Real Crypto Terrorists.

[Trei, Peter]

http://www.infoworld.com/article/03/05/21/HNpdapgp_1.html

Red Brigades PDA highlights encryption controversy 

By Philip Willan,
IDG News Service 

May 21, 2003 ROME - Italian police have seized at least two
Psion PLC PDAs (personal digital assistants) from members of
the Red Brigades terrorist organization but the major
investigative breakthrough they were hoping for as a result of
the information contained on the devices has failed to
materialize -- thwarted by encryption software used by the
left-wing revolutionaries.

Failure to crack the code, despite the reported assistance of
U.S. Federal Bureau of Investigation (FBI) computer experts,
puts a spotlight on the controversy over the wide availability
of powerful encryption tools.

The Psion devices were seized on March 2 after a shootout on a
train travelling between Rome and Florence, Italian media and
sources close to the investigation said. The devices, believed
to number two or three, were seized from Nadia Desdemona Lioce
and her Red Brigades comrade Mario Galesi, who was killed in
the shootout. An Italian police officer was also killed. At
least one of the devices contains information protected by
encryption software and has been sent for analysis to the FBI
facility in Quantico, Va., news reports and sources said.

The FBI declined to comment on ongoing investigations, and
Italian authorities would not reveal details about the
information or equipment seized during the shootout.

The software separating the investigators from a potentially
invaluable mine of information about the shadowy terrorist
group, which destabilized Italy during the 1970s and 1980s and
revived its practice of political assassination four years ago
after a decade of quiescence, was PGP (Pretty Good Privacy),
the Rome daily La Repubblica reported. So far the system has
defied all efforts to penetrate it, the paper said.

Palm-top devices can only run PGP if they use the Palm OS or
Windows CE operating systems, said Phil Zimmermann, who
developed the encryption software in the early 1990s. Psion
PLC uses its own operating system known as Epoc, but it might
still be possible to use PGP as a third party add-on, a
spokesman for the British company said.

There is no way that the investigators will succeed in
breaking the code with the collaboration of the current
manufacturers of PGP, the Palo Alto, Calif.-based PGP,
Zimmermann said in a telephone interview.

"Does PGP have a back door? The answer is no, it does not," he
said. "If the device is running PGP it will not be possible to
break it with cryptanalysis alone."

Investigators would need to employ alternative techniques,
such as looking at the unused area of memory to see if it
contained remnants of plain text that existed before
encryption, Zimmermann said.

The investigators' failure to penetrate the PDA's encryption
provides a good example of what is at stake in the
privacy-versus-security debate, which has been given a whole
new dimension by the Sept. 11 terrorist attacks in the U.S.

Zimmermann remains convinced that the advantages of PGP, which
was originally developed as a human rights project to protect
individuals against oppressive governments, outweigh the
disadvantages.

"I'm sorry that cryptology is such a problematic technology,
but there is nothing we can do that will give this technology
to everyone without also giving it to the criminals," he
said. "PGP is used by every human rights organization in the
world. It's something that's used for good. It saves lives."

Nazi Germany and Stalin's Soviet Union are examples of
governments that had killed far more people than all the
world's criminals and terrorists combined, Zimmermann said. It
was probably technically impossible, Zimmermann said, to
develop a system with a back door without running the risk
that the key could fall into the hands of a Saddam Hussein or
a Slobodan Milosevic, the former heads of Iraq and Yugoslavia,
respectively.

"A lot of cryptographers wracked their brains in the 1990s
trying to devise strategies that would make everyone happy and
we just couldn't come up with a scheme for doing it," he said.

"I recognize we are having more problems with terrorists now
than we did a decade ago. Nonetheless the march of
surveillance technology is giving ever increasing power to
governments. We need to have some ability for people to try to
hide their private lives and get out of the way of the video
cameras," he said.

Even in the wake of Sept. 11, Zimmermann retains the view that
strong cryptography does more good for a democracy than
harm. His personal website, www.philzimmermann.com, contains
letters of appreciation from human rights organizations that
have been able to defy intrusion by oppressive governments in
Guatemala and Eastern Europe thanks to PGP. One letter
describes how the software helped to protect an Albanian
Muslim woman who faced an attack by Islamic extremists because
she had converted to Christianity.

Zimmermann said he had received a letter from a Kosovar man
living in Scandinavia describing how the software had helped
the Kosovo Liberation Army (KLA) in its struggle against the
Serbs. On one occasion, he said, PGP-encrypted communications
had helped to coordinate the evacuation of 8,000 civilians
trapped by the Serbs in a Kosovo valley. "That could have
turned into another mass grave," Zimmermann said.

Italian investigators have been particularly frustrated by
their failure to break into the captured Psions because so
little is known about the new generation of Red
Brigades. Their predecessors left a swathe of blood behind
them, assassinating politicians, businessmen and security
officials and terrorizing the population by "knee-capping," or
shooting in the legs, perceived opponents. Since re-emerging
from the shadows in 1999 they have shot dead two university
professors who advised the government on labor law reform.

Zimmermann is not optimistic about the investigators' chances
of success. "The very best encryption available today is out
of reach of the very best cryptanalytic methods that are known
in the academic world, and it's likely to continue that way,"
he said.

Sources close to the investigation have suggested that they
may even have to turn to talented hackers for help in breaking
into the seized devices. One of the magistrates coordinating
the inquiry laughed at mention of the idea. "I can't say
anything about that," he said.

The technical difficulty in breaking PGP was described by an
expert witness at a trial in the U.S. District Court in
Tacoma, Wash., in April 1999. Steven Russelle, a detective
with the Portland Police Bureau, was asked to explain what he
meant when he said it was not "computationally feasible" to
crack the code. "It means that in terms of today's technology
and the speed of today's computers, you can't put enough
computers together to crack a message of the kind that we've
discussed in any sort of reasonable length of time," he told
the court.

Russelle was asked whether he was talking about a couple of
years or longer. "We're talking about millions of years," he
replied.