Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Encryption restriction proposals

By wiredog in Op-Ed
Wed Sep 19, 2001 at 08:40:42 PM EST
Tags: Freedom (all tags)
Freedom

John Podesta, President Clinton's chief of staff, writing in the Washington Post describes 5 things that, he suggests, should be done to assist the War on Terrorism. Some, or all, of these will probably be implemented. But should they?


His suggestions are:
  1. The wiretapping statute should apply equal standards to hardware and software surveillance.
  2. The same legal standards should apply to access to e-mail, telephone, and cable services.
  3. A court should be able to issue an order to trace a communication to its source, whether that communication has been gone through telcos or isp's.
  4. As the attorney general has suggested, the authority for roving wiretaps, targeted against persons rather than individual phones, may have to be expanded to cover more situations than are permitted by the Electronic Communications Privacy Act of 1986, to include roving wiretaps under the Foreign Intelligence Surveillance Act.
  5. Establish rules to control the disclosure to law enforcement of encryption keys held by third-party custodians. That is, key escrow.

What do I think of these suggestions, you ask? (OK, you didn't ask. I'll tell you anyway.)

1. Yes.
Anything that can be done in software can (theoretically) be done in hardware, and vice versa, so the same standards should apply to both.

2. Yes, with a modification.
E-mail should have the same protection as regular mail. IRC and other chat systems should be subject to the wiretap laws, as they are (socially) regular conversations. Actually, since a person talking in public has "no expectation of privacy", warrants (theoretically) would not be needed, legislation requiring them would, therefore, be a Good Thing™.

3. Yes,with reservations.
This would make e-mail return address spoofing illegal, which would make life tougher for spammers (and therefore Good). It would also outlaw anonymous remailers, which could be bad.

4. Yes.
It makes sense. If you can get the probable cause for a tap on Alice's home phone, then it should be probable cause to monitor her other communications. The question is: What are the standards for probable cause?

5. Needs further study.
This would, essentially, outlaw crypto systems that don't have a key escrow capability, and anyone caught using such a system would be jailed and/or fined. Basically, if you used PGP or GPG, you would have to have your keys stored with a trusted third party. (Hailstorm, anyone?) While it wouldn't stop criminals from using crypto, it would make it easier to identify them. "If we outlaw guns, only outlaws will have guns" is, however, a valid argument. Would the EFF, or someone similar, be allowed to be a trusted third party? Would there be audits of the third parties security? Would we know if someone showed up with a warrant for our keys? What would the privacy restrictions on those third parties be?

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o writing
o Also by wiredog


Display: Sort:
Encryption restriction proposals | 22 comments (21 topical, 1 editorial, 0 hidden)
Escrow and international e-mail? (4.00 / 1) (#2)
by LQ on Wed Sep 19, 2001 at 12:38:48 PM EST

So how does escrow work with international e-mail? Herman German wants to e-mail Hank Yank. Does the CIA have to have a copy of Herman's private key? So Hank mails Herman. Does the German security service have a copy of Hank's private key? Pretty soon you've got a traveling salesman problem in terms of how many keys need to be held where.

Ok, so only the CIA needs to hold private keys of any mail originating the US. So how do they monitor (in their ever-so-secret establishment in the north of England) traffic from, say, Canada to Spain? Where do they get those keys?



Other issues (4.00 / 1) (#3)
by squigly on Wed Sep 19, 2001 at 01:12:57 PM EST

Inadvertant breach of the law. Once pgp is installed, creating a public key and sending it around the world is trivial. Remembering to send a copy of the private key to a trusted third party is a lot harder. Of course, ignorance of the law is no defence, but it is counterproductive to prosecute a lot of otherwise law abiding people.

[ Parent ]
re:Other issues (none / 0) (#6)
by truth versus death on Wed Sep 19, 2001 at 04:15:19 PM EST

Who is a a trusted third party?

"any erection implies consent"-fae
[ Trim your Bush ]
[ Parent ]
Trusted Third Party (4.50 / 2) (#7)
by wiredog on Wed Sep 19, 2001 at 05:10:47 PM EST

Cryptographers define a "trusted third party" as someone trusted by everyone involved in a protocol to help complete the protocol fairly and securely. (Secrets and Lies, page 226, see also page 109). In the situation discussed here, Alice trusts that Bob, if given her key, won't use it to vacuum out her bank account, post false messages under her name, or share it with anyone else without proper authorization. The government trusts that Bob will give up the key if given that authorization. Notice that there is no requirement that Bob be a corporate or governmental entity, he merely must be someone that both Alice and the government trust. He could be a lawyer or bank, which are aoften used as trusted third parties.

If there's a choice between performance and ease of use, Linux will go for performance every time. -- Jerry Pournelle
[ Parent ]
Counterproductive (5.00 / 1) (#10)
by CyberRonin on Thu Sep 20, 2001 at 09:04:17 AM EST

Of course, ignorance of the law is no defence(sic), but it is counterproductive to prosecute a lot of <u>otherwise law abiding</u> people.

This is the same reasoning that applies to speeding, running stop signs (because nobody is coming) and DUI. And, every now and then, law enforcement will make an example of those that think along these lines. This is not ignorance but rather defiance of the law. You are not permitted to choose which laws you will obey and those you will break. You are bound by all laws until changed or abolished by lawful means.

I am a staunch opponent of key escrow. They tried to push this on us with the Clipper chip back in the early 90's. And, it was discovered that that the key recovery method could easily be circumvented thereby making the system secure for terrorists and criminals but subjecting less technically inclined citizens to monitoring. The Clinton administraton tried really hard to push this device. Fortunately, it failed. Janet Reno pushed really hard to make wiretapping a breeze as well. I think that failed as well.

Key Escrow and wiretapping are raising their ugly heads again in this "war" to fight terrorists. I really have no qualms with the new proposed wiretapping legislation. But my concerns about key escrow remain.

Imagine the scenario if a rouge nation utilizes its cracker community to compromise a nation's private key bank? The effects on private citizens would be enormous. And, while law abiding citizens would continue to use the system, we certainly have no realistic expectation that terrorists and criminals will do the same. Can law enforcement truly monitor ALL traffic and determine if a file is encrypted or merely a binary attachment? What if steganographic techniques are applied? What if they, the terrorists, get smart and develop codes rather than ciphers?

During WWII, we employed the obscure Navaho language to effectively encode our transmissions. The cryptographers worked with linquists and developed their own words and phrases based on the Navaho language such that not even a Navaho native could understand. Given this precident, I postulate that we will see the techniques used by the criminals and terrorist advance while law abiding citizens and law enforce lag behind (again). The knowledge is out there and criminals and terrorists are not stupid. Reigning them in will be extremely difficult if not impossible.

Key Escrow is not the answer to the problem at hand.

[ Parent ]

Its not the same. (5.00 / 1) (#11)
by squigly on Thu Sep 20, 2001 at 11:54:03 AM EST

Just to clarify my point -

People are likely to break petty traffic laws because they think that its worth the risk. The laws exist because these offences are cause a direct risk to others. Even if you accidentally speed, you are causing a risk to others.

Proposals for Key escrow laws exist not because encryption will harm others, but because it can be used to facilitate criminal activity. If someone breaks this law, they will not do any harm to anyone, but they run the risk of being punished as a terrorist.

That said, this is primarily a reason that such a law is impractical from the point of view of enforcement. The arguments against it from an ethical point of view are considerably more compelling.

[ Parent ]

Yes and No (none / 0) (#14)
by CyberRonin on Thu Sep 20, 2001 at 04:16:51 PM EST

True, the examples I mentioned are public safety laws. But, these laws not only protect others but the driver of the vehicle as well.

But, this matter aside, encryption of communications is regulated simply because it provides a means by which a criminal or terrorist can hide their activity. And, any activity which conceals illegal activity is, naturally, illegal.

So that brings us to the casual user who wants to send an encrypted message to another. In the interest of national security, law enforcement now has to determine whether or not the sender (or receipient) is conducting illegal operations. This means resources are then dedicated to determine the associated threat level. These resources cost time, personnel, and money.

In this sense, the "innocent" activity of the sender could, potentially, draw resources away that might prevent another crime from taking place. An analogy might be a child playing hide and seek darting in and out of the shadows and catching the eye of unsuspecting police officer or nosy neighbor (who calls the police). The police officer will respond and determine if there activity occuring that demands his attention. While he is looking in the other direction, a car thief succeeds in stealing a car.

Did the child commit a crime by aiding and abetting a crime? Hardly. But, they drew the attention of a limit resource (the police officer) and in doing so, a crime was committed.

Yes, I realize this is a highly simplistic analogy. But, when national security is of concern, the same logic applies. The less time they have to spend determining a potential threat level, the more time they can spend truly protecting us.

[ Parent ]

Awful Justification for Laws (none / 0) (#16)
by Happy Monkey on Thu Sep 20, 2001 at 07:42:49 PM EST

Essentially, you seem to have offered a justification for the criminalization of "seeming suspicious." With that, a suspicious looking (or acting) person not only has to deal with the increased scrutiny attracted, but also can be punished. This can prohibit anything from wearing black trenchcoats to being in the "wrong neighborhood" to carrying a duffel bag around.

People who use encryption should only have to deal with their messages attracting the attention of law enforcement. Law enforcement should have to deal with an overwhelming number of encrypted messages if they are silly enough to use the fact that it is encrypted as the sole reason to investigate a person's communications.
___
Length 17, Width 3
[ Parent ]

I think you missed the point... (none / 0) (#17)
by CyberRonin on Fri Sep 21, 2001 at 09:21:28 AM EST

You dabble on two issues...1) Profiling and 2) National Security interests vs standard laws.

Tomes have been written on these two subjects. I suspect that neither you (nor I) would wade through a post of that magnitude simply to get a point across. As such, certain arguments can not be argued effectively in a shortend forum such as this. Some critical elements may be missing. That said, I'll deal with the second item first.

Our country was founded on the rights and freedoms of the individual within the Union. Laws are passed to regulate certain types of activity and have to pass consitutionality tests.

However, National Security interests outweight the needs of the one or few for the good of all within the Union. In general, restrictions issued on these grounds have been few and far between because of their ability to restrain our "rights and freedoms". Encryption, however, is one area that our gov't has been unable to successfully deal with while preserving your rights and freedoms.

In a country founded on the principle of free speech, we quickly forget that you do not have a right to conspire to commit a crime. Encrypted communications conceal that activty. In the interest of "National Security", our gov't has te right to ban the practice. If they had the ability to read your traffic, they wouldn't give it a second glance...would they? Even if they do have the ability to read your encrypted traffic, it still consumes resources that should be looking for bad guys and not your love letter to your mistress, for example (I do not imply you have a mistress...only for example sake).

Now, profiling is another tough subject. Let's consider what profiling is all about. You state With that, a suspicious looking (or acting) person not only has to deal with the increased scrutiny attracted, but also can be punished. This can prohibit anything from wearing black trenchcoats to being in the "wrong neighborhood" to carrying a duffel bag around.

To this end, I say, yes, law enforcement does have the right to stop and detain a suspiciously "acting" person. Provided their individuals actions meet the criteria ofprobable cause. Let's consider the crime of terrorism as it applied in the past several weeks. The perps have been described as of being of middle-eastern descent or appearance, clean shaven, limited (if any luggage), purchased one way tickets and attended flight school with the intention of learning how to fly a plane on a level course (in one instance).

Now, that is a profile. When somebody else meets that criteria, you can bet law enforcement will be watching them very carefully. A profile becomes illegal and morally wrong when it singles out a group simply because of their race, religion or ethnicity (i.e. all middle-eastern people or african-american). The banning of all profiling activity, as some are calling for, is counterproductive to law enforcement and national security. Finally, the internet is a public network. There is no implied privacy on the internet. All traffic on the internet is subject to the laws of the land through with the traffic traverses.

FWIW, I don't like the fact that encryption is regulated. Aside from the object of privacy infringement, I'm in the business of providing encryption services and capabilities. These regulations prevent me from making a more substantial profit. I'm also in the business of providing products and services to law enforcement (including encryption). I want to make sure law enforcement has the tools to do their job effectively. The nature of my business, I feel, makes me more in tune with these issues from that particular perspective.

If you lost someone close to you because of a violent crime that, theoretically, was preventable, would you/could you still feel and think the same way? I hope and pray you never have to find out.

[ Parent ]

A clarification (none / 0) (#18)
by Happy Monkey on Fri Sep 21, 2001 at 09:40:03 AM EST

The perps have been described as of being of middle-eastern descent or appearance, clean shaven, limited (if any luggage), purchased one way tickets and attended flight school with the intention of learning how to fly a plane on a level course. ... Now, that is a profile. When somebody else meets that criteria, you can bet law enforcement will be watching them very carefully.

I am not against profiling. A suspicious looking person should attract more attention, especially in a time of crisis. However, I am against a law that clean-shaven people of middle-eastern descent or appearance are prohibited from buying one-way plane tickets or attending flight school, in order to cut down on the work the FBI has to do. People who fit a profile should be investigated, but it should not be illegal to fit a profile.

If you lost someone close to you because of a violent crime that, theoretically, was preventable, would you/could you still feel and think the same way? I hope and pray you never have to find out.

In other words, how would I feel if I was not thinking rationally? Not a very telling question. Personally, I believe I would still feel the same way, but a bit more embittered at the fact that we must choose between freedom and security.
___
Length 17, Width 3
[ Parent ]

Continuation... (none / 0) (#19)
by CyberRonin on Fri Sep 21, 2001 at 11:29:53 AM EST

In other words, how would I feel if I was not thinking rationally?

The loss of a love one and the ensueing grief do not, by themselves, imply a state of non-rational thought. But, without having experienced the events from that perspective and then being able to back away, one truly can't state objectivity. We're all bound by the barriers of our own prejudices and prexisting beliefs. It's easy to be the arm chair or Monday morning quarterback. Or, as Obi-Wan put it "It's the truth...from a certain point of view".

Alone, encryption technology is not evil. Do I think we can stop the terrorists from using encryption to conceal their evil? No. Pandora's box has been opened. The technology is readily available both in and outside of this country. But, its use should be regulated during the time of war or national crisis. It's use should raise an eyebrow or two. But, its use should not imply guilt or criminality.

I am on the fence with regards to key escrow, however. Provided that there is no means to forge an identity when provided the "decryption" key, I may welcome it. My fear is that a compromise of the key bank would jeapordize citizens. The detection of a message that is not readable (under supena, of course), however, should immediately raise red flags.

What I would like to see is a means to provide for key escrow such that:

1) Escrowed keys are distributed among trusted parties using threshold secret sharing techniques. A court order would be required to "open" an encrypted message via a restored key. Unauthorized access to a restored encryption key should only be possible by the collusion of many different individuals. Thus, the parts should be spread among the various branches of gov't and trusted civilian agencies.

2) An encryption message is marked in a way that indicates that it is conforms to the key escrow system AND

3) the message can be decrypted using the restored, registered key AND

4) the mark itself does not reveal anything about the content other than to validate the above three conditions.AND

5) The mark is easy to verify thus reducing the resources needed to check a message.

Digital signatures come close, but not quite it that they only mark the encrypted content as originating from a given party. It does not validate that the content can be decrypted using the registered key. This latter condition is the sticking point. If it were overcome, I probably would endorse a key-escrow system.

Personally, I believe I would still feel the same way, but a bit more embittered at the fact that we must choose between freedom and security.

Now, there is something we can all agree upon!

[ Parent ]

I mostly agree... (5.00 / 1) (#4)
by Happy Monkey on Wed Sep 19, 2001 at 01:38:41 PM EST

1, 2, and 3: Good points.

4: I mostly agree, except for one issue: If a warrant for one person is permission to tap all phones they use, then it is permission to tap ALL phones, on the off chance that a warranted person uses them.

5: There is no such thing as a "trusted third party". No matter how much you trust the EFF, for example, any key repository is hacker bait. If YOUR computer is hacked, and your key stolen, then it is YOUR fault. If your key is stolen from a key repository, there's nothing you could have done. Also, if your key is requested by law enforcement, you are able to make the decision to fight the request, while a key repository is unlikely to fight it.
___
Length 17, Width 3

Disagree (5.00 / 4) (#5)
by truth versus death on Wed Sep 19, 2001 at 04:13:06 PM EST

You can have your freedoms taken. I choose not to surrender mine. I have seen no evidence that any of these suggestions would have had any effect on stopping Tuesday's carnage. They would, however, make life much less free for regular Americans.

"any erection implies consent"-fae
[ Trim your Bush ]
3 and 5 are problems (4.00 / 2) (#8)
by Licquia on Wed Sep 19, 2001 at 06:13:07 PM EST

Sometimes it's not possible to trace people with absolute conviction. Who gets the criminal liability, if anyone, for communication that can't be traced? This is especially important when the tracee isn't doing anything actively to cover his/her tracks; it's just the nature of the particular communication.

More than anonymous remailers would become illegal under 3; it's likely that the whole P2P thing would fall over under such a requirement. Freenet, for one, would be out.

Five is obviously a problem. No one has developed key escrow systems that meet all criteria on the scale necessary for this to work. Thus, a law like this would essentially degrade to something like the old 40-bit encryption laws, except that it would cover use, not export. In an age where "cyberterrorism" is considered a huge threat, we're going to throw away one of the most important tools for defending ourselves?

Give me a break (5.00 / 2) (#9)
by joshv on Thu Sep 20, 2001 at 08:29:04 AM EST

This is all just a smoke screen to hide the fact that the US gov't doesn't even have a single example of the encrypted communications that supposedly took place between the terrorists. Our gov't was caught with it's pants down - they weren't even contemplating evedropping or wiretapping.

So lets hide the fact that this was a huge intelligence failure by blaiming it all on encryption technology. Wonderful. First show me a SINGLE example where key escrow would have prevented this tradgedy.

If non-key escrow systems are outlawed I will be among those practicing civil disobedience and purposefully encrypting my emails with PGP.

-josh



Encryption restriction (2.00 / 1) (#12)
by Ward57 on Thu Sep 20, 2001 at 12:22:46 PM EST

1: No. Can't see why. Some things are far easier to do in software than hardware. 2: Yes, I should have thought so. No fundemental difference between them. 3: Yes. Making this fully possible is more of a long term goal - the law should state something along the lines of "render all possible assistance to investigators searching for the origin of a comunication. 4: Yes. Some sort of rules on what counts as a person's phone would be usefull of course. The number of such wiretaps granted over the preceeding year should be public information, along with the mean, mode, median and total number of months for which they will be active. It should be impossible to grant a wiretap lasting longer than 12 months. 5: The british rip bill states that lack of possesion of the key is a valid excuse, but reverses the burden of proof - encryption user must proove he does not have the key or he's guilty. Guilty until prooven innocent. As you may have noticed, I didn't provide an opinion as to whether 5 was acceptable. I suppose it has to be, but I certainly wouldn't like to see it used much.

Encryption restriction (none / 0) (#13)
by Ward57 on Thu Sep 20, 2001 at 12:25:44 PM EST

1: No. Can't see why. Some things are far easier to do in software than hardware. 2: Yes, I should have thought so. No fundemental difference between them. 3: Yes. Making this fully possible is more of a long term goal - the law should state something along the lines of "render all possible assistance to investigators searching for the origin of a comunication. 4: Yes. Some sort of rules on what counts as a person's phone would be usefull of course. The number of such wiretaps granted over the preceeding year should be public information, along with the mean, mode, median and total number of months for which they will be active. It should be impossible to grant a wiretap lasting longer than 12 months. 5: The british rip bill states that lack of possesion of the key is a valid excuse, but reverses the burden of proof - encryption user must proove he does not have the key or he's guilty. Guilty until prooven innocent. As you may have noticed, I didn't provide an opinion as to whether 5 was acceptable. I suppose it has to be, but I certainly wouldn't like to see it used much.

The legal flaw of key escrow (none / 0) (#15)
by dennis on Thu Sep 20, 2001 at 06:13:53 PM EST

1) You create a public key, and escrow your private key with the government.

2) I create another public key, without escrowing the private key.

3) I send you an email, encrypted to the public key I created. Then delete the key I created.

4) The FBI knocks on your door and says "where's the private key?" You say, "I don't know, I didn't make that public key. I can't decrypt that file."

5) The FBI knocks on my door. I say "Of course I don't have the private key to someone else's public key. So I can't decrypt that file, and I deleted the original."

Either we can't prosecute due to reasonable doubt, or anyone can be easily framed. This idea isn't original with me - people actually did play games like this in Great Britain when they passed a law requiring decryption on demand.

Of course if you do have the public/private key in question on your keyring, you can't deny it's your key - if you want deniability, you have to change keys frequently.

Security (none / 0) (#20)
by squigly on Fri Sep 21, 2001 at 05:56:07 PM EST

How does Alice send a private key to Bob (a key custodian)? Surely Alice would need Bob's public key. But also, it seems that Bob would need to find a third party to look after His own private keys. Even in the simple case, where Alice is Bob's key guardian, Bob would need to send his public key to Alice before Alice could send her private and public keys to Bob which would put Bob in breach of the law for this time.

Authority (none / 0) (#22)
by vectro on Sat Sep 29, 2001 at 12:26:32 PM EST

Well, so the idea behind key escrow is that the government holds a copy of all your private keys. So there's no key exchange problem, because the transaction is completely one-sided.

“The problem with that definition is just that it's bullshit.” -- localroger
[ Parent ]
Have you seen this number? (5.00 / 1) (#21)
by Jetifi on Mon Sep 24, 2001 at 06:18:15 AM EST

Wanted for the crime of multiplication: large primes p and q, for conspiring to produce n, who, in conjunction with an exponent e, did willfully contravene sections 1, 2, 4, and 8 of the Anti-Terrorism Privacy Act 2001, by taking m against his will and raising him to the power of e, modulo n.

A reward of $10,000 is offered for information leading to the multiplicative inverse (aka "d" ) of e, mod phi(n).



Encryption restriction proposals | 22 comments (21 topical, 1 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!