[ISN] Encryption dealt a blow (9/09/1998)

From: mea culpa (jerichot_private)
Date: Fri Sep 11 1998 - 13:35:34 PDT

  • Next message: mea culpa: "[ISN] DCSB: Burning the Jolly Roger; Internet Anti-Piracy Technology"

      This message is in MIME format.  The first part should be readable text,
      while the remaining parts are likely unreadable without MIME-aware tools.
      Send mail to mimet_private for more info.
    Content-Type: TEXT/PLAIN; CHARSET=us-ascii
    Content-ID: <Pine.SUN.3.96.980911143201.5335mt_private>
    Forwarded From: darek milewski <darekmt_private>
    Posted at 8:23 p.m. PDT Wednesday,
    September 9, 1998
    Encryption dealt a blow : Terrorists deal a blow to exports
    BY JIM PUZZANGHERA                
    WASHINGTON -- The terrorist attacks on U.S.  embassies in Africa last
    month that killed 263 people also might have had a less dramatic casualty: 
    attempts by the high-tech industry to export strong encryption software
    anytime soon. 
    Industry officials want permission to sell the software overseas without
    restrictions so they don't fall behind foreign companies that are also
    developing ways to encode information. Such encryption software, which
    allows only the sender and receiver to decode the text, is becoming
    crucial as more and more sensitive financial information courses through
    the Internet. 
    But the U.S. government doesn't allow the export of most encryption
    software, and concern about terrorism is a big reason. 
    Law enforcement and national security officials have worried aloud that
    terrorist networks could use encryption to mask their plans from
    authorities.  The FBI's discovery of encrypted files in the laptop
    computer of Ramzi Yousef, the convicted mastermind of the 1993 bombing of
    the World Trade Center in New York, provided fuel for that fire. The files
    outlined plans to blow up 11 U.S.-owned commercial airliners. 
    The embassy attacks in Kenya and Tanzania, and the concerns of heightened
    terrorist activity following the U.S.  retaliatory strikes in Sudan and
    Afghanistan, add additional kindling to the debate: fresh, horrific images
    of terrorism's deadly toll and the tangible fears of more to come. 
    The Clinton administration has been trying to broker a compromise on the
    issue, revolving around some sort of back door in the software that would
    allow access by authorities investigating crimes. High-tech industry
    representatives argue that such access would make financial transactions
    and other commercial exchanges of information on the Internet susceptible
    to hackers. 
    Legislation languishing
    Legislation that has been languishing in the House of Representatives
    since last year would allow the export of strong encryption software
    without any backdoor access. The House returned from summer recess
    Tuesday, but prospects that it will act on the legislation this fall are
    now virtually dead. The bombing is one reason. 
    ``In light of a renewed wave of terrorist attacks, I don't think you can
    cite them as being isolated incidents,'' said Mike Power, an aide to Rep.
    Gerald Solomon, R-N.Y. The congressman has been opposed to loosening
    encryption export restrictions and has used his powerful position as Rules
    Committee chairman to block a vote on the bill. The bombings show ``you
    can't just dismiss these security concerns,'' Power said. 
    Those who support broad encryption exports said the embassy bombings could
    make it more difficult to overcome such opposition. 
    ``Do I think that those who do not support the reform of encryption policy
    in our country would use the tragedies that occurred in Africa? You bet
    they would. . . . Past terrorist attacks have been used in the debate, so
    why not use the current one?'' said Rep. Anna Eshoo, D-Palo Alto, a
    co-sponsor of the House legislation. ``The detractors use this time and
    time again as an issue, and it's a very provocative one.''
    But it's a legitimate one, according to Barry Smith, who heads up the
    FBI's encryption policy unit. 
    ``U.S. law enforcement wants to see U.S.  encryption products dominate the
    world market, but we're also very cognizant of the fact that commercially
    available encryption products can and will be used for criminal
    purposes,'' he said. 
    In fact, in a report last year for the National Strategy Information
    Center's U.S. Working Group on Organized Crime, two researchers estimated
    there had been at least 500 cases worldwide in which criminals have used
    encryption in some way. The study said those numbers were growing at a
    rate of 50 percent to 100 percent a year. 
    Access demanded
    The law enforcement community's one requirement for encryption software is
    that there be some way to get access to decoded, plain text of encrypted
    files without the cooperation or knowledge of the person under
    investigation, Smith said. However industry can figure out a way to do
    that would be fine with authorities, he said. 
    One possible solution is known as ``key escrow'' or ``key recovery,'' in
    which a key to unlock encrypted messages is left with a trusted third
    party, such as a bank, so that law enforcement with court approval could
    use it when necessary.  The industry and privacy advocates oppose that
    approach, arguing the key could be stolen or misused. 
    Sen. Dianne Feinstein, D-Calif., a major player in the encryption debate
    and a supporter of strong export controls, said a delay in congressional
    action may be a good thing, allowing industry to find a technology that
    satisfies both sides. 
    ``I really believe there is an answer to this. We may not know what it is
    at the moment,'' said Feinstein, who in June organized a meeting among
    high-tech industry leaders, Attorney General Janet Reno and FBI Director
    Louis Freeh.  ``Delay works toward a much more beneficial solution for
    But those delays allow foreign companies to catch up, and surpass, U.S. 
    companies, industry officials said.  That's especially frustrating because
    it negates the major argument by opponents to encryption exports: If the
    software is available from companies abroad, the U.S. export policy
    doesn't prevent terrorists or other criminals from obtaining encryption. 
    ``Each passing day increases the chances the U.S. will fall behind,'' said
    Jeffrey H. Smith, counsel for Americans for Computer Privacy, a computer
    industry lobbying group that has been pushing hard for a loosening of
    encryption export regulations. ``There are such a large number of
    encryption products available in the world today that it's virtually
    impossible to keep encryption out of the hands of terrorists and narcotics
    traffickers and organized crime.''
    Unilateral action
    The Clinton administration can ease export restrictions without
    congressional action. It did that in a small way in July, when the
    Commerce Department announced it would allow encryption to be sold to
    financial institutions in 45 countries that have acceptable laws against
    money laundering. But Congress could legislate its own changes to the
    The Commerce Department plans to make another policy announcement
    regarding encryption exports later this month. But it's highly unlikely to
    drop all export restrictions on encryption, as the high-tech industry
    wants. More likely is another limited move, such as an extension of the
    exception it made in July to some other business sectors. 
    That leaves the high-tech industry still looking for solutions and trying
    to avoid the fears triggered by the embassy bombings. 
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:04:00 PDT