FEDS SEEK SNOOP KEY, AND SO DO RED CHINESE

PUBLISHED MAY 4, 1998 INSIGHT MAGAZINE PAGE 28
By Charles R. Smith

In the good old days, all J. Edgar Hoover needed to tap a phone was to attach two alligator clips to a telephone wire and put on a head set. Today, even with billions of dollars and the most advanced super computers available, the FBI cannot listen to top criminals and terrorist groups. The problem is an advanced telecommunications security technology called encryption, which hampers law enforcement's efforts to tap criminal and terrorist communications. Encryption is a method of scrambling messages, allowing only authorized parties to decode them.

This high tech barrier led FBI Director Louis Freeh on March 27 to seek new authority, extending Federal wiretap powers with new laws and technology. The Federal government performs about a thousand wire taps per year, according to Dept. of Justice records. But now the FBI has asked the Federal Communications Commission, or FCC, to step in and force telecommunications carriers and equipment manufacturers to adopt FBI proposed standards for implementing the Communications Assistance for Law Enforcement Act of 1994, or CALEA. In its public notice the bureau demanded that it be given the ability to monitor more than 50,000 phone lines simultaneously. In many areas of the country, the FBI is seeking increases in technical capacity of nearly 300 percent.

The FBI's request has touched off a storm of controversy with privacy, industry and human rights advocates. It would require all hardware and software manufacturers to provide the federal government with technical access to secure communications through new technology, called key Recovery or Key Escrow, which allows law enforcement to penetrate strong encryption with a "back-door" feature. The "back-door" design allows law enforcement to tap secure email over the Internet, track electronic banking or monitor sophisticated, scrambled phone calls. Thus, Freeh wants a back door to be required in all phones, fax machines and computers.

Yet, the back-door technology, according to some Clinton administration officials, is not very good at catching criminals. A TOP SECRET 1993 National Security Council (NSC) report for President Clinton on the impact of advanced communications on law enforcement states:

  "[Key Escrow] would either (1) discourage criminals from using
   encryption [communications security] because they realized that
   most products did not provide protection from wiretaps, or
   (2) encourage criminals to acquire strong encryption [no back
   door], whether commercial or home made."

In fact, according to a May 1996 memo on the secret meeting with the CIA Director:

   "Efforts to maintain tight controls on encryption in the
    'Internet age' lack credibility, threaten to impose real
    costs on U.S. industry and, its competitiveness, and are
    becoming a political embarrassment for the Administration...
    Lost in the debate, but not irrelevant, is the fact that it
    is virtually impossible to enforce export control's against
    them [strong encryption products] when they can be exported
    by phone and modem or/in someone' s pocket."

To make matters worse, many American police departments don't want to use the key escrow technology. According to a TOP SECRET memo written in November of 1996 by William Reinsch, the Commerce Department's head of the Bureau of Export Administration:

  "Police forces are reluctant to use 'escrowed' encryption
   products (such as radios in patrol cars). They are more
   costly and less efficient than non-escrowed products. There
   can be long gaps in reception due to the escrow features -
   sometimes as long as a ten second pause. Our own police do
   not use recoverable encryption products; they buy the same
   non-escrowable products used by their counterparts in Europe
   and Japan. Other government agencies may also reject key
   recovery.."

So, if savvy criminals won't use key escrow equipped machines and the police don't like them, who besides Director Freeh does? That's easy: The People's Republic of China, which has emerged as a major buyer of US manufactured encrypted telephones, radios and software. This comes as no surprise to Bruce Schneier, author of the best selling book on computer security APPLIED CRYPTOGRAPHY, who tells INSIGHT:

"Key escrow is not well suited to attack intelligent or well-funded organizations. Dictators, organized crime syndicates, terrorist organizations, and the like will always be able to get their hands on strong cryptography. Key escrow is, by its very nature, aimed at the innocent masses and the dumb criminals. Those who don't have enough resources to get strong cryptography will be forced to use whatever is easily available." According to Schneier, the Clinton design is in itself a deception, because key recovery is aimed at monitoring ordinary citizens and criminals alike.

It happens that the Clinton administration is co-operating with China and other countries on the development of a global Key Recovery system, an infrastructure in which all participating countries could request access to the keys held by police in member countries. In fact, the Clinton administration sent US Navy technical representatives to Beijing in November 1997 to discuss the construction of key recovery and key escrow technology.

China, however, does not share US views on civil rights nor legal processes. The New York Times reported that the Chinese government arrested leading democracy activist Xu Wenli in late March after Xu simply urged authorities to establish a human rights watch dog group. Chinese police rifled his home and confiscated his computer, fax machine and copier, releasing him a day later with the warning "not to cross the line," the Times reported.

Could Key Recovery be abused by foreign powers to persecute their dissidents and political opponents? Could this new tool to fight high tech crime stifle democracy around the world?

"Yes," the former National Security Agency, or NSA, director, Adm. Mike McConnell, tells INSIGHT. "It was our view in the 1980s that strong encryption will happen. It is no longer a matter of national security. It is now a domestic law enforcement problem."

These stunningly frank words come from the man who served both President Bush and President Clinton at helm of the NSA. McConnell, now retired from the government, headed the intelligence agency charged with breaking encryption codes. His view of the Clinton policy, however, is also shared by the same privacy and defense advocates he once opposed.

"Yes - It [Key Escrow] can be used against dissidents," David Sobel, legal counsel for the Electronic Privacy Information Center (EPIC) tells INSIGHT. EPIC is one of several powerful lobby groups that has centered their efforts on Congress and the Courts for the battle over cyber privacy.

"The encryption techniques advocated by the Clinton Administration are subject to serious abuse by repressive regimes," says Sobel. "That is why the international human rights community has become increasingly vocal in its opposition to US encryption policy."

Another activist group that has taken on the Clinton administration is the Federation of American Scientists, or FAS, a non-profit policy organization whose Board of Sponsors includes over 55 American Nobel Laureates. While better known for exposing CIA disinformation campaigns on UFOs and secret warplanes flying from Area-51, FAS also has a cyber project monitoring the Clinton administration's Key Recovery policy.

"Strong crypto has been an important tool for human rights activists around the world," stated John Pike, Director of the Space Policy Projects for FAS and head of their cyber policy group. Pike, a former 1992 Clinton campaign advisor on defense issues, now finds himself, like McConnell, in opposition to the administration's support of key recovery.

"It is no surprise that its [strong encryption] use is not encouraged by police states. While failure to implement key recovery may at times hamper US police and intelligence agencies, the pervasive availability of strong crypto will pose an even greater threat to oppressive regimes," Pike says. "On balance the benefits of this democratizing potential would seem to outweigh the costs of the consequent problems for US law enforcement."

Steve Aftergood, the FAS Secrecy and Government director agreed with Pike, Sobel, McConnell and Schneier. "It is obvious that the same features of Key Recovery technology that makes it so attractive to the FBI are also very appealing to foreign security services. The US government would normally obtain a warrant in order to monitor Key Recovery communications. Other governments which elect to monitor communications have little or no concern about issues such as civil rights and judicial process."

"To borrow a phrase from another issue .. If the government outlaws encryption - then only outlaws will have encryption," says Aftergood, who adds. "Strong encryption is available world-wide independent of US government control. The horse is out of the barn and the barn is on fire with us inside. If strong encryption were made available today to the US public there would be a net benefit to law enforcement and national security."

"There is no question what the future impact of Clinton's Key Recovery design will be," warns security expert Schneier: "Cryptography has to potential to be a technological equalizer. [With strong encryption] the Chinese dissidents are no weaker than the Chinese government, but key escrow tips the scales back so that power begats more power. In 20 years, selling a country like China a key escrow system may look a lot like building a chemical plant for Iraq in 1980 or selling shock batons to South Africa in 1970."



All content COPYRIGHT SOFTWAR (C) 2000. Any reproduction or use of content herein must be approved by SOFTWAR.