Date: Wed, 24 Jun 92 18:02:18 CDT
From: [email protected](Joe Abernathy)
Subject: File 2--Chronicle Crypto Article

This cryptography article appeared Sunday, June 21. It is being
forwarded to Risks as a way of giving back something to the many
thoughtful participants here who helped give shape to the questions
and the article.

In a companion submission, I include the scanned text of the NSA's
13-page response to my interview request, which appears to be the most
substantial response they've provided to date. I would like to invite
feedback and discussion on the article and the NSA document.  Please
send comments to [email protected]

              "PROMISING TECHNOLOGY ALARMS GOVERNMENT"
      "Use of super-secret codes would block legal phone taps
                        in FBI's crime work"


By JOE ABERNATHY
Copyright 1992, Houston Chronicle

  Government police and spy agencies are trying to thwart new
technology that allows conversations the feds can't tap.

  A form of cryptography _ the science of writing and deciphering
codes _ this technology holds the promise of guaranteeing true privacy
for transactions and communications.

  But an array of federal agencies is seeking to either outlaw or
severely restrict its use, pointing out the potency of truly secret
communications as a criminal tool.

  "Cryptography offers or appears to offer something that is
unprecedented,'' said Whitfield Diffie, who with a Stanford University
colleague devised public key cryptography,'' an easily used
cryptography that is at the center of the fight. "It looks as though
an individual might be able to protect information in such a way that
the concerted efforts of society are not going to be able to get at
it.

  "No safe you can procure has that property; the strongest safes
won't stand an hour against oxygen lances. But cryptography may be
different. I kind of understand why the police don't like it.''

  The National Security Agency, whose mission is to conduct espionage
against foreign governments and diplomats, sets policy for the
government on matters regarding cryptography.

  But the FBI is taking the most visible role. It is backing
legislation that would address police fears by simply outlawing any
use of secure cryptography in electronic communications.

  The ban would apply to cellular phones, computer networks, and the
newer standard telephone equipment _ already in place in parts of
Houston's phone system and expected to gain wider use nationwide.

  "Law enforcement needs to keep up with technology,'' said Steve
Markardt, a spokesman for the FBI in Washington.  "Basically what
we're trying to do is just keep the status quo. We're not asking for
anything more intrusive than we already have.''

  He said the FBI uses electronic eavesdropping only on complex
investigations involving counterterrorism, foreign intelligence,
organized crime, and drugs. "In many of those,'' he said, we would not
be able to succeed without the ability to lawfully intercept.''

  The State and Commerce departments are limiting cryptography's
spread through the use of export reviews, although many of these
reviews actually are conducted by the NSA. The National Institute of
Standards and Technol ogy, meanwhile, is attempting to impose a
government cryptographic standard that critics charge is flawed, al
though the NSA defends the standard as adequate for its intended,
limited use.

  "It's clear that the government is unilaterally trying to implement
a policy that it's developed,'' said Jim Bidzos, president of RSA Data
Security, which holds a key cryptography patent. "Whose policy is it,
and whose interest does it serve? Don't we have a right to know what
policy they're pursuing?''

  Bidzos and a growing industry action group charge that the policy
is crippling American business at a critical moment.

  The White House, Commerce Department, and NIST refused to comment.

  The NSA, however, agreed to answer questions posed in writing by
the Houston Chronicle. Its purpose in granting the rare, if limited,
access, a spokesman said, was "to give a true reflection'' of the
policy being implemented by the agency.

  "Our feeling is that cryptography is like nitroglycerin: Use it
sparingly then put it back under trusted care,'' the spokesman said.

  Companies ranging from telephone service providers to computer
manufacturers and bankers are poised to introduce new services and
products including cryptography.  Users of electronic mail and
computer networks can expect to see cryptography-based privacy
enhancements later this year.

  The technology could allow electronic voting, electronic cash
transactions, and a range of geographically separated _ but secure _
business and social interactions. Not since the days before the
telephone could the individual claim such a level of privacy.

  But law enforcement and intelligence interests fear a world in
which it would be impossible to execute a wiretap or conduct
espionage.

  "Secure cryptography widely available outside the United States
clearly has an impact on national security,'' said the NSA in its
13-page response to the Chronicle. "Secure cryptography within the
United States may impact law enforcement interests.''

  Although Congress is now evaluating the dispute, a call by a
congressional advisory panel for an open public policy debate has not
yet been heeded, or even acknowledged, by the administration.

  The FBI nearly won the fight before anyone knew that war had been
declared. Its proposal to outlaw electronic cryptography was slipped
into another bill as an amendment and nearly became law by default
last year before civil liberties watchdogs exposed the move.

  "It's kind of scary really, the FBI proposal being considered as
an amendment by just a few people in the Commerce Committee without
really understanding the basis for it,'' said a congressional source,
who requested anonymity. "For them, I'm sure it seemed innocuous, but
what it represented was a fairly profound public policy position
giving the government rights to basically spy on anybody and prevent
people from stopping privacy infringements.''

  This year, the FBI proposal is back in bolder, stand-alone
legislation that has created a battle line with law enforcement on
one side and the technology industry and privacy advocates on the
other.

  "It says right on its face that they want a remote government
monitoring facility'' through which agents in Virginia, for instance,
could just flip a switch to tap a conversation in Houston, said Dave
Banisar of the Washing ton office of Computer Professionals for Social
Responsibility.

  Though the bill would not change existing legal restraints on
phone-tapping, it would significantly decrease the practical
difficulty of tapping phones _ an ominous development to those who
fear official assaults on personal and corporate privacy.

  And the proposed ban would defuse emerging technical protection
against those assaults.

  CPSR, the point group for many issues addressing the way computers
affect peoples' lives, is helping lend focus to a cryptographic
counterinsurgency that has slowly grown in recent months to include
such heavyweights as AT&T, DEC, GTE, IBM, Lotus, Microsoft,
Southwestern Bell, and other computer and communications companies.

  The proposed law would ban the use of secure cryptogra phy on any
message handled by a computerized communications network. It would
further force service providers to build access points into their
equipment through which the FBI _ and conceivably, any police officer
at any level _ could eavesdrop on any conversation without ever
leaving the comfort of headquarters.

  "It's an open-ended and very broad set of provisions that says the
FBI can demand that standards be set that industry has to follow to
ensure that (the FBI) gets access,'' said a congressional source.
"Those are all code words for if they can't break in, they're going to
make (cryptography) illegal.

  "This is one of the biggest domestic policy issues facing the
country. If you make the wrong decisions, it's going to have a
profound effect on privacy and security.''

  The matter is being considered by the House Judiciary Committee,
chaired by Rep. Jack Brooks, D-Texas, who is writing a revision to the
Computer Security Act of 1987, the government's first pass at secure
computing.

  The recent hearings on the matter produced a notable irony, when
FBI Director William Sessions was forced to justify his stance against
cryptography after giving opening remarks in which he called for
stepped-up action to combat a rising tide of industrial espionage.
Secure cryptography was designed to address such concerns.

  The emergence of the international marketplace is shaping much of
the debate on cryptography. American firms say they can't compete
under current policy, and that in fact, overseas firms are allowed to
sell technology in America that American firms cannot export.

  "We have decided to do all further cryptographic development
overseas,'' said Fred B. Cohen, a noted computer scientist. "This is
because if we do it here, it's against the law to export it, but if we
do it there, we can still import it and sell it here. What this seems
to say is that they can have it, but I can't sell it to them _ or in
other words _ they get the money from our research.''

  A spokeswoman for the the Software Publishers Association said
that such export controls will cost $3-$5 billion in direct revenue if
left in place over the next five years. She noted the Commerce
Department estimate that each $1 billion in direct revenue supports
20,000 jobs.

  The NSA denied any role in limiting the power of cryptographic
schemes used by the domestic public, and said it approves 90 percent
of cryptographic products referred to NSA by the Department of State
for export licenses. The Commerce Department conducts its own reviews.

  But the agency conceded that its export approval figures refer only
to products that use cryptology to authenticate a communication _ the
electronic form of a signed business document _ rather than to provide
privacy.

  The NSA, a Defense Department agency created by order of President
Harry Truman to intercept and decode foreign communications, employs
an army of 40,000 code-breakers.  All of its work is done in secret,
and it seldom responds to questions about its activities, so a large
reserve of distrust exists in the technology community.

  NSA funding is drawn from the so-called "black budget,'' which the
Defense Budget Project, a watchdog group, estimates at $16.3 billion
for 1993.

  While the agency has always focused primarily on foreign espionage,
its massive eavesdropping operation often pulls in innocent Americans,
according to James Bamford, author of "The Puzzle Palace," a book
focusing on the NSA's activities. Significant invasions of privacy
occurred in the 1960s and 1970s, Bamford said.

  Much more recently, several computer network managers have
acknowledged privately to the Chronicle that NSA has been given access
to data transmitted on their networks _ without the knowledge of
network users who may view the communications as private electronic
mail.

  Electronic cryptology could block such interceptions of material
circulating on regional networks or on Internet _ the massive
international computer link.

  While proponents of the new technology concede the need for
effective law enforcement, some question whether the espionage needs
of the post-Cold War world justify the government's push to limit
these electronic safeguards on privacy.

  "The real challenge is to get the people who can show harm to our
national security by freeing up this technology to speak up and tell
us what this harm is,'' said John Gillmore, one of the founders of Sun
Microsystems.

  "When the privacy of millions of people who have cellular
telephones, when the integrity of our computer networks and our PCs
against viruses are up for grabs here, I think the battleground is
going to be counting up the harm and in the public policy debate
trying to strike a balance.''

  But Vinton Cerf, one of the leading figures of the Internet
community, urged that those criticizing national policy maintain
perspective.

  "I want to ask you all to think a little bit before you totally
damn parts of the United States government,'' he said.  "Before you
decide that some of the policies that in fact go against our grain and
our natural desire for openness, before you decide those are
completely wrong and unacceptable, I hope you'll give a little thought
to the people who go out there and defend us in secret and do so at
great risk.''

Downloaded From P-80 International Information Systems 304-744-2253

You are viewing proxied material from infinitelyremote.com. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.