Copyright © 1999 News World
Published in Washington, D.C.
August 20, 1999
Enemies of the State
By James P. Lucier
|In a clash between the authoritarian state and the libertarian vision, the Clinton administration is seeking draconian control of computers and encryption.|
soft-spoken four-term Republican congressman, Rep. Bob Goodlatte, may
come out of a no-nonsense town in the Blue Ridge, but he has taken on
virtually the entire defense establishment, the intelligence community
and even the FBI with his bill HR850, the Security and Freedom through
Encryption Act, or SAFE. It is a simple concept, and it has 258
cosponsors in the House. What SAFE would do is guarantee every American
the freedom to use any type of cryptography anywhere in the world and
allow the sale of any type of encryption domestically. Not such a big
deal, is it? How many Americans go around writing secret messages in
disappearing ink after they grow up?
. . . . Actually, it is one of those edge-defying, generation-splitting, turn-the-world-upside-down moments in history. It is a struggle between two different visions of American society. One side sees the private use of encryption as a way to safeguard the records and property of U.S. citizens from the prying eyes of computer hackers, thieves, terrorists and the U.S. government. The other side is the U.S. government, which sees itself as the guarantor of security in the newly discovered land of cyberspace. And to provide that security the government says it has to have the power, at any given moment, to look into anyone's e-mail, bank accounts, financial transactions, information exports and dangerous ideas. Our whole practice of governing is based on geographic concepts -- jurisdiction in delineated districts, authority flowing from citizens voting by precinct, taxes based on property in a given place or on salaries reported to and scrutinized by powerful agencies.
. . . . But the Internet is everywhere and nowhere. If people slip into cyberspace covered in the stealth garment of encryption to perform transactions, express their ideas, transfer payments and export technology, who's to know what is happening? How will taxes be assessed and collected? How will commerce be measured? How will the professions be regulated if everyone has access to legal or medical information? What will bureaucrats do without people to boss around? How will ideas be controlled? For those who believe that strong government should be the molder and protector of its citizens -- well then, citizens acting behind the cloak of encryption could be a fundamental threat to government. They are enemies of the state.
. . . . Encryption has been around since the earliest times. Elizabethan poets and spies were versed in "cypher." Samuel Pepys wrote his famous diaries in cypher to hide his accounts of his dalliances. William Byrd of Westover wrote the first major literary work in North America -- his diaries -- in his own code. Thomas Jefferson and his protégé, James Monroe, corresponded in cypher and continually were complaining that the key was mislaid or gone astray.
. . . . Modern encryption is based on the use of a unique, private numeric "key" which opens a "public key" that even may be published in the marketplace of the Internet. The length of the string of numbers, or "bits," in the private key determines how difficult it is to crack the code. The Clinton administration has decreed that persons in the United States can export encryption products that use up to 56 bits in the key's algorithm; to export a longer and stronger product, the user must agree to put the key "in escrow" where it can be subpoenaed by law-enforcement authorities. But foreign users understandably do not want to place their keys in escrow available to U.S. authorities. And 56-bit encryption is not as secure as the federal government has claimed: In a recent test, a group of private computer experts with desktop computers cracked the 56-bit code in less than 24 hours. More secure 128-bit encryption is widely available around the world, including the United States, but it is illegal to export any product that uses it (see sidebar, below).
. . . . The SAFE bill would modernize U.S. export controls to permit the export of generally available software and create criminal penalties for the knowing and willful use of encryption to conceal evidence of a crime, but specifies that the use of encryption by itself is not probable cause of a crime. "The reasons why they have insisted on those export controls is to attempt to force the software industry to devise a key-recovery or key-escrow system whereby everybody's computer has a back door that law enforcement can access without their knowledge," Goodlatte tells Insight. American citizens "are not as secure as they could be because encryption has not grown to the strength that it should be to protect the actions of law-abiding citizens."
. . . . The use of encryption by private individuals and business enterprises is a good way to fight crime, Goodlatte believes, by stopping crime before it happens. "Because encryption is already widely available, [law-enforcement authorities] will still have a problem whether my bill passes or not," he says. "Individuals bent on using encryption to cover up their activities for criminal purposes can buy it from literally hundreds of sources. To cite an adage that applies in another area: If you outlaw encryption, only outlaws will have encryption." Indeed, a recent study by the George Washington University School of Engineering and Applied Science backs up Goodlatte. It found good encryption programs available outside the United States on more than 800 Websites.
. . . . Of course, robust encryption available to any citizen might thwart the special vision of an administration that believes that government must be the protector of its citizens.
. . . . It may be a touch exaggerated, but many citizens feel like the eager young criminal lawyer played by Will Smith last year in the movie Enemy of the State. When Smith unknowingly comes into possession of evidence that a secret federal agency is committing criminal acts, he finds himself targeted in a bizarre night-and-day chase through streets, markets and high-rise buildings -- all with the obligatory black helicopters hovering overhead.
. . . . Dramatic license aside, there are signs in that events are inching toward that fantastic scenario. Most disturbing were the detailed revelations by a panel of the European Parliament that the United Kingdom and the United States, joined by Canada, Australia and New Zealand, have been engaged in international surveillance of the communications of each other's citizens for years in a joint signals-intelligence consortium code-named ECHELON (see sidebar; for an earlier report, see news alert!, Aug. 17, 1998). Although Attorney General Janet Reno and other officials assert that encryption must be controlled to stop terrorists and child pornography -- two powerful, but demagogic arguments -- it appears the real reasons lie elsewhere. After all, as Reno admits, international terrorist Osama bin Laden already has cryptography and child pornographers are best caught the old-fashioned way: by baiting them into their own trap. The fact is that routine use of strong encryption by law-abiding citizens and enterprises would shut down citizen-surveillance projects such as ECHELON.
. . . . The battle to block widespread use of private encryption and to extend government surveillance has emerged on many fronts in the last few months:
. . . . "The underlying belief is that American citizens really need to be policed," Shari Steel, director of legal services for the Electronic Frontiers Foundation, tells Insight. "They are putting it on themselves to look at every citizen. They are just willing to trample all over civil liberties to find the isolated criminal. These issues are clearly related to who has the right to make the decisions for all of us, the right to make big societal decisions as to what's good for all of us. Almost all of us online believe that citizens have the right to protect our integrity. Really, technology gives us the solutions to protect out autonomy."
A Backdoor to Your PC
. . . . The White House is seeking new legislation to allow law-enforcement agents to enter the back door of anyone's computer without the owner being aware. An Aug. 4 Department of Justice internal memo obtained by Insight analyzes a proposed "Cyberspace Electronic Security Act of 1999," or CESA, which the department is planning to send to Capitol Hill. CESA sets up a framework for protecting the stored recovery-key system, or key escrow, which the computer industry steadfastly has rejected -- thereby showing that the Clinton administration is determined to win on this issue, despite overwhelming sentiment behind HR850, Virginia Republican Rep. Bill Goodlatte's bill in the House. It provides a way for law-enforcement agents to obtain recovery keys from the keyholder and states that "there is no constitutionally protected expectation of privacy in the plaintext [a term used by encryption experts to denote an ordinary message in its original meaningful form] of encrypted data" -- contrary to the recent ruling of the 9th U.S. Circuit Court of Appeals in Bernstein v. DOJ that encryption is constitutionally protected.
. . . . But even if the key to encrypted text is not stored with a third party, the government wants access. The memo notes, "In the pre-encryption world, this problem did not arise." Therefore, it concludes, "the government will need another way to obtain encryption keys," including "a search warrant with the possibility of delayed notice," and "the alteration of hardware or software that allows plaintext to be obtained even if attempts were made to protect it with encryption."
. . . . According to the Electronic Privacy Information Center, the White House plan would enable federal and local law-enforcement agents secretly to break into private premises and alter computer equipment to collect e-mail messages and other electronic information. "It's really a little hard to believe that they would be seriously proposing this," EPIC's counsel, David Sobel, tells Insight. "This is beyond the wildest imagination of the most paranoid people who have been following this issue over the years -- it's one of the scariest proposals to come out of government in a long time. This strikes at the heart of the Bill of Rights."
Listen Up, ECHELON
. . . . The report prepared for the European Parliament by its Scientific and Technological Options Assessment panel, or STOA, confirmed in April that ECHELON's giant antennae distributed among the five countries monitors all communications broadcast by satellite and microwave relays, including voice and data streams. Submarine pods, attached to undersea cable by induction coils, monitor the Internet and cable traffic. Information is passed through so-called "dictionary" computers that sort out the data by looking for keywords. The information "is used to obtain sensitive data concerning individuals, governments and trade and international organizations," says the STOA report, asserting that the information is used not only for military intelligence but also to promote commercial contracts. As usual, U.K and U.S. officials have declined comment but, on May 23, Martin Brady, director of the Australian Defense Signals Directorate, or DSD, in Canberra stated that DSD "does cooperate with counterpart signals-intelligence organizations overseas under the UK/USA relationship."
Encryption as Protected Art
. . . . Encryption is an essential part of the right to human expression protected under the Constitution. Ironically, the Central Intelligence Agency, one of the lead agencies attempting to limit the use of encryption, is the home of a well-known artwork, Kryptos, the work of Washington sculptor James Sanborn. The giant bronze piece has stood like an upended parchment in a secret courtyard of the agency since the 1980s, covered with 865 characters arranged in rows. But the best cryptographers at CIA have not yet cracked the code completely, though the message is slowly yielding to efforts of top code breakers.
Copyright © 1999 News World Communications, Inc.
BACK TO BIG BROTHER
26 August 1999