yellow journalism and Encryption
The following is an example of the asswipe media's attempt to write about encryption. http://www.sfgate.com/cgi-bin/examiner/article.cgi?year=1996&month=10&day=06&art icle=BUSINESS2814.dtl Encryption controversy pits life against liberty TOM ABATE EXAMINER COLUMNIST The Clinton administration tried again last week to rally support for an encryption policy that would give the FBI the means to tap any electronic communication, without unduly infringing on civil liberties or impeding software exports. At stake in the policy battle are software exports worth millions, Fourth Amendment rights Americans have enjoyed for centuries, and innocent lives that the good guys say might be saved if they're able to keep snooping on the bad guys. And the reason all of this has become a policy jumble is simple. Computers have made it cheap and easy to create unbreakable secret codes to protect phone calls, e-mail and data files against electronic bugging. That's why this technology, called encryption, means profits in Silicon Valley, more privacy for you and me, and a problem for federal investigators. Because secret codes allow criminals to nullify the fed's favorite tool - the wiretap. "Wiretapping is the main issue," said Stewart Baker, former general counsel of the National Security Agency, the CIA's code-breaking and eavesdroping cousin. "For the administration to abandon the position it started with three years ago would be to say, "We are the administration that is going to give up the wiretap as a law enforcement tool,"" he said. That's why last week the administration tried a new variant in its 3-year-old campaign to require that code-making systems be built with a "spare key" investigators could retrieve, under court order, to crack any code. When the administration first proposed this idea in 1993, it involved a device called the "Clipper chip," which would have deposited spare keys with government agencies. Almost no one outside the FBI liked that idea, so last week the administration floated a compromise: to let U.S. firms export strong code-making products, provided they deposited the spare key with some third party. Exports are the odd piece in this policy puzzle. The U.S. government has no authority to regulate secret codes within U.S. borders. But a law passed after World War II put secret codes in the same category as munitions, products that cannot be exported without a license. The government has used this export-licensing authority to indirectly control code-making software here. Most high-tech firms are unwilling to sell two sets of encryption products, one full- and the other half-strength, so they have sold weak encryption products everywhere. In essence, the administration hopes to use export controls to change the balance of power in a new war. This time the enemy isn't the Japanese or the Germans, as during WWII, or even our Cold War adversaries, the Russians. Instead, the administration fears drug smugglers, organized criminals and terrorists will use code-making devices to evade electronic evidence-gathering techniques, notably wiretapping. "If two criminals are discussing a plot over the telephone and we have a wiretap order, the encryption would negate the wiretap," said Michael Vatis, a senior Department of Justice official. The same would happen if investigators seized the computerized bookkeeping records of a drug-smuggling ring only to find they were saved in an unbreakable code. But as frustrating as it might be to seize a mound of indecipherable evidence, it was the prospect of losing the wiretap that got Vatis most aroused. "For serious investigations involving terrorists or organized crime . . . where you're worried about hundreds of people being killed . . . the whole point is to keep the investigation secret or the whole thing blows up," he said. Having access to a spare set of code-breaking keys "is not a shift in the balance of power," Vatis said. "It's preserving the status quo." Not so, argued Daniel Weitzner, an attorney with the civil libertarian Center for Democracy and Technology inWashington, D.C. Forgetting encryption for a moment, Weitzner said, a wiretap is unlike any other tool in the investigator's arsenal. "To get documents sitting on my computer, the FBI has to come into my office with a search warrant," Weitzner said. "I have to know about it." Exactly the reverse is true for a wiretap. To be effective, the subject must be ignorant of the tap. Weitzner said this notion of a "secret search" went against a central principle of the Fourth Amendment, which protects people from unreasonable search and seizure. "When wiretapping was allowed in 1968, Congress basically said they were going to create an exception to this rule," Weitzner said. But in the three years since the Clipper debate began, the FBI has enlarged its interest beyond preserving phone taps and has asked for spare keys to the codes used to protect Internet traffic and stored computer files, Weitzner said. "If the FBI is able to transfer its wiretap authority to the Internet, it would give the bureau access to a new realm of activities," Weitzner argued. Using the spare keys to Internet transmissions could give the agency access to medical records, charge card receipts or other data stored or transmitted on the global network. Moreover, the agency might be able to tap some of this information in transit, without the knowledge of the person being investigated, whereas today agents would have to visit the doctor's office or bank, potentially alerting the target. "If all things in the digital world are open to wiretap-type scrutiny, then we have lost the protection against secret searches," Weitzner said. "What is on the way to happening is that the exception could swallow the rule." The temptation to tap wires is as old as wired communication itself, according to Clifford Fishman, law professor at Catholic University's Columbus School of Law in Washington, D.C., and author of a textbook on wiretapping. During the Civil War, both sides tapped telegraph lines to spy on troop movements. Wiretaps were common in the early days of the telephone, and Supreme Court decisions during the 1920s said this was no invasion of privacy because the tap was on a public telephone pole and not inside a home. In response, Congress made wiretaps illegal at the federal level as part of the Communication Act of 1934. But Fishman said state investigators kept right on using wiretaps, as did the feds, who sometimes used unauthorized taps on Mafia and political figures during the long reign of former FBI director J. Edgar Hoover. Congress legalized federal wiretaps in 1968 at a time when Richard Nixon was campaigning against the liberal Earl Warren Supreme Court. "The mood in Congress was to defang the Republicans on law enforcement," Fishman said. "Lyndon Johnson, with palpable reluctance, signed this bill to permit federal officials to obtain a court order to do a wiretap or a bug and use this information in court." Fishman, a former New York City district attorney, considered wiretapping essential to investigating the most dangerous crimes and called the administration's latest spare-key proposal a good compromise. But civil libertarians fear that giving investigators the keys to unlock any coded phone call or electronic document will greatly expand the realm of secret searches and tempt them to abuse a power that was denied them in the days when ensuring privacy meant putting wax seals on envelopes. Much of the coverage of the encryption controversy has centered on the complaints of Silicon Valley firms that they are losing hundreds of millions of dollars in exports to foreign competitors who don't have to limit the strength of their encryption products. Though that may be the case, there's more at stake here than money or jobs. Our wired society is about to decide how easy it should be for investigators to figuratively climb up the telephone pole to put alligator clips on our secrets, whether innocent or criminal. To give investigators the keys to every code might be too much temptation and a threat to civil liberties. To deny investigators the keys may handcuff them in the fight against increasingly sophisticated and deadly forms of crime. That is the nature of the choice on encryption policy, and that is why there is no simple compromise. Tom Abate's column appears every other Sunday. You can reach him this fool mailto:tabate@examiner.com Vinnie Moscaritolo http://www.vmeng.com/vinnie/ Fingerprint: 4FA3298150E404F2782501876EA2146A ------------------------------------------------------- "...and by the way, Mr.Speaker, the Second Amendment is not for killing little ducks and leaving Huey and Dewey and Louie without an aunt and uncle. It's for hunting politicians, like in Grozny, and in the colonies in 1776, or when they take your independence away." --- Rep. Robert (B-1 Bob) Dornan (R-CA) responding to Bill Clinton's "State of the Union" address, January 25, 1994
On Mon, 7 Oct 1996, Vinnie Moscaritolo wrote:
The following is an example of the asswipe media's attempt to write about encryption.
http://www.sfgate.com/cgi-bin/examiner/article.cgi?year=1996&month=10&day=06&art icle=BUSINESS2814.dtl
Did I miss something? Of the many columns and articles I've read recently, this is one of the best and most concise so far. Compare it to, say, the "Netly News" column jya posted earlier.
At stake in the policy battle are software exports worth millions, Fourth Amendment rights Americans have enjoyed for centuries, and innocent lives that the good guys say might be saved if they're able to keep snooping on the bad guys.
What export controls have to do with keeping an eye on "the bad guys" no one really knows. Unless the intent is control of domestic encryption of course. The only major point that I see missed is the key size limitation of 56 bits and the nature of the agreement itself to extend or rescind export licenses based on a future key recovery plan which satisfies government officials. Fifty-six bits is simply not secure. Abate missed this fundamental point. Furthermore, that the only way for individuals and companies to maintain security for "the bad people(including governments)" is through secure, virtually unbreakable (large key length) encryption. A back door and a relatively pitiful key length limitation provide no real security. Furthermore, the agreement itself for 2 year conditional licenses is curious. There are many obvious questions. What will satisfy the government or is this just a ruse? Are import restrictions the next step? The whole nature of the compromise is very strange indeed and I would be most interested to find out the thinking behind it.
"Wiretapping is the main issue," said Stewart Baker, former general counsel of the National Security Agency, the CIA's code-breaking and eavesdroping cousin.
This seems like a statement that would have come from the other side of the debate.
Exports are the odd piece in this policy puzzle. The U.S. government has no authority to regulate secret codes within U.S. borders. But a law passed after World War II put secret codes in the same category as munitions, products that cannot be exported without a license.
The government has used this export-licensing authority to indirectly control code-making software here. Most high-tech firms are unwilling to sell two sets of encryption products, one full- and the other half-strength, so they have sold weak encryption products everywhere.
While this may seem obvious to those who have watched and studied the issue for years, the layman reading Abate's column gets a distillation of the issue that I have not seen in other popular media. In just two paragraphs, he explains to the unitiated reader the origin and authority behind export controls on encryption as well as their usage by the government to control local creation of encryption -- a point that is almost always missed.
To give investigators the keys to every code might be too much temptation and a threat to civil liberties. To deny investigators the keys may handcuff them in the fight against increasingly sophisticated and deadly forms of crime.
Is this the statement which bothers you? I simply read it as a summary of both sides of the debate not as an opinion statement _______________________________________________________________ Omegaman <mailto:omega@bigeasy.com> PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2 59 0A 01 E3 AF 81 94 63 Send e-mail with "get key" in the "Subject:" field to get a copy of my public key _______________________________________________________________
Vinnie may think this is "asswipe journalism," but I think it's one of the more interesting and revealing articles we've seen. In fact, it's a pretty good summary of the history of wiretaps, the tension between privacy and surveillance, and the thinking of those pushing for GAK/Key Recovery. At 11:12 PM -0700 10/7/96, Vinnie Moscaritolo wrote:
http://www.sfgate.com/cgi-bin/examiner/article.cgi?year=1996&month=10&day=06&ar t Encryption controversy pits life against liberty TOM ABATE EXAMINER COLUMNIST ... "Wiretapping is the main issue," said Stewart Baker, former general counsel of the National Security Agency, the CIA's code-breaking and eavesdroping cousin.
Notice what this means. It means the longterm goal of "Key Recovery" is for *domestic* use as well, as this is where the vast number of wiretaps in criminal cases occurs. We all knew this, of course, but it's useful to see Stewart Baker explicitly conceding the point. He did not say: "Exports of critical technology to other countries is the main issue." He said: "Wiretapping is the main issue." While no doubt many of the "criminals" the Feds wish to wiretap are communicating offshore and hence _might_ be using GAK (I emphasize "might"), clearly a large fraction of the crimes the Feds wish to track are almost wholly domestic. The John Gottis of the world talking to their compadres, the militias planning bombings, the child pornography ring, whatever. The Unabomber. Most are domestic. The U.S. is a big country. As Baker points out, "Wiretapping is the main issue."
"If two criminals are discussing a plot over the telephone and we have a wiretap order, the encryption would negate the wiretap," said Michael Vatis, a senior Department of Justice official.
And _export_ controls on crypto would affect this how?
The same would happen if investigators seized the computerized bookkeeping records of a drug-smuggling ring only to find they were saved in an unbreakable code. But as frustrating as it might be to seize a mound of indecipherable evidence, it was the prospect of losing the wiretap that got Vatis most aroused.
And _export_ controls on crypto would affect this how?
Having access to a spare set of code-breaking keys "is not a shift in the balance of power," Vatis said. "It's preserving the status quo."
Clearly these folks are talking as if GAK/Key Recovery is mandated for _domestic_ communications. (I think we'll be seeing some mighty interesting documents and discussions coming out as FOIAs are filed. Just as the FOIAs a few years ago showed the true thinking behind Clipper: the eventual outlawing of non-Clipper alternatives.) "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM that the National Security Agency would try to twist their technology." [NYT, 1996-10-02] We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
participants (3)
-
Omegaman -
Timothy C. May -
Vinnie Moscaritolo