FBI calls for mandatory key escrow; Denning on export ctrls
All encryption products sold or distributed in the U.S. must have a key escrow backdoor "like an airbag in a car," law enforcement agents advised a Senate panel this afternoon. FBI Director Louis Freeh also told a Senate Judiciary subcommittee that "network service providers should be required to have some immediate decryption ability available" permitting agents to readily descramble encrypted messages that pass through their system. This marks the most aggressive push to date for mandatory domestic key escrow (or "key recovery"), which means someone else other than the recipient can decipher messages you send out. Now, the easiest way to win such a political tussle in Washington is to control the terms of the debate. And nobody understands that rule better than Sen. Jon Kyl (R-Arizona), chair of the Judiciary subcommittee on technology, terrorism, and government information. Kyl opened today's hearing not by saying its purpose was to discuss crypto in a balanced manner, but that he wanted "to explore how encryption is affecting the way we deal with criminals, terrorists, and the security needs of business." Then he talked at length about "criminals and terrorists" using crypto, and child pornographers "using encryption to hide pornographic images of children that they transmit across the Internet." Kyl also stacked the three panels. Out of seven witnesses, five were current or former law enforcement agents. No privacy or civil liberties advocates testified. Some companies including FedEx apparently dropped out when told they'd have to pay lip service to key escrow if they wanted to speak. Dorothy Denning, a Georgetown University professor of computer science, did testify. Kyl made a point of asking her if she still supported key escrow systems (two recent articles by Will Rodger and Simson Garfinkel said she was changing her mind). "I think key recovery offers a very attractive approach," Denning said. What about export controls? "In the absence of any controls, the problem for law enforcement would get worse," she replied. But when Sen. Dianne Feinstein (D-Calif) asked if Denning would support a *mandatory* key escrow system, the computer scientist said she wouldn't. "No, because we don't have a lot of experience we key recovery systems... a lot of people are legitimately nervous." (Keep in mind that although Feinstein supposedly represents Silicon Valley, she's no friend of high tech firms. She opposes lifting export controls; in fact, she says that "nothing other than some form of mandatory key recovery really does the job" of preventing crime. Of course, Feinstein doesn't have a clue. She talks about whether businesses would want "a hard key or digital key or a key infrastructure." Yes, folks, this is in fact meaningless blather.) Marc Rotenberg, director of the Electronic Privacy Information Center in Washington, DC, says, "Simply stated, the Senate train is headed in the wrong direction. But of course this doesn't answer the question of what will ultimately be resolved by Congress? There's a very popular measure in the House right now that's heading in a different direction." Rotenberg is talking about Rep. Bob Goodlatte's SAFE bill, which is much more pro-business than S.909, the McCain-Kerrey Senate bill that Kyl supports. Now, S.909 doesn't mandate key recovery; it only strongly encourages it by wielding the federal government's purchasing power to jumpstart a key recovery infrastructure. But Kyl would go further. At a recent Heritage Foundation roundtable on encryption, I asked him, "Why not make key recovery technology mandatory -- after all, terrorists, drug kingpins and other criminals won't use it otherwise. Kyl's response? Not that it would be a violation of Constitutional due process and search and seizure protections or a bad idea. Instead, he told me he simply didn't have enough votes... -Declan
Declan McCullagh wrote:
All encryption products sold or distributed in the U.S. must have a key escrow backdoor "like an airbag in a car," law enforcement agents advised a Senate panel this afternoon.
I must have not been given the proper ballots when I voted. I didn't see the FBI or any other LEA on *my* ballot. If these people are going to be running the country, and making the decisions as to what does and does not constitute threats to the citizens and the country and the world, shouldn't we have some say in who they are?
Kyl opened today's hearing not by saying its purpose was to discuss crypto in a balanced manner, but that he wanted "to explore how encryption is affecting the way we deal with criminals, terrorists, and the security needs of business."
Yoo-hoo! Over here! Yoo-hoo! It's the CITIZENS! We still exist!
Then he talked at length about "criminals and terrorists" using crypto, and child pornographers "using encryption to hide pornographic images of children that they transmit across the Internet."
If we imprison more of our citizen-units than most dictatorships, then who the fuck are we imprisoning? Are we *not* imprisoning criminals, terrorists and child pornographers and other scum? What percentage of the population needs to consist of LEA agents, and what percentage of the population must we imprison in order to put away criminals, terrorists and child pornographers? 50%?...80%...100%?
Kyl also stacked the three panels. Out of seven witnesses, five were current or former law enforcement agents. No privacy or civil liberties advocates testified.
That's right. The correct answer is 71% LEA agents, and 100% of the citizens in prison. I hate to support this approach to law enforcement, but if the people in charge of the safety of the nation and its citizens cannot prevent criminals, terrorists and child pornographers from running rampant with the mountains of laws and technology currently at their fingertips, then I guess we'll just have to pass more laws and put all munitions and privacy technology in the hands of the LEA's. Besides, the citizen-units will be 'happier' in prison, where they can get the really *good* drugs and indulge in anal sex without fear of imprisonment. TruthMonger
-----BEGIN PGP SIGNED MESSAGE----- At 09:13 PM 9/3/97 +0000, you wrote:
All encryption products sold or distributed in the U.S. must have a key escrow backdoor "like an airbag in a car," law enforcement agents advised a Senate panel this afternoon.
Yes, but - Freeh said all products needed to have the _option_ of a key-escrow backdoor built in. The actual deployment of the system should be at the users' discretion. Then again, Sen. Feinstein suggested he needed mandatory key escrow since there was no way to make a voluntary system work. Freeh seemed to warm to the idea of making key escrow mandatory. "Mandatory key escrow would the best solution - I have to be candid with you on that," he said. Unfortunately, he added, mandatory key escrow isn't a possibility - or foolproof, either. -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQEVAwUBNA3e/EcByjT5n+LZAQGZEAgAoKI4lcelu7DFrA2hmpKIpdSo23oXVL0g Wbr6v6hG/QFi8hehtU2kowZkBBT5Ztx5eTRjsEEnWebM5ck/xLkvKXAMIPyoU8Gy YDKyKDWqBDp0pqe8sr5ZPMRpu0VZobcUrdcoTQBcZYDIrmFSnvhiEZy1gmfgKvac Ys1BlsnfcofEj41voj0Uy+acAjdEEkm7UMqniOoF6/bLD2FmLSMXMm9aXdS+UoJy PJS+Cyc9ZrELA/jCD7hiM+5iYTD18ZU9rrZTBnkyrQYzmNFt0Y3DfyFuc5GUhQ99 Z1YZRXXCWm6nPa1wWthskbd3X6Z4uUHwLm92F3yl29Q10+r98Wmh1g== =sOfC -----END PGP SIGNATURE----- Will Rodger Voice: +1 202-408-7027 Washington Bureau Chief Fax: +1 202-789-2036 Inter@ctive Week http://www.interactiveweek.com A Ziff-Davis Publication PGP 2.6.2: D83D 0095 299C 2505 25FA 93FE DDF6 9B5F
On Wed, 3 Sep 1997, Will Rodger wrote:
Yes, but - Freeh said all products needed to have the _option_ of a key-escrow backdoor built in. The actual deployment of the system should be at the users' discretion. Then again, Sen. Feinstein suggested he needed mandatory key escrow since there was no way to make a voluntary system work. Freeh seemed to warm to the idea of making key escrow mandatory.
Will is right to say Feinstein was harping on mandatory key escrow the entire time. I disagree, though, that Freeh "seemed to warm" to the idea; it's been a wet dream of the FBI for the longest time. Towards the end of his testimony he was perhaps less guarded in his calls for it, that's all. As for the backdoor, Freeh was vague on what that would mean. At one point he said it could be done in a mandatory or voluntary manner as long as it got done. At another he talked about mandating it but giving users the option to turn it off -- but then what's the use of mandating it? I've attached some excerpts from the transcript below that might be helpful.
Unfortunately, he added, mandatory key escrow isn't a possibility - or foolproof, either.
I didn't catch him saying mandatory k.e. isn't a possibility, but he did admit it wasn't foolproof. Check out the transcript. -Declan --- [Louis Freeh is talking] Here we're not saying the key recovery standard X, Y, Z. We're telling the manufacturers that they need to have a feature that would allow immediate decryption, and they can do that in the cheapest, most efficient way that they can design. And I think they can do that fairly easily. [...] There are a number of ways that that could be implemented, but what we believe we need as a minimum is a feature implemented and designed by the manufacturers of the products and services here that will allow law enforcement to have an immediate lawful decryption of the communications in transit or the stored data. That could be done in a mandatory manner. It could be done in an involuntary manner. But the key is that we would have the ability, once we have the court order in hand, to get that information and get it real-time without waiting for what it would take for a supercomputer to give us, which is too long for life or safety reasons. [...] Mandatory key recovery, to the extent that it was implemented, would be the best law enforcement solution. I would not be candid with you if I told you anything other than that. [...] I think we can design a system short of mandatory key recovery which will work certainly better than no system at all. And I think the precepts of 909 and some additions which could be added thereto will give law enforcement at least a fighting chance, which is really what we're asking for in this context, to keep a technique which is very valuable. I don't think we'll ever solve the problem 100 percent. There are loopholes now. There will be loopholes even with a mandatory key recovery system. What we want to try to do is design an infrastructure which will give us as many access points for that court order as possible. And that's the end game that we're involved in right now.
-----BEGIN PGP SIGNED MESSAGE-----
Will is right to say Feinstein was harping on mandatory key escrow
the
entire time. I disagree, though, that Freeh "seemed to warm" to the idea; it's been a wet dream of the FBI for the longest time.
Uh - duh. Actually we agree entirely. "Seemed to warm" is - uncharacteristic as it may seem - an deliberate understatement. -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQEVAwUBNA7fUkcByjT5n+LZAQG2pAf9EGC1gAvCUNoUzIQ33LSX9CUeixpznY9+ n5rAdwDLfpY31V6WzNRAB7K2gmj4hyBSD4t8aKTnOaOtAFOnonY/VUB8Y30evUri 5NPpEHy5lEX7wO1iV3riSRoBdch/38FojFFUWZWJUnPJT9381XQP8V9LlNEiTzh4 27GTH7cGjs55ppdzYr6zk3xVPzbXCGydULM0dZ/y0oZqbxI/wz5mtZMuL44LRfXH 0hE6p8Nmjq32s+b6YHyY3MDaFOvzOjjyIC33oSr8YIDrR9CXAzQUFGYFb3gqn2n+ mdE5faN6u4j7rohTGQ7AlMRiu1fAL2E6XCthIq5l3QYa35ickh6apQ== =B0dq -----END PGP SIGNATURE----- Will Rodger Voice: +1 202-408-7027 Washington Bureau Chief Fax: +1 202-789-2036 Inter@ctive Week http://www.interactiveweek.com A Ziff-Davis Publication PGP 2.6.2: D83D 0095 299C 2505 25FA 93FE DDF6 9B5F
participants (3)
-
Declan McCullagh -
TruthMonger -
Will Rodger