Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Crypto Must Be Controlled - FBI Director

By rajivvarma in News
Thu Feb 17, 2000 at 08:00:52 PM EST
Tags: Freedom (all tags)
Freedom

I found this little news bit at The Register. FBI Director Louis Freeh remains determined to require cryptography users to register their keys so that the Bureau can crack their secret files whenever a judge can be persuaded that information contained therein might facilitate a prosecution. (Complete text from the web site below)


FBI Director Louis Freeh remains determined to require cryptography users to register their keys so that the Bureau can crack their secret files whenever a judge can be persuaded that information contained therein might facilitate a prosecution.

There were fifty-three cases last year which slipped through the FBI's hands because their (apparently overrated) technicians were unable to crack the cryptography with which the incriminating files were encoded, Freeh explained in testimony to the Senate Appropriations Subcommittee on Wednesday.

"We are operating with primitive tools," Freeh allowed.

"If this area remains unanswered, we will be unable to investigate some of the major cases" of cyber crime, he added.

"We don't need a major change in the Constitution or our authority. We can get this plain-text access, which comes only with a court order, without changing any statute which protects not only privacy, but the expectation of privacy," Freeh claimed.

"If this remains unanswered, we will be unable to work many of these cases," he warned.

Freeh and his boss, US Attorney General Janet Reno, have repeatedly called for strict crypto regulations along the lines preferred by the British and Communist Chinese governments. It remains to be seen whether the US Congress, which has the last word in this debate, will come around to their way of thinking.

In America, many Members are reluctant to give such power to Big Brother for fear of a Nanny State gone out of control. Reno and Freeh may well be condemned, like Cassandra, to repeating their gloomy message to deaf ears ad nauseum.

We note that just as the British government is announcing appallingly Draconian ambitions to require crypto keys to be registered, the Irish government is renouncing any such development in the name of lubricating e-commerce.

We note further, and with delicious irony, that US Trade Representative Charlene Barchefsky is currently involved in a heated dispute with the Chinese, decrying their Blair-esque ambitions to require the registration of crypto keys, which the USTR fears might interrupt the flow of sex, money and greed upon which all developing economies, and those who would exploit them, necessarily depend.

Meanwhile, far across the Pond, Congressional gridlock all but guarantees that the United States will have time enough to learn for itself which approach works best.

From
Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o news bit
o The Register
o Also by rajivvarma


Display: Sort:
Crypto Must Be Controlled - FBI Director | 21 comments (21 topical, editorial, 0 hidden)
Scarry stuff.... (none / 0) (#6)
by Dast on Thu Feb 17, 2000 at 08:25:17 PM EST

Dast voted 1 on this story.

Scarry stuff.

Yes, I think I'd like to see the FB... (none / 0) (#3)
by Nyarlathotep on Thu Feb 17, 2000 at 09:36:57 PM EST

Nyarlathotep voted 1 on this story.

Yes, I think I'd like to see the FBI ripped to shreds here. We have not had a good "the FBI is about to fuck yu over" recently. I would be curious to know if this article has the tone of desperation that may mean we are winning or do they really have any chance of getting these powers. I'll be calling my congress person regardless. The thing I'd really like to see is an analysis of the penetratin of cryptography into the main stream culture. There are a variety of things we can do to help this: like convincing RedHat to install ssh and gpg standard on all systems and getting the mail readers to all support gpg "out of the box," i.e. hit the key server to find a public key and encrypt the message to the person if it finds one.
Campus Crusade for Cthulhu -- it found me!

*sigh* While it is a worry, the con... (none / 0) (#1)
by dblslash on Thu Feb 17, 2000 at 10:07:15 PM EST

dblslash voted 1 on this story.

*sigh* While it is a worry, the concept of "Big Brother" is not my main concern with key escrow. If I want something secure, I want it secure without any backdoors. If one exists, it's only a matter of time before someone uncovers it. I can't believe people still think security strictly through obscurity can work. Of course, Mr. Freeh doesn't care about my capability for secrecy. He only wants to be able to prosecute me if he thinks I've committed a crime.

*sigh*

They may take our files, (none / 0) (#13)
by Dast on Fri Feb 18, 2000 at 01:03:45 PM EST

<braveheart>But they can't take our KEEEEEEYYYSSSS!!!!!</braveheart>

I agree. If some spook thinks I commited a crime and wants my keys to try to prove it, I'll go to jail over giving them my key. Even if I didn't commit a crime.

And besides, it seems to me that someone forcing you to give up your key to unlock evidence against you is forcing you to incriminate yourself. I would expect the police to batter down the door to my house, not throw me in jail for not giving them the key to the front door. If they want my data, they had better be prepared to take the time needed to crack it.

[ Parent ]

Well, I don't do any encryption now... (none / 0) (#2)
by bmetzler on Thu Feb 17, 2000 at 10:09:53 PM EST

bmetzler voted 1 on this story.

Well, I don't do any encryption now, but I find the idea of having to "register" encryption keys appalling.
www.bmetzler.org - it's not just a personal weblog, it's so much more.

From Crossbows to Cryptography. One... (none / 0) (#4)
by Demona on Thu Feb 17, 2000 at 11:08:21 PM EST

Demona voted 1 on this story.

From Crossbows to Cryptography. One of my favorite topics.

I think everyone who is likely to p... (none / 0) (#5)
by Kip on Thu Feb 17, 2000 at 11:21:20 PM EST

Kip voted 1 on this story.

I think everyone who is likely to participate here knows that the FBI has a great desire to be able to open any communication that might be encrypted against it. So in some manner, this is hardly news. But the Register article is rather interesting in the news about the alleged 53 cases which they couldn't crack due to encryption.

Re: Crypto Must Be Controlled - FBI Director (none / 0) (#7)
by relarson on Fri Feb 18, 2000 at 01:40:59 AM EST

I just don't get it.

If the FBI currently has 53 cases that they can't defeat the encryption on, what makes them think that if they push key escrow onto the american populus that the number of cases that they can't defeat encryption on will go down? Sure a lot of "stupid" or uninformed criminals won't be able to download strong encryption say from that bastion of freedom *Canada*.

But those same criminals are the ones that the FBI would catch anyways due to the same thing that usually gets criminals caught...good solid police _work_.

The powers that the state currently has are so far on the side of the state as opposed to the individual it is laughable to seriously entertain the thought of erasing even more of our rights.

I just hope its the last gasp of our "security state" mentality that just can't grasp that as the 'net currently stands its a losing proposition to fight against the globalization of our world. Only by staying with our principles of *freedom*, be it speach or trade do we stand the chance of succesfuly changing the world we live in from a world of fearful reactionary paternalistic governments to a world in which the rights of the individual are held in higher esteem than those of the state.
-Rich
Errors, like straws, upon the surface flow;
He who would search for pearls must dive below.
--John Dryden,

    All for Love

Re: Crypto Must Be Controlled - FBI Director (none / 0) (#8)
by hattig on Fri Feb 18, 2000 at 07:27:48 AM EST

I agree.

If you are a criminal, you are not going to use the keys that you registered with the NSA/FBI/CIA/MI6/etc are you? The amount of software that does very strong encryption is vast as it is, and adding some steganography to whatever you are encrypting will just make things even harder.

The FBI should realise that they are not going to reduce the number of undecryptable files by using key escrow. There is nothing stopping someone from downloading "Megacrypt 512bit encryption with blah blah" and encrypting their files with that, without giving anybody else the key, then hiding the key inside another file, maybe using steganographic means, or just having the key accessable by the software that uses it (on some kind of special Write Only medium that can only be read by something providing a valid ID and other information, although this would probably be trivial to break given the NSAs tools, but if they don't know where that key is stored...).

This is the sad struggle that has already been lost. Shame is, the British method of solving this is to send people to jail if they do not provide a key to decrypt a file. Having any encrypted file on your computer that the police wanted to look at falls under this law, even if you have just been sent the file by a malicious e-mail virus and you don't have the key!

[ Parent ]
Re: Crypto Must Be Controlled - FBI Director (none / 0) (#9)
by Nyarlathotep on Fri Feb 18, 2000 at 08:32:54 AM EST

Shame is, the British method of solving this is to send people to jail if they do not provide a key to decrypt a file. Having any encrypted file on your computer that the police wanted to look at falls under this law, even if you have just been sent the file by a malicious e-mail virus and you don't have the key!

The solution to this is StegFS. It is an encrypted filesystem for linux which has diffrent levels of security (i.e. diffrent passwords). There is no way to prove a higher level exists from a lower level period. This means you could keep your programms and unemportant data at level 0 (unencrypted), some misc data at level 1, your pgp key at level 2, and all the encrypted data you keep at higher levels. You could then just give the police the keys to levels 1 or 2 and they would have no way to show that you had more encrypted data.

Personally, I think we should feal obligated to make StegFS and simillar Linux crypto patches a the distribution kernels so that everyone installs thmm.

Campus Crusade for Cthulhu -- it found me!
[ Parent ]
Re: Crypto Must Be Controlled - FBI Director (none / 0) (#11)
by ramses0 on Fri Feb 18, 2000 at 11:45:12 AM EST

I'm interested in the idea of yuor StegFS ... I know what Steg is, but how would you guarantee that you could get to level 2?

If all that I had in my unprotected space was a bunch of zip files, it seems that there'd be no place to hide anything?

--Robert
[ rate all comments , for great justice | sell.com ]
[ Parent ]
Re: Crypto Must Be Controlled - FBI Director (none / 0) (#17)
by Nyarlathotep on Fri Feb 18, 2000 at 02:28:11 PM EST

http://ban.joh.cam.ac.uk/~adm36/StegFS/ has information on StegFS (and the kernel module).

how would you guarantee that you could get to level 2? If all that I had in my unprotected space was a bunch of zip files, it seems that there'd be no place to hide anything?

StegFS fills your drive's empty sectors with random garbage. When in use some of these sectors will contin encrypted data and some will not. When you create a file at a lower level it replaces some of the garbage sectors, so there is some chance of erassing your encrypted data---they use some tricks to reduce the chance of this happening.

There really is no way to tell if a sector is encrypted or not without having the decryption key to it since the encrypted data should look identical to random data (from an information theoretic point of view). The readme tells you what percentage of your drive must be unused to keep the chances of destroying your encrypted data low. I think it reduces reduces your effective drive size by a good factor of like 8 or 16.. it's a reasonable price to pay for the level of protection.

Campus Crusade for Cthulhu -- it found me!
[ Parent ]
Re: Crypto Must Be Controlled - FBI Director (none / 0) (#12)
by Paul Dunne on Fri Feb 18, 2000 at 12:36:41 PM EST

But there's the rub. As I understand the British bill, the police don't have to *show* that you have encrypted data -- they just have to convince a judge that there is "reasonable suspicion". So much for innocent until proven guilty. Under this bill, you effectively have to prove that you *don't* have stuff encrypted.
http://dunne.home.dhs.org/
[ Parent ]
Re: Crypto Must Be Controlled - FBI Director (none / 0) (#15)
by Nyarlathotep on Fri Feb 18, 2000 at 02:16:13 PM EST

But there's the rub. As I understand the British bill, the police don't have to *show* that you have encrypted data -- they just have to convince a judge that there is "reasonable suspicion". So much for innocent until proven guilty. Under this bill, you effectively have to prove that you *don't* have stuff encrypted.

Technically, you may be correct, but sthe higher level really may not exist. What are they going to do? Convict you for running StegFS? I don't think even the UK's judges would convict you for not divulging information which they really have no reason to believe exists. All you need to do is bring in a mathematician who says "Yes, you could be holding this person permanently based on the lack of evidence which dose not exists" and any *sane* judge would lissen.

Now, if they have a reason to believe you have the information then you are legally fucked, but you could always make a political stink about it.. and I would not be surprised to see some innocent StegFS user get convicet just because the police convinced the judge he was hiding information, but this is a more general problem with UK law enforcment. As a way for Joe averageto hide all his encrypted emails (which he could have deleted anyway) this is a wonderful system.

Campus Crusade for Cthulhu -- it found me!
[ Parent ]
Re: Crypto Must Be Controlled - FBI Director (none / 0) (#16)
by Paul Dunne on Fri Feb 18, 2000 at 02:25:40 PM EST

A charming display of faith in the integrity of the British legal system with which, as an Irishman, I find it hard to concur. The Brits are already bad enough without taking away "innocent until proven guilty". Imagine (you'll have to do the appropriate accents yourself):

Copper: This man, your honour, is a member of the IRA!
Paddy: I am not!
Copper: He is *too*! He's got encrypted documents on his PC which prove this!
Judge: Hand over the keys, you miscreant!
Paddy: But they're not encrypted! They really are pictures of Natlie Portman!
Copper: He's lying your honour -- you know what these people are like!
Judge: Right you are, constable -- take 'im out and shoot 'im!
Copper: SAH!
<fx: bang>
http://dunne.home.dhs.org/
[ Parent ]

Re: Crypto Must Be Controlled - FBI Director (none / 0) (#19)
by Nyarlathotep on Fri Feb 18, 2000 at 02:56:00 PM EST

A charming display of faith in the integrity of the British legal system with which, as an Irishman, I find it hard to concur. The Brits are already bad enough without taking away "innocent until proven guilty". Imagine (you'll have to do the appropriate accents yourself):

Ok, I agree the situation is very diffrent for you since the Brits would be quite happy to assume you are a terorist just because you are Irish. I was never saing that the Law was not evil.

All I can say is that it may provide some protection. Remember, convicting someone because they use StegFS is technically no diffrent from conficting somoene because they typed "cat /dev/random >foo" at some point in the past. Technically, it is worse then it is to convict them because they can no produce the session key to a previous ssh or netscape encrypted session (which the police recorded). The cops at least know some encryption was going on with the netscape session.


Personally, I thing the Irash should protest this by encrypting EVERYTHING. You guys should pass a law which requires all computer systems to come preloaded with PGP or GPG and a mail reader which makes it easy to use PGP/GPG. :) Ok, maybe you could not get a law passed, but you probable could get the distributors to help out by including a CD with PGP with every computer. That would be a wonderful way to piss on the Brits.

Campus Crusade for Cthulhu -- it found me!
[ Parent ]
Re: Crypto Must Be Controlled - FBI Director (none / 0) (#20)
by Paul Dunne on Fri Feb 18, 2000 at 03:18:42 PM EST

Funnily enough, the government of the South of Ireland has a very progressive attitude on encryption, which it sees as vital to promoting the 26 counties as a base for e-commerce.

But, to repeat once more my point about this new bill, what makes it so bad is that the onus is on the defendant to *prove* that he does *not* have the key to a document which the prosecution says it has reason to believe he has encrypted. I may be wrong, I'm not a lawyer, but that's how I understand it. If my interpretation is correct, then "innocent until proven guilty" just went out the window.
http://dunne.home.dhs.org/
[ Parent ]

Re: Crypto Must Be Controlled - FBI Director (none / 0) (#10)
by Emacs on Fri Feb 18, 2000 at 09:35:35 AM EST

***If you are a criminal, you are not going to use the keys that you registered with the NSA/FBI/CIA/MI6/etc are you? ****

Bingo. If you are going to rob a bank are you going to go purchase a gun from a reputable store and make sure it's properly licensed so the authorities can trace it back to you ? It's the same concept.

I think that technology has moved soooo fast and changes soooo quickly that the Government is just freaking out. They can't control it and they probably don't have a good handle on what it is they are trying to control. If you are a tech-wonder coming out of school are you going to go to work for the FBI/NSA/CIA... or go to work for core-dump.com and make a zillion dollars while working on the cutting edge. Seems like a no brainer to me.. (although I think working for the NSA in the right dept. might be interesting)

When I see people like Janet Reno or Mr President talk about techno issues like crypto or DDoS it always makes me chuckle. They seem to have that "deer caught in the headlights" look. For the most part they are saying the right words but I would almost bet they have very little understanding about what they are saying.

[ Parent ]
Maybe I'm being cynical.. (none / 0) (#14)
by Anonymous Hero on Fri Feb 18, 2000 at 01:11:46 PM EST

Maybe I'm being overly cynical, but IMHO when the FBI or the CIA catches "criminals" especially in cyber-crime or espionage, its likely not because of good police work on their part:

Its because of loose lips. Either the hacker brags about it, or one of his cohorts is paid off.

Remember the unibomber? I admit that this this isn't the greatest example but wasn't the unibomber captured because a family member got a reward??

[ Parent ]

Re: Maybe I'm being cynical.. (none / 0) (#18)
by relarson on Fri Feb 18, 2000 at 02:35:38 PM EST

Well perhaps I was being too kind to the FBI when I said good police work. They and the Secret Service do have quite a history of mistakes when it comes to computer crime, for instance the whole Steve Jackson thing back in the 80s. I'm sure the FBI and CIA would consider informants a valuable tool in law enforcement, though the role they play in many cases may be overmuch...


However, I'm not quite as cynical yet to believe that the FBI as an Institution really truly wants to set up a police state like say east germany in the Cold War. I think that they want to stop criminals, unfortunately they invariably don't rely on existing laws, opting instead for an easily passed modification to minor documents like the Constitution or their Charter.


They have a difficult job, but it would make our lives better if they would remember that they aren't just there to catch criminals but also to safeguard our liberties. Don't comprimise our principles for mere criminals; for aren't we worth more than them?
Errors, like straws, upon the surface flow;
He who would search for pearls must dive below.
--John Dryden,

    All for Love

[ Parent ]
Re: Maybe I'm being cynical.. (none / 0) (#21)
by Paul Dunne on Fri Feb 18, 2000 at 03:25:45 PM EST

It is always right to be suspicious of new legal measures proposed by law enforcement officials. Those guys are very single-minded: "we *know* we don't make mistakes, so where's the problem in giving us more powers? Oh, and they're not really *new* powers, just extensions to fit new technologies". The police *always* want what would effectively be a police state. The difference in a free(ish) country such as the States is that there are checks and balances which prevent the police acting just as they would like.
http://dunne.home.dhs.org/
[ Parent ]
Crypto Must Be Controlled - FBI Director | 21 comments (21 topical, 0 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!