Day before yesterday I actually saw Ian Goldberg and David Wagner on CNN Headline news, second billing after some auto fuel cell thing, talking about weak encryption etc. in the context of the White House report on cyberterrorism. In any case here's the NYT take on it... Ariel Glenn ariel@columbia.edu ----- [beginning irrelevance deleted] The use of encryption by United States residents has been a hotly debated security issue in the White House, in Congress and on the Internet. Louis J. Freeh, the director of the Federal Bureau of Investigation, has testified repeatedly that allowing private citizens to use unbreakable encryption would enable criminals to mask their activities unless the police are allowed keys to all scrambled communications. Even so, the commission's report appears to suggest that widespread use of encryption is the nation's first line of defense against attacks by terrorists or spies who want to steal information or eavesdrop. Sophisticated systems like digital signatures can prevent terrorists from shutting down networks, crashing individual computers or erasing databases. Several people familiar with the commission's work, all of whom asked that they not be named, said that the panel had come under intense pressure to support the FBI's plan to build in trap doors known as "key recovery systems" into encryption schemes to make scrambled data easily accessible to the police. In the end, the commission did endorse key recovery, but only because such systems would allow people and companies to recover data if their own keys were lost. It stopped short of recommending easy access for law enforcement. In the interview on Tuesday, Marsh avoided commenting directly on the FBI's assertion that it needs "instant access" to all communications in the nation, saying only that the commission did not "probe into that in great depth." "Exactly how that is done," Marsh said of key recovery systems, "the commission is not expert at that." Some security analysts have argued that a widespread key recovery system could turn out to be a major vulnerability because if it was ever infiltrated or compromised, it would offer cyber-terrorists a database full of keys that could unlock significant portions of communications and computer systems in the United States. In addition to terrorists, any insider could easily reveal secret or proprietary data, either accidentally or maliciously. In recent months, for example, the FBI has been criticized for releasing the background files of Republican leaders to the White House, apparently because of a clerical error. [more irrelevance deleted] Peter Neumann, author of Computer-Related Risks, said of the report: "I think the Commission has made a very important first step toward recognizing the vulnerabilities, threats, and risks." Even so, Neumann said: "They could have gone much further in addressing the risks of the inherently weak computer-communication infrastructures that underlie our critical infrastructures. Also, they almost completely ducked the importance of nonsubvertible cryptography, and issues relating to the intrinsic risks of key-recovery schemes. But the real question is: Where does the government go from here?"