Fun_People Archive
12 May
CWD--Encrypt At Your Own Risk
Date: Fri, 12 May 95 21:55:51 PDT
From: Peter Langston <psl>
To: Fun_People
Subject: CWD--Encrypt At Your Own Risk
From: "Brock N. Meeks" <brock@well.sf.ca.us>
CyberWire Dispatch// Copyright (c) 1995//
Jacking in from the Narco-Terrorist Encryption Port:
Washington, DC -- The other shoe has dropped. Several times.
In the political backlash and emotional fallout of the bombing of of the
federal building in Oklahoma City, FBI Director Louis Freeh has begun to
wage his own private war on the use of private, encryption schemes.
According to Administration sources, several different proposals are now
being discussed on how to implement a policy of government mandated,
government "certified" encryption. The most hardline of these proposals
would outlaw the public's ability to choose an encryption scheme which the
government couldn't break, under the authority of a court order.
Freeh has left no doubts about his intentions. Not satisfied with a
proposal he successfully rammed through Congress last year -- the bill that
gives law enforcement agencies "easy wiretap access" to digital
conversations, at a cost of $500 million in taxpayer money -- his next
target is private encryption.
During an appropriations hearing May 11th, Freeh told a congressional
panel: "[W]e're in favor of strong encryption, robust encryption. The
country needs it, industry needs it. We just want to make sure we have a
trap door and key under some judge's authority where we can get there if
somebody is planning a crime."
That means an end to private, non-government encryption, which don't have
keys the government can use.
Private encryption schemes allow a person to scramble an electronic message
that, if intercepted by an unintended party, renders it unreadable. These
scrambling programs are useful from to a wide range of people and
interests, including researchers that want to keep their proprietary
breakthroughs safe from prying eyes to corporations sending trade secrets
to a distant office across the Net to ordinary folks sending a steamy love
letter to a lover.
But these same encryption programs are being used by "terrorists and
international drug traffickers," as well, claims FBI Director Freeh, and
that makes private encryption schemes a threat to national security.
Freeh's crusade against encryption has been enjoined by members of the
Justice Department, with the gleeful back alley goading the nation's top
spook group, the National Security Agency.
And when it comes right down to it, your privacy rights don't stand a
snowball's chance in hell of outweighing pictures of dead babies or pieces
of dead babies.
During an April 27th Senate Judiciary Committee on terrorism, Freeh boldly
told a panel of lawmakers eager to give his agency more latitude to "catch
the bad guys" (and civil rights violations be damned... as long as we don't
have to watch the guts of little kids being splattered on steel girders and
broken concrete...): "The FBI cannot and should not tolerate any
individuals or groups... which would kill innocent Americans, which would
kill *'America's kids.'*"
To meet the "challenges of terrorism," Freeh said, several things must be
done, among them, deal with "encryption capabilities available to criminals
and terrorists" because such technology endangers "the future usefulness of
court-authorized wiretaps. This problem must be resolved."
While Freeh used the Oklahoma City bombing as convenient "news hook" to
again make a pitch to "resolve" the private encryption "problem," the
Director was basically reading from a dog-eared script. Within the last 3
months he repeatedly has testified publicly before Congress about the
"evils" of encryption.
On March 30 the House Judiciary Committee's Subcommittee on Crime he said:
"Even though access is all but assured [by the passage of the Digital
Wiretap Act] an even more difficult problem with court-authorized wiretaps
looms. Powerful encryption is becoming commonplace. The drug cartels are
buying sophisticated communications equipment.... This, as much as any
issue, jeopardizes the public safety and national security of this country.
Drug cartels, terrorists, and kidnappers will use telephones and other
communications media with impunity knowing that their conversations are
immune from our most valued investigative technique."
Then during a May 3 appearance before the same Committee, Freeh said:
"Encryption capabilities available to criminals and terrorists, both now
and in days to come, must be dealt with promptly. We will not have an
effective counterterrorism counterterrorism strategy if we do not
solve the problem of encryption."
But there's nothing to be alarmed at here, according to Freeh. Just
because he's asking the Congress and the White House to strip you of the
right to choose how you scramble your messages, using a program that the
government doesn't hold all the keys too, doesn't mean that the Director
isn't a sensitive guy or that he has suddenly taken a liking to wearing
jackboots.
Freeh steadfastly maintains all these new powers he's asking for are simply
"tools" and "not new authorities." These new powers are "well within the
Constitution," Freeh told Congress.
Freeh hasn't publicly outlined just how he proposes to "resolve" the
"encryption problem." However, according to an FBI source, several plans
are in the works. The source refused to detail any specific plan, but
added: "Let's just say everything is on the table." Does that include
outlawing private encryption schemes? "I said 'everything,'" the source
said.
The encryption debate has been raging for years. Two years ago the Clinton
Administration unveiled a new policy in which it proposed to flood the
market with its own home-grown encryption devices -- a product of the
National Security Agency -- called the "Clipper Chip."
The Clipper is based on a "key-escrow" system. Two government agencies
would hold the keys "in escrow", which are uique to each chip, in a kind
of "data vault." Any time the FBI-- or your local sheriff -- wanted to tap
your phone conversations, they would have to ask a judge to give the two
government agencies to turn over the keys to you Clipper chip. With those
keys, the FBI could then unscramble any of your conversations at will.
That policy raised a huge firestorm of controversy and the Clipper sunk
from sight, down, but not out. The intent of the White House, acting as a
front man for the NSA and other intelligence agencies along with the FBI,
was to have Americans adopt Clipper voluntarily. The FBI took it on good
faith -- and I'm not joking here -- that criminals, too, would buy Clipper
equipped phones, allowing the government to easily unscramble their
wiretapped conversations.
Why would criminals knowingly use a device they knew the government could
easily tap? "Because criminals are stupid," was the FBI's party line. No,
I'm not making this up.
The "voluntary" aspect didn't stop the controversy. Indeed, buried in the
Administration's own background briefing papers on the Clipper was the no
nonsense statement that the Administration, after reviewing the
Constitution, had determined that "American's have no Constitutional right
to choose their own method of encryption." Call it a peremptory strike on
privacy.
The end of freely chosen encryption comes as no surprise to Jim Dempsey,
currently the executive director of the Center for National Security
Studies. Dempsey, you might remember, walked point for former Congressman
Don Edwards during last year's tussle over the FBI's Digital Wiretap access
bill. Dempsey, in fact was one of the bill's principal authors. "I always
felt [the Administration] had to know they would ultimately go to [some
kind of government] mandatory encryption scheme," Dempsey said. "I don't
think it's a big leap for the government to think of private encryption
like they do kiddie porn."
An NSA source, when questioned about his agency's role in the process, was
reluctant to speak. He did say that Clipper was merely "Act One" of a
"Three part play." Pressed for further details, he said, "do your own
homework."
During the Senate Subcommittee on Terrorism hearing May 11, Robert Litt,
deputy assistant attorney general for the Criminal Division of Justice,
said the "widespread use of reliable, strong encryption that allows
government access, with appropriate restrictions... is designed to achieve"
a "delicate balance" between privacy rights and law enforcement needs.
When Dispatch asked Litt to elaborate, he said his comments refereed to the
use of the Clipper Chip. But what if criminals bypass Clipper, using
private encryption schemes, such as those now being decried by Freeh? "If
one solution doesn't work, then we have to go to the next step," he said.
Is that next step the outlawing of private encryption? Litt smiled and
repeated his answer.
Dispatch has learned that one proposal being seriously discussed would,
indeed, outlaw all private, non-government approved encryption schemes.
Here's how the government plan breaks out, according to sources familiar
with the proposal:
(1) The government would "certify" a few so-called "Commercial Key-Escrow"
programs. These are similar in design to the government's Clipper Chip,
but industry would hold the keys and some of these systems might not be
classified, as is the software underlying Clipper. However, the companies
producing such "certified" programs could claim trade secrets, not allowing
the public access the underlying programs.
(2) The government, tossing a bone to industry, would lift export controls
on all "certified" encryption programs. Currently, it's against the law to
export encryption programs, as they are controlled by the State Department
under the same classification as munitions.
(3) The use of government certified encryption would become a federal
mandate, making it illegal to use private encryption schemes that had not
passed the "certification" test.
The plans are "still really liquid," said an Administration source. "We
all know what a bitch this going to be trying to sell it to the selling
public," he said. "The flashpoint potential of this idea isn't lost on
anyone."
The Administration is hoping the public will buy off on the fact that: (1)
It's private industry holding the keys, not government agencies. (2) The
availability of "choice" amog several different vendors will squash the
imagery of Big Brother.
Expect the rise of an off-shore, black market "encryption" trade. It will
surely come. And it will have to be a black market; the FBI has already
gone around the world preaching the evils of private encryption, trying to
get other law enforcement groups to push for outlawing such programs in
their own countries. And they already have a convert: Russia. That
country recently adopted such a policy... nice to know we're following in
Mr. Yeltsin's footsteps.
Meeks out...
© 1995 Peter Langston