Next message: mea culpa: "[ISN] DCSB: Burning the Jolly Roger; Internet Anti-Piracy Technology"
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime�t_private for more info.
--------------7AF418AC19FF5E72B9CFFF6B
Content-Type: TEXT/PLAIN; CHARSET=us-ascii
Content-ID: <Pine.SUN.3.96.980911143201.5335m�t_private>
Forwarded From: darek milewski <darekm�t_private>
http://www.sjmercury.com/business/center/encrypt0910.htm
Posted at 8:23 p.m. PDT Wednesday,
September 9, 1998
Encryption dealt a blow : Terrorists deal a blow to exports
BY JIM PUZZANGHERA
WASHINGTON -- The terrorist attacks on U.S. embassies in Africa last
month that killed 263 people also might have had a less dramatic casualty:
attempts by the high-tech industry to export strong encryption software
anytime soon.
Industry officials want permission to sell the software overseas without
restrictions so they don't fall behind foreign companies that are also
developing ways to encode information. Such encryption software, which
allows only the sender and receiver to decode the text, is becoming
crucial as more and more sensitive financial information courses through
the Internet.
But the U.S. government doesn't allow the export of most encryption
software, and concern about terrorism is a big reason.
Law enforcement and national security officials have worried aloud that
terrorist networks could use encryption to mask their plans from
authorities. The FBI's discovery of encrypted files in the laptop
computer of Ramzi Yousef, the convicted mastermind of the 1993 bombing of
the World Trade Center in New York, provided fuel for that fire. The files
outlined plans to blow up 11 U.S.-owned commercial airliners.
The embassy attacks in Kenya and Tanzania, and the concerns of heightened
terrorist activity following the U.S. retaliatory strikes in Sudan and
Afghanistan, add additional kindling to the debate: fresh, horrific images
of terrorism's deadly toll and the tangible fears of more to come.
The Clinton administration has been trying to broker a compromise on the
issue, revolving around some sort of back door in the software that would
allow access by authorities investigating crimes. High-tech industry
representatives argue that such access would make financial transactions
and other commercial exchanges of information on the Internet susceptible
to hackers.
Legislation languishing
Legislation that has been languishing in the House of Representatives
since last year would allow the export of strong encryption software
without any backdoor access. The House returned from summer recess
Tuesday, but prospects that it will act on the legislation this fall are
now virtually dead. The bombing is one reason.
``In light of a renewed wave of terrorist attacks, I don't think you can
cite them as being isolated incidents,'' said Mike Power, an aide to Rep.
Gerald Solomon, R-N.Y. The congressman has been opposed to loosening
encryption export restrictions and has used his powerful position as Rules
Committee chairman to block a vote on the bill. The bombings show ``you
can't just dismiss these security concerns,'' Power said.
Those who support broad encryption exports said the embassy bombings could
make it more difficult to overcome such opposition.
``Do I think that those who do not support the reform of encryption policy
in our country would use the tragedies that occurred in Africa? You bet
they would. . . . Past terrorist attacks have been used in the debate, so
why not use the current one?'' said Rep. Anna Eshoo, D-Palo Alto, a
co-sponsor of the House legislation. ``The detractors use this time and
time again as an issue, and it's a very provocative one.''
But it's a legitimate one, according to Barry Smith, who heads up the
FBI's encryption policy unit.
``U.S. law enforcement wants to see U.S. encryption products dominate the
world market, but we're also very cognizant of the fact that commercially
available encryption products can and will be used for criminal
purposes,'' he said.
In fact, in a report last year for the National Strategy Information
Center's U.S. Working Group on Organized Crime, two researchers estimated
there had been at least 500 cases worldwide in which criminals have used
encryption in some way. The study said those numbers were growing at a
rate of 50 percent to 100 percent a year.
Access demanded
The law enforcement community's one requirement for encryption software is
that there be some way to get access to decoded, plain text of encrypted
files without the cooperation or knowledge of the person under
investigation, Smith said. However industry can figure out a way to do
that would be fine with authorities, he said.
One possible solution is known as ``key escrow'' or ``key recovery,'' in
which a key to unlock encrypted messages is left with a trusted third
party, such as a bank, so that law enforcement with court approval could
use it when necessary. The industry and privacy advocates oppose that
approach, arguing the key could be stolen or misused.
Sen. Dianne Feinstein, D-Calif., a major player in the encryption debate
and a supporter of strong export controls, said a delay in congressional
action may be a good thing, allowing industry to find a technology that
satisfies both sides.
``I really believe there is an answer to this. We may not know what it is
at the moment,'' said Feinstein, who in June organized a meeting among
high-tech industry leaders, Attorney General Janet Reno and FBI Director
Louis Freeh. ``Delay works toward a much more beneficial solution for
everyone.''
But those delays allow foreign companies to catch up, and surpass, U.S.
companies, industry officials said. That's especially frustrating because
it negates the major argument by opponents to encryption exports: If the
software is available from companies abroad, the U.S. export policy
doesn't prevent terrorists or other criminals from obtaining encryption.
``Each passing day increases the chances the U.S. will fall behind,'' said
Jeffrey H. Smith, counsel for Americans for Computer Privacy, a computer
industry lobbying group that has been pushing hard for a loosening of
encryption export regulations. ``There are such a large number of
encryption products available in the world today that it's virtually
impossible to keep encryption out of the hands of terrorists and narcotics
traffickers and organized crime.''
Unilateral action
The Clinton administration can ease export restrictions without
congressional action. It did that in a small way in July, when the
Commerce Department announced it would allow encryption to be sold to
financial institutions in 45 countries that have acceptable laws against
money laundering. But Congress could legislate its own changes to the
guidelines.
The Commerce Department plans to make another policy announcement
regarding encryption exports later this month. But it's highly unlikely to
drop all export restrictions on encryption, as the high-tech industry
wants. More likely is another limited move, such as an extension of the
exception it made in July to some other business sectors.
That leaves the high-tech industry still looking for solutions and trying
to avoid the fears triggered by the embassy bombings.
--------------7AF418AC19FF5E72B9CFFF6B--
-o-
Subscribe: mail majordomo�t_private with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30
: Fri Apr 13 2001 - 13:04:00 PDT