-Caveat Lector-
Vol. 15, No. 34 -- September 13, 1999
Published Date August 20, 1999, in Washington,
D.C. www.insightmag.com
Enemies of the State
By James P. Lucier
In a clash between the authoritarian state and the libertarian
vision, the Clinton administration is seeking draconian control
of computers and encryption.
Virginia's soft-spoken four-term Republican congressman, Rep. Bob
Goodlatte, may come out of a no-nonsense town in the Blue Ridge,
but he has taken on virtually the entire defense establishment,
the intelligence community and even the FBI with his bill HR850,
the Security and Freedom through Encryption Act, or SAFE. It is a
simple concept, and it has 258 cosponsors in the House. What SAFE
would do is guarantee every American the freedom to use any type
of cryptography anywhere in the world and allow the sale of any
type of encryption domestically. Not such a big deal, is it? How
many Americans go around writing secret messages in disappearing
ink after they grow up?
Actually, it is one of those edge-defying, generation-splitting,
turn-the-world-upside-down moments in history. It is a struggle
between two different visions of American society. One side sees
the private use of encryption as a way to safeguard the records
and property of U.S. citizens from the prying eyes of computer
hackers, thieves, terrorists and the U.S. government. The other
side is the U.S. government, which sees itself as the guarantor
of security in the newly discovered land of cyberspace. And to
provide that security the government says it has to have the
power, at any given moment, to look into anyone's e-mail, bank
accounts, financial transactions, information exports and
dangerous ideas. Our whole practice of governing is based on
geographic concepts -- jurisdiction in delineated districts,
authority flowing from citizens voting by precinct, taxes based
on property in a given place or on salaries reported to and
scrutinized by powerful agencies.
But the Internet is everywhere and nowhere. If people slip into
cyberspace covered in the stealth garment of encryption to
perform transactions, express their ideas, transfer payments and
export technology, who's to know what is happening? How will
taxes be assessed and collected? How will commerce be measured?
How will the professions be regulated if everyone has access to
legal or medical information? What will bureaucrats do without
people to boss around? How will ideas be controlled? For those
who believe that strong government should be the molder and
protector of its citizens -- well then, citizens acting behind
the cloak of encryption could be a fundamental threat to
government. They are enemies of the state.
Encryption has been around since the earliest times. Elizabethan
poets and spies were versed in "cypher." Samuel Pepys wrote his
famous diaries in cypher to hide his accounts of his dalliances.
William Byrd of Westover wrote the first major literary work in
North America -- his diaries -- in his own code. Thomas Jefferson
and his protégé, James Monroe, corresponded in cypher and
continually were complaining that the key was mislaid or gone
astray.
Modern encryption is based on the use of a unique, private
numeric "key" which opens a "public key" that even may be
published in the marketplace of the Internet. The length of the
string of numbers, or "bits," in the private key determines how
difficult it is to crack the code. The Clinton administration has
decreed that persons in the United States can export encryption
products that use up to 56 bits in the key's algorithm; to export
a longer and stronger product, the user must agree to put the key
"in escrow" where it can be subpoenaed by law-enforcement
authorities. But foreign users understandably do not want to
place their keys in escrow available to U.S. authorities. And
56-bit encryption is not as secure as the federal government has
claimed: In a recent test, a group of private computer experts
with desktop computers cracked the 56-bit code in less than 24
hours. More secure 128-bit encryption is widely available around
the world, including the United States, but it is illegal to
export any product that uses it (see sidebar, below).
The SAFE bill would modernize U.S. export controls to permit the
export of generally available software and create criminal
penalties for the knowing and willful use of encryption to
conceal evidence of a crime, but specifies that the use of
encryption by itself is not probable cause of a crime. "The
reasons why they have insisted on those export controls is to
attempt to force the software industry to devise a key-recovery
or key-escrow system whereby everybody's computer has a back door
that law enforcement can access without their knowledge,"
Goodlatte tells Insight. American citizens "are not as secure as
they could be because encryption has not grown to the strength
that it should be to protect the actions of law-abiding
citizens."
The use of encryption by private individuals and business
enterprises is a good way to fight crime, Goodlatte believes, by
stopping crime before it happens. "Because encryption is already
widely available, [law-enforcement authorities] will still have a
problem whether my bill passes or not," he says. "Individuals
bent on using encryption to cover up their activities for
criminal purposes can buy it from literally hundreds of sources.
To cite an adage that applies in another area: If you outlaw
encryption, only outlaws will have encryption." Indeed, a recent
study by the George Washington University School of Engineering
and Applied Science backs up Goodlatte. It found good encryption
programs available outside the United States on more than 800
Websites.
Of course, robust encryption available to any citizen might
thwart the special vision of an administration that believes that
government must be the protector of its citizens.
It may be a touch exaggerated, but many citizens feel like the
eager young criminal lawyer played by Will Smith last year in the
movie Enemy of the State. When Smith unknowingly comes into
possession of evidence that a secret federal agency is committing
criminal acts, he finds himself targeted in a bizarre
night-and-day chase through streets, markets and high-rise
buildings -- all with the obligatory black helicopters hovering
overhead.
Dramatic license aside, there are signs in that events are
inching toward that fantastic scenario. Most disturbing were the
detailed revelations by a panel of the European Parliament that
the United Kingdom and the United States, joined by Canada,
Australia and New Zealand, have been engaged in international
surveillance of the communications of each other's citizens for
years in a joint signals-intelligence consortium code-named
ECHELON (see sidebar; for an earlier report, see news alert!,
Aug. 17, 1998). Although Attorney General Janet Reno and other
officials assert that encryption must be controlled to stop
terrorists and child pornography -- two powerful, but demagogic
arguments -- it appears the real reasons lie elsewhere. After
all, as Reno admits, international terrorist Osama bin Laden
already has cryptography and child pornographers are best caught
the old-fashioned way: by baiting them into their own trap. The
fact is that routine use of strong encryption by law-abiding
citizens and enterprises would shut down citizen-surveillance
projects such as ECHELON.
The battle to block widespread use of private encryption and to
extend government surveillance has emerged on many fronts in the
last few months:
The administration has put on a full-court press to block the
SAFE bill. Goodlatte and his 258 cosponsors are on one side; on
the other are the president, the secretaries of state and
defense, the directors of the CIA and FBI and the attorney
general, who all have risen up to attempt to defeat the
legislation. And they have corralled a few of the GOP's old bull
elephants --including House Armed Services Committee Chairman
Floyd Spence of South Carolina and House Permanent Select
Intelligence Committee Chairman Porter Goss of Florida -- to run
interference on Capitol Hill. But HR850 safely has run the
gauntlet of three House committees in sequential referral --
Judiciary, Commerce and International Relations. It ran aground,
however, in Spence's and Goss' panels. Both committees stood the
bill on its head, adopting the administration's position that
SAFE would abet terrorists and child pornographers. No matter.
"They are, in effect, sending alternative suggestions to the
[House] Rules Committee; they don't amend my language," says
Goodlatte. Judiciary is the main committee of jurisdiction, and
its bill now is before the Rules Committee, chaired by Rep. David
Dreier of California, for possible action in September. Sources
in the Rules Committee tell Insight that the cards are being held
close to the chairman's vest, but Dreier happens to be a
cosponsor of the Goodlatte version.
The Justice Department has sought the "cooperation" of private
industry to exchange security data in eight areas of "critical
infrastructure," including telecommunications, transportation,
water supply, oil and gas production, banking and finance,
electrical generation, emergency services and essential
government. "The NIPC [National Infrastructure Protection Center]
was established to deter, detect, analyze, investigate and
provide warnings of cyberthreats and attacks on the critical
infrastructures of the United States, including illegal
intrusions into government and private-sector computer networks,"
Reno told the Senate Appropriations Committee on Feb. 24. "NIPC
will play a major role in the national plan for cyberprotection
functions." Reno went on to note that "the administration is not
currently seeking mandatory controls on encryption, but instead
is working with industry to find voluntary solutions." But
banking officials, for example, are extremely experienced in
detecting and preventing computer intrusions because of the vast
sums at stake. "It is difficult to imagine that a government that
can't even keep our top nuclear secrets safe could teach
financial institutions about security," a source close to the
banking industry tells Insight. Besides, the source says, banking
officials, after meeting NIPC, were appalled at the range of
information the government is seeking -- including detailed
access and transaction codes of customers.
The Justice Department has been planning to establish the Federal
Intrusion Detection Network, or FIDNET, which continually would
monitor the Internet for intrusions, at a cost of $1.5 billion.
According to a study by the Center for Democracy and Technology
of a restricted draft document, FIDNET would be an
intrusion-detection monitoring system for non-Defense Department
government computers. Intrusion-detection monitors installed on
individual systems or networks would be "netted" so that an
intruder or intrusion techniques used at one site automatically
will be known at all sites. But the draft plan says that the goal
is to have similar monitoring sensors installed on private-sector
information systems. As soon as the draft document began
circulating on Capitol Hill, the House Appropriations Committee
quietly axed the budget request for FIDNET on July 30.
On Aug. 5, President Clinton issued an executive order setting up
a "Working Group on Unlawful Conduct on the Internet." The
working group is to make a report on whether there are enough
federal laws to deal with unlawful conduct and whether new
technology and capabilities might be needed for effective
investigation and prosecution of unlawful conduct within the
context of administration policy which supports industry
self-regulation "where possible."
The Justice Department, which has prosecuted and threatened
prosecution against a number of nongovernment experts who want to
publish their encryption programs on the Internet, is appealing
the May 6 decision of the 9th U.S. Circuit Court of Appeals in
Bernstein v. U.S. Department of Justice that encryption is
protected speech under the First Amendment. Daniel Bernstein, a
professor in the Department of Mathematics, Statistics, and
Computer Science at the University of Illinois at Chicago,
developed an encryption system that he wanted to post on the
Internet for discussion. The State and Commerce departments ruled
that to do so he would have to declare himself an arms dealer and
apply for an export license, which was refused.
The FBI -- which was denied the right to require cell-phone
companies to install equipment that would give real-time
information to track the location of cell-phone users (even when
the instrument is on standby) in the 1994 Communications
Assistance for Law Enforcement Act -- has been working with the
Federal Communications Commission to establish standards which
would do the same thing without legislation. According to James
X. Dempsey of the Center for Democracy and Technology, "The FBI
has sought a 100 percent solution -- a comprehensive examination
of the nation's evolving telephone systems that would address all
potential law-enforcement problems in a single 'standard' for use
by switch manufacturers." In addition to location tracking, he
says, the FBI and industry have proposed "allowing companies to
deliver the entire packet data stream, including the content of
all communications, when law enforcement is entitled to receive
only dialing or signal information." In addition, the FBI is
attempting to collect all numbers dialed, "including credit-card
and bank-account." The FBI also is seeking an enormous increase
in capacity: the ability to tap one out of 1,000 phone lines in a
given locality at the same time, or the ability to monitor 74,250
phone lines at once -- 10 times the number of surveillance orders
in 1993.
U.S. Postmaster General William Henderson proposed on May 17 that
the Internet go postal. He wants the post office to become the
custodian of all e-mail addresses, mapping them to specific
geographic locations, as well as processing bill payments,
purchase transactions and being "the residential deliverer of
choice for purchases made on the Internet." Describing the post
office as a trusted third party, Henderson said, "We would own
the physical address and we would maintain it. All that
information that . . . our customers have developed around a
physical address could now migrate through the Internet and be a
part of commerce."
"The underlying belief is that American citizens really need to
be policed," Shari Steel, director of legal services for the
Electronic Frontiers Foundation, tells Insight. "They are putting
it on themselves to look at every citizen. They are just willing
to trample all over civil liberties to find the isolated
criminal. These issues are clearly related to who has the right
to make the decisions for all of us, the right to make big
societal decisions as to what's good for all of us. Almost all of
us online believe that citizens have the right to protect our
integrity. Really, technology gives us the solutions to protect
out autonomy."
A Backdoor to Your PC. . . .
The White House is seeking new legislation to allow
law-enforcement agents to enter the back door of anyone's
computer without the owner being aware. An Aug. 4 Department of
Justice internal memo obtained by Insight analyzes a proposed
"Cyberspace Electronic Security Act of 1999," or CESA, which the
department is planning to send to Capitol Hill. CESA sets up a
framework for protecting the stored recovery-key system, or key
escrow, which the computer industry steadfastly has rejected --
thereby showing that the Clinton administration is determined to
win on this issue, despite overwhelming sentiment behind HR850,
Virginia Republican Rep. Bill Goodlatte's bill in the House. It
provides a way for law-enforcement agents to obtain recovery keys
from the keyholder and states that "there is no constitutionally
protected expectation of privacy in the plaintext [a term used by
encryption experts to denote an ordinary message in its original
meaningful form] of encrypted data" -- contrary to the recent
ruling of the 9th U.S. Circuit Court of Appeals in Bernstein v.
DOJ that encryption is constitutionally protected.
But even if the key to encrypted text is not stored with a third
party, the government wants access. The memo notes, "In the
pre-encryption world, this problem did not arise." Therefore, it
concludes, "the government will need another way to obtain
encryption keys," including "a search warrant with the
possibility of delayed notice," and "the alteration of hardware
or software that allows plaintext to be obtained even if attempts
were made to protect it with encryption."
According to the Electronic Privacy Information Center, the White
House plan would enable federal and local law-enforcement agents
secretly to break into private premises and alter computer
equipment to collect e-mail messages and other electronic
information. "It's really a little hard to believe that they
would be seriously proposing this," EPIC's counsel, David Sobel,
tells Insight. "This is beyond the wildest imagination of the
most paranoid people who have been following this issue over the
years -- it's one of the scariest proposals to come out of
government in a long time. This strikes at the heart of the Bill
of Rights."
Listen Up, ECHELON. . . .
The report prepared for the European Parliament by its Scientific
and Technological Options Assessment panel, or STOA, confirmed in
April that ECHELON's giant antennae distributed among the five
countries monitors all communications broadcast by satellite and
microwave relays, including voice and data streams. Submarine
pods, attached to undersea cable by induction coils, monitor the
Internet and cable traffic. Information is passed through
so-called "dictionary" computers that sort out the data by
looking for keywords. The information "is used to obtain
sensitive data concerning individuals, governments and trade and
international organizations," says the STOA report, asserting
that the information is used not only for military intelligence
but also to promote commercial contracts. As usual, U.K and U.S.
officials have declined comment but, on May 23, Martin Brady,
director of the Australian Defense Signals Directorate, or DSD,
in Canberra stated that DSD "does cooperate with counterpart
signals-intelligence organizations overseas under the UK/USA
relationship."
Encryption as Protected Art. . . .
Encryption is an essential part of the right to human expression
protected under the Constitution. Ironically, the Central
Intelligence Agency, one of the lead agencies attempting to limit
the use of encryption, is the home of a well-known artwork,
Kryptos, the work of Washington sculptor James Sanborn. The giant
bronze piece has stood like an upended parchment in a secret
courtyard of the agency since the 1980s, covered with 865
characters arranged in rows. But the best cryptographers at CIA
have not yet cracked the code completely, though the message is
slowly yielding to efforts of top code breakers.
Copyright © 1999 News World Communications, Inc.
=================================================================
Kadosh, Kadosh, Kadosh, YHVH, TZEVAOT
FROM THE DESK OF: <[EMAIL PROTECTED]>
*Mike Spitzer* <[EMAIL PROTECTED]>
~~~~~~~~ <[EMAIL PROTECTED]>
The Best Way To Destroy Enemies Is To Change Them To Friends
Shalom, A Salaam Aleikum, and to all, A Good Day.
=================================================================
DECLARATION & DISCLAIMER
==========
CTRL is a discussion and informational exchange list. Proselyzting propagandic
screeds are not allowed. Substance—not soapboxing! These are sordid matters
and 'conspiracy theory', with its many half-truths, misdirections and outright
frauds is used politically by different groups with major and minor effects
spread throughout the spectrum of time and thought. That being said, CTRL
gives no endorsement to the validity of posts, and always suggests to readers;
be wary of what you read. CTRL gives no credeence to Holocaust denial and
nazi's need not apply.
Let us please be civil and as always, Caveat Lector.
========================================================================
Archives Available at:
http://home.ease.lsoft.com/archives/CTRL.html
http:[EMAIL PROTECTED]/
========================================================================
To subscribe to Conspiracy Theory Research List[CTRL] send email:
SUBSCRIBE CTRL [to:] [EMAIL PROTECTED]
To UNsubscribe to Conspiracy Theory Research List[CTRL] send email:
SIGNOFF CTRL [to:] [EMAIL PROTECTED]
Om
