-Caveat Lector-
Vol. 15, No. 34 -- September 13, 1999
Published Date August 20, 1999, in Washington, D.C.
www.insightmag.com
Enemies of the State
By James P. Lucier
In a clash between the authoritarian state and the libertarian vision,
the Clinton administration is seeking draconian control of
computers and encryption.
irginia's soft-spoken four-term Republican congressman, Rep. Bob
Goodlatte, may come out of a no-nonsense town in the Blue Ridge,
but he has taken on virtually the entire defense establishment, the
intelligence community and even the FBI with his bill HR850, the
Security and Freedom through Encryption Act, or SAFE. It is a
simple concept, and it has 258 cosponsors in the House. What
SAFE would do is guarantee every American the freedom to use
any type of cryptography anywhere in the world and allow the sale
of any type of encryption domestically. Not such a big deal, is it?
How many Americans go around writing secret messages in
disappearing ink after they grow up?
. . . . Actually, it is one of those edge-defying, generation-splitting,
turn-the-world-upside-down moments in history. It is a struggle
between two different visions of American society. One side sees
the private use of encryption as a way to safeguard the records and
property of U.S. citizens from the prying eyes of computer hackers,
thieves, terrorists and the U.S. government. The other side is the
U.S. government, which sees itself as the guarantor of security in
the newly discovered land of cyberspace. And to provide that
security the government says it has to have the power, at any given
moment, to look into anyone's e-mail, bank accounts, financial
transactions, information exports and dangerous ideas. Our whole
practice of governing is based on geographic concepts --
jurisdiction in delineated districts, authority flowing from citizens
voting by precinct, taxes based on property in a given place or on
salaries reported to and scrutinized by powerful agencies.
. . . . But the Internet is everywhere and nowhere. If people slip into
cyberspace covered in the stealth garment of encryption to perform
transactions, express their ideas, transfer payments and export
technology, who's to know what is happening? How will taxes be
assessed and collected? How will commerce be measured? How
will the professions be regulated if everyone has access to legal or
medical information? What will bureaucrats do without people to
boss around? How will ideas be controlled? For those who believe
that strong government should be the molder and protector of its
citizens -- well then, citizens acting behind the cloak of encryption
could be a fundamental threat to government. They are enemies of
the state.
. . . . Encryption has been around since the earliest times.
Elizabethan poets and spies were versed in "cypher." Samuel
Pepys wrote his famous diaries in cypher to hide his accounts of
his dalliances. William Byrd of Westover wrote the first major
literary work in North America -- his diaries -- in his own code.
Thomas Jefferson and his prot�g�, James Monroe, corresponded in
cypher and continually were complaining that the key was mislaid
or gone astray.
. . . . Modern encryption is based on the use of a unique, private
numeric "key" which opens a "public key" that even may be
published in the marketplace of the Internet. The length of the
string of numbers, or "bits," in the private key determines how
difficult it is to crack the code. The Clinton administration has
decreed that persons in the United States can export encryption
products that use up to 56 bits in the key's algorithm; to export a
longer and stronger product, the user must agree to put the key "in
escrow" where it can be subpoenaed by law-enforcement
authorities. But foreign users understandably do not want to place
their keys in escrow available to U.S. authorities. And 56-bit
encryption is not as secure as the federal government has claimed:
In a recent test, a group of private computer experts with desktop
computers cracked the 56-bit code in less than 24 hours. More
secure 128-bit encryption is widely available around the world,
including the United States, but it is illegal to export any product
that uses it (see sidebar, below).
. . . . The SAFE bill would modernize U.S. export controls to permit
the export of generally available software and create criminal
penalties for the knowing and willful use of encryption to conceal
evidence of a crime, but specifies that the use of encryption by
itself is not probable cause of a crime. "The reasons why they have
insisted on those export controls is to attempt to force the software
industry to devise a key-recovery or key-escrow system whereby
everybody's computer has a back door that law enforcement can
access without their knowledge," Goodlatte tells Insight. American
citizens "are not as secure as they could be because encryption
has not grown to the strength that it should be to protect the
actions of law-abiding citizens."
. . . . The use of encryption by private individuals and business
enterprises is a good way to fight crime, Goodlatte believes, by
stopping crime before it happens. "Because encryption is already
widely available, [law-enforcement authorities] will still have a
problem whether my bill passes or not," he says. "Individuals bent
on using encryption to cover up their activities for criminal purposes
can buy it from literally hundreds of sources. To cite an adage that
applies in another area: If you outlaw encryption, only outlaws will
have encryption." Indeed, a recent study by the George
Washington University School of Engineering and Applied Science
backs up Goodlatte. It found good encryption programs available
outside the United States on more than 800 Websites.
. . . . Of course, robust encryption available to any citizen might
thwart the special vision of an administration that believes that
government must be the protector of its citizens.
. . . . It may be a touch exaggerated, but many citizens feel like
the eager young criminal lawyer played by Will Smith last year in
the movie Enemy of the State. When Smith unknowingly comes
into possession of evidence that a secret federal agency is
committing criminal acts, he finds himself targeted in a bizarre
night-and-day chase through streets, markets and high-rise
buildings -- all with the obligatory black helicopters hovering
overhead.
. . . . Dramatic license aside, there are signs in that events are
inching toward that fantastic scenario. Most disturbing were the
detailed revelations by a panel of the European Parliament that the
United Kingdom and the United States, joined by Canada,
Australia and New Zealand, have been engaged in international
surveillance of the communications of each other's citizens for
years in a joint signals-intelligence consortium code-named
ECHELON (see sidebar; for an earlier report, see news alert!, Aug.
17, 1998). Although Attorney General Janet Reno and other
officials assert that encryption must be controlled to stop terrorists
and child pornography -- two powerful, but demagogic arguments --
it appears the real reasons lie elsewhere. After all, as Reno admits,
international terrorist Osama bin Laden already has cryptography
and child pornographers are best caught the old-fashioned way: by
baiting them into their own trap. The fact is that routine use of
strong encryption by law-abiding citizens and enterprises would
shut down citizen-surveillance projects such as ECHELON.
. . . . The battle to block widespread use of private encryption and
to extend government surveillance has emerged on many fronts in
the last few months:
The administration has put on a full-court press to block the SAFE
bill. Goodlatte and his 258 cosponsors are on one side; on the
other are the president, the secretaries of state and defense, the
directors of the CIA and FBI and the attorney general, who all have
risen up to attempt to defeat the legislation. And they have
corralled a few of the GOP's old bull elephants --including House
Armed Services Committee Chairman Floyd Spence of South
Carolina and House Permanent Select Intelligence Committee
Chairman Porter Goss of Florida -- to run interference on Capitol
Hill. But HR850 safely has run the gauntlet of three House
committees in sequential referral -- Judiciary, Commerce and
International Relations. It ran aground, however, in Spence's and
Goss' panels. Both committees stood the bill on its head, adopting
the administration's position that SAFE would abet terrorists and
child pornographers. No matter. "They are, in effect, sending
alternative suggestions to the [House] Rules Committee; they don't
amend my language," says Goodlatte. Judiciary is the main
committee of jurisdiction, and its bill now is before the Rules
Committee, chaired by Rep. David Dreier of California, for possible
action in September. Sources in the Rules Committee tell Insight
that the cards are being held close to the chairman's vest, but
Dreier happens to be a cosponsor of the Goodlatte version.
The Justice Department has sought the "cooperation" of private
industry to exchange security data in eight areas of "critical
infrastructure," including telecommunications, transportation, water
supply, oil and gas production, banking and finance, electrical
generation, emergency services and essential government. "The
NIPC [National Infrastructure Protection Center] was established to
deter, detect, analyze, investigate and provide warnings of
cyberthreats and attacks on the critical infrastructures of the
United States, including illegal intrusions into government and
private-sector computer networks," Reno told the Senate
Appropriations Committee on Feb. 24. "NIPC will play a major role
in the national plan for cyberprotection functions." Reno went on to
note that "the administration is not currently seeking mandatory
controls on encryption, but instead is working with industry to find
voluntary solutions." But banking officials, for example, are
extremely experienced in detecting and preventing computer
intrusions because of the vast sums at stake. "It is difficult to
imagine that a government that can't even keep our top nuclear
secrets safe could teach financial institutions about security," a
source close to the banking industry tells Insight. Besides, the
source says, banking officials, after meeting NIPC, were appalled
at the range of information the government is seeking -- including
detailed access and transaction codes of customers.
The Justice Department has been planning to establish the Federal
Intrusion Detection Network, or FIDNET, which continually would
monitor the Internet for intrusions, at a cost of $1.5 billion.
According to a study by the Center for Democracy and Technology
of a restricted draft document, FIDNET would be an intrusion-
detection monitoring system for non-Defense Department
government computers. Intrusion-detection monitors installed on
individual systems or networks would be "netted" so that an
intruder or intrusion techniques used at one site automatically will
be known at all sites. But the draft plan says that the goal is to
have similar monitoring sensors installed on private-sector
information systems. As soon as the draft document began
circulating on Capitol Hill, the House Appropriations Committee
quietly axed the budget request for FIDNET on July 30.
On Aug. 5, President Clinton issued an executive order setting up
a "Working Group on Unlawful Conduct on the Internet." The
working group is to make a report on whether there are enough
federal laws to deal with unlawful conduct and whether new
technology and capabilities might be needed for effective
investigation and prosecution of unlawful conduct within the context
of administration policy which supports industry self-regulation
"where possible."
The Justice Department, which has prosecuted and threatened
prosecution against a number of nongovernment experts who want
to publish their encryption programs on the Internet, is appealing
the May 6 decision of the 9th U.S. Circuit Court of Appeals in
Bernstein v. U.S. Department of Justice that encryption is
protected speech under the First Amendment. Daniel Bernstein, a
professor in the Department of Mathematics, Statistics, and
Computer Science at the University of Illinois at Chicago,
developed an encryption system that he wanted to post on the
Internet for discussion. The State and Commerce departments
ruled that to do so he would have to declare himself an arms dealer
and apply for an export license, which was refused.
The FBI -- which was denied the right to require cell-phone
companies to install equipment that would give real-time
information to track the location of cell-phone users (even when the
instrument is on standby) in the 1994 Communications Assistance
for Law Enforcement Act -- has been working with the Federal
Communications Commission to establish standards which would
do the same thing without legislation. According to James X.
Dempsey of the Center for Democracy and Technology, "The FBI
has sought a 100 percent solution -- a comprehensive examination
of the nation's evolving telephone systems that would address all
potential law-enforcement problems in a single 'standard' for use by
switch manufacturers." In addition to location tracking, he says,
the FBI and industry have proposed "allowing companies to deliver
the entire packet data stream, including the content of all
communications, when law enforcement is entitled to receive only
dialing or signal information." In addition, the FBI is attempting to
collect all numbers dialed, "including credit-card and bank-
account." The FBI also is seeking an enormous increase in
capacity: the ability to tap one out of 1,000 phone lines in a given
locality at the same time, or the ability to monitor 74,250 phone
lines at once -- 10 times the number of surveillance orders in 1993.
U.S. Postmaster General William Henderson proposed on May 17
that the Internet go postal. He wants the post office to become the
custodian of all e-mail addresses, mapping them to specific
geographic locations, as well as processing bill payments,
purchase transactions and being "the residential deliverer of choice
for purchases made on the Internet." Describing the post office as
a trusted third party, Henderson said, "We would own the physical
address and we would maintain it. All that information that . . . our
customers have developed around a physical address could now
migrate through the Internet and be a part of commerce."
. . . . "The underlying belief is that American citizens really need to
be policed," Shari Steel, director of legal services for the Electronic
Frontiers Foundation, tells Insight. "They are putting it on
themselves to look at every citizen. They are just willing to trample
all over civil liberties to find the isolated criminal. These issues are
clearly related to who has the right to make the decisions for all of
us, the right to make big societal decisions as to what's good for
all of us. Almost all of us online believe that citizens have the right
to protect our integrity. Really, technology gives us the solutions to
protect out autonomy."
. . . .
. . . .
A Backdoor to Your PC. . . .
. . . .
. . . . The White House is seeking new legislation to allow law-
enforcement agents to enter the back door of anyone's computer
without the owner being aware. An Aug. 4 Department of Justice
internal memo obtained by Insight analyzes a proposed
"Cyberspace Electronic Security Act of 1999," or CESA, which the
department is planning to send to Capitol Hill. CESA sets up a
framework for protecting the stored recovery-key system, or key
escrow, which the computer industry steadfastly has rejected --
thereby showing that the Clinton administration is determined to
win on this issue, despite overwhelming sentiment behind HR850,
Virginia Republican Rep. Bill Goodlatte's bill in the House. It
provides a way for law-enforcement agents to obtain recovery keys
from the keyholder and states that "there is no constitutionally
protected expectation of privacy in the plaintext [a term used by
encryption experts to denote an ordinary message in its original
meaningful form] of encrypted data" -- contrary to the recent ruling
of the 9th U.S. Circuit Court of Appeals in Bernstein v. DOJ that
encryption is constitutionally protected.
. . . . But even if the key to encrypted text is not stored with a third
party, the government wants access. The memo notes, "In the pre-
encryption world, this problem did not arise." Therefore, it
concludes, "the government will need another way to obtain
encryption keys," including "a search warrant with the possibility of
delayed notice," and "the alteration of hardware or software that
allows plaintext to be obtained even if attempts were made to
protect it with encryption."
. . . . According to the Electronic Privacy Information Center, the
White House plan would enable federal and local law-enforcement
agents secretly to break into private premises and alter computer
equipment to collect e-mail messages and other electronic
information. "It's really a little hard to believe that they would be
seriously proposing this," EPIC's counsel, David Sobel, tells
Insight. "This is beyond the wildest imagination of the most
paranoid people who have been following this issue over the years --
it's one of the scariest proposals to come out of government in a
long time. This strikes at the heart of the Bill of Rights."
. . . .
. . . .
Listen Up, ECHELON. . . .
. . . .
. . . . The report prepared for the European Parliament by its
Scientific and Technological Options Assessment panel, or STOA,
confirmed in April that ECHELON's giant antennae distributed
among the five countries monitors all communications broadcast
by satellite and microwave relays, including voice and data
streams. Submarine pods, attached to undersea cable by induction
coils, monitor the Internet and cable traffic. Information is passed
through so-called "dictionary" computers that sort out the data by
looking for keywords. The information "is used to obtain sensitive
data concerning individuals, governments and trade and
international organizations," says the STOA report, asserting that
the information is used not only for military intelligence but also to
promote commercial contracts. As usual, U.K and U.S. officials
have declined comment but, on May 23, Martin Brady, director of
the Australian Defense Signals Directorate, or DSD, in Canberra
stated that DSD "does cooperate with counterpart signals-
intelligence organizations overseas under the UK/USA relationship."
. . . .
. . . .
Encryption as Protected Art. . . .
. . . .
. . . . Encryption is an essential part of the right to human
expression protected under the Constitution. Ironically, the Central
Intelligence Agency, one of the lead agencies attempting to limit
the use of encryption, is the home of a well-known artwork,
Kryptos, the work of Washington sculptor James Sanborn. The
giant bronze piece has stood like an upended parchment in a
secret courtyard of the agency since the 1980s, covered with 865
characters arranged in rows. But the best cryptographers at CIA
have not yet cracked the code completely, though the message is
slowly yielding to efforts of top code breakers.
Click here to go back to the top of this article.
HOME | SPECIAL OFFER | LETTERS | LINKS
Copyright � 1999 News World Communications, Inc.
DECLARATION & DISCLAIMER
==========
CTRL is a discussion and informational exchange list. Proselyzting propagandic
screeds are not allowed. Substance�not soapboxing! These are sordid matters
and 'conspiracy theory', with its many half-truths, misdirections and outright
frauds is used politically by different groups with major and minor effects
spread throughout the spectrum of time and thought. That being said, CTRL
gives no endorsement to the validity of posts, and always suggests to readers;
be wary of what you read. CTRL gives no credeence to Holocaust denial and
nazi's need not apply.
Let us please be civil and as always, Caveat Lector.
========================================================================
Archives Available at:
http://home.ease.lsoft.com/archives/CTRL.html
http:[EMAIL PROTECTED]/
========================================================================
To subscribe to Conspiracy Theory Research List[CTRL] send email:
SUBSCRIBE CTRL [to:] [EMAIL PROTECTED]
To UNsubscribe to Conspiracy Theory Research List[CTRL] send email:
SIGNOFF CTRL [to:] [EMAIL PROTECTED]
Om
