informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/news/crypto.txt

286 lines
12 KiB
Plaintext
Raw Blame History

Promising technology alarms government
/ Use of super-secret codes would block
legal phone taps in FBI's crime work
By JOE ABERNATHY
Copyright 1992, Houston Chronicle
Government police and spy agencies are trying to thwart
new technology that allows conversations the feds can't tap.
A form of cryptography _ the science of writing and
deciphering codes _ this technology holds the promise of
guaranteeing true privacy for transactions and communica
tions.
But an array of federal agencies is seeking to either
outlaw or severely restrict its use, pointing out the potency
of truly secret communications as a criminal tool.
"Cryptography offers or appears to offer something that is
unprecedented,'' said Whitfield Diffie, who with a Stanford
University colleague devised public key cryptography,'' an
easily used cryptography that is at the center of the fight. "It
looks as though an individual might be able to protect
information in such a way that the concerted efforts of
society are not going to be able to get at it.
"No safe you can procure has that property; the strongest
safes won't stand an hour against oxygen lances. But
cryptography may be different. I kind of understand why the
police don't like it.''
The National Security Agency, whose mission is to
conduct espionage against foreign governments and diplo
mats, sets policy for the government on matters regarding
cryptography.
But the FBI is taking the most visible role. It is backing
legislation that would address police fears by simply
outlawing any use of secure cryptography in electronic
communications.
The ban would apply to cellular phones, computer
networks, and the newer standard telephone equipment _
already in place in parts of Houston's phone system and
expected to gain wider use nationwide.
"Law enforcement needs to keep up with technology,'' said
Steve Markardt, a spokesman for the FBI in Washington.
"Basically what we're trying to do is just keep the status
quo. We're not asking for anything more intrusive than we
already have.''
He said the FBI uses electronic eavesdropping only on
complex investigations involving counterterrorism, foreign
intelligence, organized crime, and drugs. "In many of those,''
he said, we would not be able to succeed without the ability
to lawfully intercept.''
The State and Commerce departments are limiting
cryptography's spread through the use of export reviews,
although many of these reviews actually are conducted by
the NSA. The National Institute of Standards and Technol
ogy, meanwhile, is attempting to impose a government
cryptographic standard that critics charge is flawed, al
though the NSA defends the standard as adequate for its
intended, limited use.
"It's clear that the government is unilaterally trying to
implement a policy that it's developed,'' said Jim Bidzos,
president of RSA Data Security, which holds a key cryptog
raphy patent. "Whose policy is it, and whose interest does it
serve? Don't we have a right to know what policy they're
pursuing?''
Bidzos and a growing industry action group charge that
the policy is crippling American business at a critical
moment.
The White House, Commerce Department, and NIST
refused to comment.
The NSA, however, agreed to answer questions posed in
writing by the Houston Chronicle. Its purpose in granting the
rare, if limited, access, a spokesman said, was "to give a true
reflection'' of the policy being implemented by the agency.
"Our feeling is that cryptography is like nitroglycerin: Use
it sparingly then put it back under trusted care,'' the
spokesman said.
Companies ranging from telephone service providers to
computer manufacturers and bankers are poised to intro
duce new services and products including cryptography.
Users of electronic mail and computer networks can expect
to see cryptography-based privacy enhancements later this
year.
The technology could allow electronic voting, electronic
cash transactions, and a range of geographically separated
_ but secure _ business and social interactions. Not since
the days before the telephone could the individual claim
such a level of privacy.
But law enforcement and intelligence interests fear a
world in which it would be impossible to execute a wiretap
or conduct espionage.
"Secure cryptography widely available outside the United
States clearly has an impact on national security,'' said the
NSA in its 13-page response to the Chronicle. "Secure
cryptography within the United States may impact law
enforcement interests.''
Although Congress is now evaluating the dispute, a call by
a congressional advisory panel for an open public policy
debate has not yet been heeded, or even acknowledged, by
the administration.
The FBI nearly won the fight before anyone knew that war
had been declared. Its proposal to outlaw electronic
cryptography was slipped into another bill as an amend
ment and nearly became law by default last year before
civil liberties watchdogs exposed the move.
"It's kind of scary really, the FBI proposal being consid
ered as an amendment by just a few people in the
Commerce Committee without really understanding the
basis for it,'' said a congressional source, who requested
anonymity. "For them, I'm sure it seemed innocuous, but
what it represented was a fairly profound public policy
position giving the government rights to basically spy on
anybody and prevent people from stopping privacy infringe
ments.''
This year, the FBI proposal is back in bolder, stand-alone
legislation that has created a battle line with law enforce
ment on one side and the technology industry and privacy
advocates on the other.
"It says right on its face that they want a remote
government monitoring facility'' through which agents in
Virginia, for instance, could just flip a switch to tap a
conversation in Houston, said Dave Banisar of the Washing
ton office of Computer Professionals for Social Responsibil
ity.
Though the bill would not change existing legal restraints
on phone-tapping, it would significantly decrease the practi
cal difficulty of tapping phones _ an ominous development
to those who fear official assaults on personal and corporate
privacy.
And the proposed ban would defuse emerging technical
protection against those assaults.
CPSR, the point group for many issues addressing the way
computers affect peoples' lives, is helping lend focus to a
cryptographic counterinsurgency that has slowly grown in
recent months to include such heavyweights as AT&T, DEC,
GTE, IBM, Lotus, Microsoft, Southwestern Bell, and other
computer and communications companies.
The proposed law would ban the use of secure cryptogra
phy on any message handled by a computerized communica
tions network. It would further force service providers to
build access points into their equipment through which the
FBI _ and conceivably, any police officer at any level _
could eavesdrop on any conversation without ever leaving
the comfort of headquarters.
"It's an open-ended and very broad set of provisions that
says the FBI can demand that standards be set that industry
has to follow to ensure that (the FBI) gets access,'' said
a congressional source. "Those are all code words for if they
can't break in, they're going to make (cryptography) illegal.
"This is one of the biggest domestic policy issues facing
the country. If you make the wrong decisions, it's going to
have a profound effect on privacy and security.''
The matter is being considered by the House Judiciary
Committee, chaired by Rep. Jack Brooks, D-Texas, who is
writing a revision to the Computer Security Act of 1987, the
government's first pass at secure computing.
The recent hearings on the matter produced a notable
irony, when FBI Director William Sessions was forced to
justify his stance against cryptography after giving opening
remarks in which he called for stepped-up action to combat
a rising tide of industrial espionage. Secure cryptography
was designed to address such concerns.
The emergence of the international marketplace is
shaping much of the debate on cryptography. American
firms say they can't compete under current policy, and that
in fact, overseas firms are allowed to sell technology in
America that American firms cannot export.
"We have decided to do all further cryptographic develop
ment overseas,'' said Fred B. Cohen, a noted computer
scientist. "This is because if we do it here, it's against the law
to export it, but if we do it there, we can still import it and
sell it here. What this seems to say is that they can have it,
but I can't sell it to them _ or in other words _ they get the
money from our research.''
A spokeswoman for the the Software Publishers Associa
tion said that such export controls will cost $3-$5 billion in
direct revenue if left in place over the next five years. She
noted the Commerce Department estimate that each $1
billion in direct revenue supports 20,000 jobs.
The NSA denied any role in limiting the power of
cryptographic schemes used by the domestic public, and
said it approves 90 percent of cryptographic products
referred to NSA by the Department of State for export
licenses. The Commerce Department conducts its own
reviews.
But the agency conceded that its export approval figures
refer only to products that use cryptology to authenticate a
communication _ the electronic form of a signed business
document _ rather than to provide privacy.
The NSA, a Defense Department agency created by order
of President Harry Truman to intercept and decode foreign
communications, employs an army of 40,000 code-breakers.
All of its work is done in secret, and it seldom responds to
questions about its activities, so a large reserve of distrust
exists in the technology community.
NSA funding is drawn from the so-called "black budget,''
which the Defense Budget Project, a watchdog group,
estimates at $16.3 billion for 1993.
While the agency has always focused primarily on foreign
espionage, its massive eavesdropping operation often pulls
in innocent Americans, according to James Bamford, author
of "The Puzzle Palace," a book focusing on the NSA's
activities. Significant invasions of privacy occurred in the
1960s and 1970s, Bamford said.
Much more recently, several computer network managers
have acknowledged privately to the Chronicle that NSA has
been given access to data transmitted on their networks _
without the knowledge of network users who may view the
communications as private electronic mail.
Electronic cryptology could block such interceptions of
material circulating on regional networks or on Internet _
the massive international computer link.
While proponents of the new technology concede the need
for effective law enforcement, some question whether the
espionage needs of the post-Cold War world justify the
government's push to limit these electronic safeguards on
privacy.
"The real challenge is to get the people who can show
harm to our national security by freeing up this technology
to speak up and tell us what this harm is,'' said John
Gillmore, one of the founders of Sun Microsystems.
"When the privacy of millions of people who have cellular
telephones, when the integrity of our computer networks
and our PCs against viruses are up for grabs here, I think the
battleground is going to be counting up the harm and in the
public policy debate trying to strike a balance.''
But Vinton Cerf, one of the leading figures of the Internet
community, urged that those criticizing national policy
maintain perspective.
"I want to ask you all to think a little bit before you totally
damn parts of the United States government,'' he said.
"Before you decide that some of the policies that in fact go
against our grain and our natural desire for openness, before
you decide those are completely wrong and unacceptable, I
hope you'll give a little thought to the people who go out
there and defend us in secret and do so at great risk.''
Reference in New Issue View Git Blame Copy Permalink