The New York Times, January 25, 1995, p. D5. The F.B.I. Sting Operation on Child Pornography Raises Questions About Cryptography By Peter H. Lewis Federal agents swooped down on more than 125 homes and offices across the United States on Sept. 13, seizing computers and diskettes from people suspected of trafficking in child pornography over the America Online network. But to date, the number of arrests in the sting operation remains at 15. More arrests are expected, but why haven't more occurred? Last week, Louis J. Freeh, the director of the F.B.I., offered an oblique explanation for the seemingly low initial success rate. At least some of the suspected child pornographers had used data encryption software, Mr. Freeh said Thursday in remarks at an International Cryptography Institute conference in Washington. In other words, they had scrambled their computer files so that only someone with the password -- or with proper code-breaking skills -- could view the contents. Mr. Freeh wisely did not say whether the F.B.I. agents were able to decipher the encrypted files seized in the investigation. It would be foolhardy, from a law-enforcement perspective, to tip one's hand. If the head of the F.B.I. acknowledged that his agency was powerless to crack a cryptography program like Pretty Good Privacy, the stampede for that software on the Internet would make the run on Windows 95 look puny. From a political perspective, Mr. Freeh's coyness is shrewd as well. By making even a subtle suggestion that some child pornographers may walk free because of unbreakable cryptography, he gains more leverage in seeking Government-mandated controls over the use of encryption technology. Mr. Freeh said that encryption was a "public safety" issue, and he said law-enforcement agencies around the world "will not tolerate" the use of private data encryption to impede investigations. He said encryption had also been encountered in the Philippines in a plot to blow up an American jet and to assassinate Pope John Paul lI (in that case, at least, one can presume the code was cracked.) It seems worthwhile to point out that even if the suspects in the child pornography sting, called Operation Innocent Images, used cryptography, that did not provide evidence that they were doing something illegal. Our legal system is predicated on the belief that one is innocent unless proved guilty, and there is no exception clause for technology. "Fortunately we are not yet at the point where the mere use of encryption overcomes the presumption of innocence," said David Sobel, staff counsel for the Electronic Privacy Information Center in Washington. Another point to remember is that the F.B.I. identified more than 100 suspects, and gathered sufficient information to warrant raids, using existing laws and enforcement techniques. On the other hand, there is no denying that child pornographers use data encryption to keep co-workers, family members and police from discovering their secrets. "We are involved in a couple of jobs every week resolving some kind of a child pornography investigation," said Eric K. Thompson, president of Access Data Inc. of Orem, Utah, a private company that specializes in cracking encrypted files for corporations and Government agencies. The Government's elite codebreakers at the National Security Administration are prohibited by law from using their talents against American citizens. The F.B.I. has its own code-breaking experts, but it routinely calls on independent experts like Access Data to help on some cases. After eight years of breaking into encrypted files, ranging from situations involving secretaries who simply forgot their passwords for important memos to cases involving corporate computer systems that were encrypted by disgruntled employees, Mr. Thompson has concluded: "Basically, the criminal element is becoming more computer literate, and they are discovering encryption. Files are becoming more difficult to break." Dorothy Denning, an expert in cryptography and a professor of computer science at Georgetown University in Washington, said she recognized the importance of encryption for businesses seeking to protect information. At the same time, she said, she also recognized the problems that law-enforcement agencies face because of cryptography. "So many people had been saying people in law enforcement weren't having this problem, and I didn't believe that," Dr. Denning said. So in May, she said, she spent two days calling sources at law-enforcement organizations. "I came up with over 20 cases -- child pornography, terrorism, murder, embezzlement fraud, tax protesters, export violations -- and, in some cases, they were able to crack it, and others they couldn't," she said. What can be done? The Administration's plan is to seek voluntary compliance with a "key escrow" plan, which would enable citizens to use strong, private cryptography as long as a copy of the software "key" were made available to law enforcement officials. Last week, Mr. Freeh stressed that he preferred a voluntary approach. But "if consensus is impossible" on the encryption issue, he said, the F.B.I. might consider other approaches. The debate is certain to heat up as more information about Operation Innocent Images becomes known. There are no comforting answers, only an echo of advice from a time predating the Internet: There is no solution. Seek it wisely. [End]