[ISN] Red Brigades' PDAs highlight encryption controversy

From: InfoSec News (isnat_private)
Date: Sat May 24 2003 - 00:24:19 PDT

  • Next message: InfoSec News: "[ISN] Moderators note: Infosec News Book Giveaway"

    http://www.computerworld.com/securitytopics/security/story/0,10801,81486,00.html
    
    By Philip Willan
    IDG News Service
    MAY 23, 2003
    
    ROME -- Italian police have seized at least two Psion handheld devices
    from members of the Red Brigades terrorist organization, but the major
    investigative breakthrough they were hoping for as a result of the
    information contained on the devices has been thwarted by encryption
    software used by the left-wing revolutionaries.
    
    The failure to crack the code, despite the reported assistance of FBI
    computer experts, puts a spotlight on the controversy over the wide
    availability of powerful encryption tools.
    
    The Psion devices were seized March 2 after a shootout on a train
    traveling between Rome and Florence, Italian media and sources close
    to the investigation said. The devices, believed to number two or
    three, were seized from Nadia Desdemona Lioce and her Red Brigades
    comrade Mario Galesi, who was killed in the shootout. An Italian
    police officer was also killed. At least one of the devices contains
    information protected by encryption software and has been sent for
    analysis to the FBI facility in Quantico, Va., news reports and
    sources said.
    
    The FBI declined to comment on ongoing investigations, and Italian
    authorities wouldn't reveal details about the information or equipment
    seized during the shootout.
    
    The software separating the investigators from a potentially
    invaluable mine of information about the shadowy terrorist group was
    Pretty Good Privacy (PGP), the Rome daily La Repubblica reported. So
    far, the system has defied all efforts to penetrate it, the paper
    said.
    
    Palm devices can run PGP only if they use the Palm OS or Windows CE
    operating system, said Phil Zimmermann, who developed the encryption
    software in the early 1990s. Psion PLC uses its own operating system,
    known as Epoc, but it might still be possible to use PGP as a
    third-party add-on, a spokesman for the British company said.
    
    There is no way that the investigators will succeed in breaking the
    code with the collaboration of the current manufacturers of PGP, Palo
    Alto, Calif.-based PGP Corp., Zimmermann said in a telephone
    interview.
    
    "Does PGP have a back door? The answer is no, it does not," he said.  
    "If the device is running PGP, it will not be possible to break it
    with cryptanalysis alone."
    
    Investigators would need to employ alternative techniques, such as
    looking at the unused area of memory to see if it contained remnants
    of plain text that existed before encryption, Zimmermann said.
    
    The investigators' failure to penetrate the PDAs' encryption provides
    a good example of what is at stake in the privacy-vs.-security debate,
    which has been given renewed attention since the Sept. 11 terrorist
    attacks in the U.S.
    
    Zimmermann remains convinced that the advantages of PGP, which was
    originally developed as a human rights project to protect individuals
    against oppressive governments, outweigh the disadvantages.
    
    "I'm sorry that cryptology is such a problematic technology, but there
    is nothing we can do that will give this technology to everyone
    without also giving it to the criminals," he said. "PGP is used by
    every human rights organization in the world. It's something that's
    used for good. It saves lives."
    
    Nazi Germany and Stalin's Soviet Union are examples of governments
    that had killed far more people than all the world's criminals and
    terrorists combined, Zimmermann said. It was probably technically
    impossible, Zimmermann said, to develop a system with a back door
    without running the risk that the key could fall into the hands of a
    Saddam Hussein or a Slobodan Milosevic, the former heads of Iraq and
    Yugoslavia, respectively.
    
    "A lot of cryptographers wracked their brains in the 1990s trying to
    devise strategies that would make everyone happy, and we just couldn't
    come up with a scheme for doing it," he said.
    
    "I recognize we are having more problems with terrorists now than we
    did a decade ago. Nonetheless, the march of surveillance technology is
    giving ever-increasing power to governments. We need to have some
    ability for people to try to hide their private lives and get out of
    the way of the video cameras," he said.
    
    Even in the wake of Sept. 11, Zimmermann retains the view that strong
    cryptography does more good for a democracy than harm. His personal
    Web site contains letters of appreciation from human rights
    organizations that have been able to defy intrusion by oppressive
    governments in Guatemala and Eastern Europe thanks to PGP. One letter
    describes how the software helped to protect an Albanian Muslim woman
    who faced an attack by Islamic extremists because she had converted to
    Christianity.
    
    Zimmermann said he had received a letter from a Kosovo man living in
    Scandinavia describing how the software had helped the Kosovo
    Liberation Army in its struggle against the Serbs. On one occasion, he
    said, PGP-encrypted communications helped in coordinating the
    evacuation of 8,000 civilians trapped by the Serbs in a Kosovo valley.  
    "That could have turned into another mass grave," Zimmermann said.
    
    Italian investigators have been particularly frustrated by their
    failure to break into the captured Psions because so little is known
    about the new generation of Red Brigades. The terrorist group
    destabilized Italy during the 1970s and 1980s, assassinating
    politicians, businessmen and security officials and terrorizing the
    population by "knee-capping," or shooting perceived opponents in the
    legs. It revived its practice of political assassination in 1999, and
    since then, the terrorists have shot dead two university professors
    who advised the government on labor law reform.
    
    Zimmermann isn't optimistic about the investigators' chances of
    success. "The very best encryption available today is out of reach of
    the very best cryptanalytic methods that are known in the academic
    world, and it's likely to continue that way," he said.
    
    Sources close to the investigation have suggested that investigators
    may have to turn to talented hackers for help in breaking into the
    seized devices. One of the magistrates coordinating the inquiry
    laughed at mention of that idea. "I can't say anything about that,"  
    he said.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Sat May 24 2003 - 02:07:21 PDT