five minutes.

Where do we start?

There are an increasing number of ways to move files on the Internet. To name a few: e-mail, FTP, instant messenger, chat, file lockers, Napster, and Gnutella. In the next few years the annual number of e-mails and instant messages will be measured in the trillions--for each. Peer-to-peer file transfers will easily number in the billions. How do you monitor all of this? Where could you even store the log data? The pin is small, the haystack is large, and astute cryptographers can use steganography to increase the size of the haystack.

The government should not give up on computer surveillance. In fact, as a tool that is used to track down a particular offender after isolation and identification, these technologies can be extremely effective. However, we should not be unrealistic about what type of "magic" spy technologies are at our disposal. We are only going to spend a lot of money, waste a lot of time, and create a false sense of security.

J. WILLIAM GURLEY is a partner with Benchmark Capital, a venture capital firm. Except as noted, neither he nor Benchmark has a financial interest in the companies mentioned. To receive an expanded version of Above the Crowd, visit www.news.com, or to subscribe to the e-mail distribution list, please enter your address at www.benchmark.com/about/bill.html.

FEEDBACK: atc@benchmark.com.