17 July 1998
See also DES Cracker press release
Date: Fri, 17 Jul 1998 09:13:46 -0500 To: John Young <jya@pipeline.com> From: Alan Davidson <abd@CDT.ORG> Subject: NYT: DES is dead; CALEA is crippled FYI: In case you haven't seen them yet, this morning's New York Times includes two important stories about online privacy worth posting. "U.S. Data-Scrambling Code Cracked With Homemade Equipment" describes how a group of California researchers led by John Gilmore and Paul Kocher have built a DES-cracking machine for $250,000. The machine was used this week to crack a 56-bit DES key in 56 hours, and the group expects to make plans for the machine widely available. This is damning evidence of what we all have been saying for years: The 40-bit and 56-bit limits imposed by U.S. export controls will not protect security; certainly a well-financed criminal group could easily break these codes. "F.B.I. Seeks Access to Mobile Phone Locations" reports on the breakdown of the privacy-law enforcement balance crafted by Congress in the CALEA "digital telephony" law. The FBI is seeking to add language to the Justice appropriations bill rewriting the 1994 CALEA statute and the limitations placed on the FBI's ability to require new surveillance capabilities be built in to the phone networks. For example, in 1994 FBI Director Freeh testified that the FBI had no interest in getting even general cellular phone location information; now the FBI is seeking to require telephone companies to provide police agencies with the precise location of cellular phone users, without even probable cause in many cases. ----------- From http://books.nytimes.com/library/tech/98/07/biztech/articles/17encrypt.html July 17, 1998 U.S. Data-Scrambling Code Cracked With Homemade Equipment By JOHN MARKOFF SAN FRANCISCO -- In a 1990s variant of a John Henry-style competition between man and machine, researchers using a homemade supercomputer have cracked the government's standard data-scrambling code in record time -- and have done it by out-calculating a team that had harnessed thousands of computers, including some of the world's most powerful. That breakthrough, in a contest sponsored by a Silicon Valley computer-security software company, is being hailed by critics of U.S. export policy for data-scrambling technology as proof that a well-heeled group of terrorists or other criminals could easily break the code used by many banks, financial institutions and even government agencies. The government has long sought to keep the most powerful scrambling, or encryption, software out of the hands of foreign criminals or terrorists by setting limits on the strength of such software that can be licensed for export. Critics of that policy have argued that not only is more powerful encryption technology already available from foreign producers, but the government-approved version is too weak to truly protect legitimate business users. The code was cracked using a mere $250,000 worth of equipment. The type of encryption that was broken, known as DES, for Data Encryption Standard, has traditionally been used by banks and other financial institutions for protecting the transmission of funds and other transactions requiring high security. It has also been used in certain instances by the U.S. military. The form of DES that was broken uses a 56-bit key, far more secure than the 40-bit keys that the government allows to be exported. Because of concerns about security, however, many business users are increasingly employing a more robust form, called Triple DES, in which the length of the digital key that unlocks the scrambled data is only three times as large but exponentially more secure. Triple DES has never been broken. "This is more evidence that the government's crypto policy has been overtaken by technology," said Marc Rotenberg, director of the Electronic Privacy Information Center, a privacy-rights group in Washington. "It's about time to end the limits on strong encryption techniques." The winners of the $10,000 prize -- given by the contest's sponsor, RSA Data Security Inc. -- were John Gilmore, a computer privacy and civil liberties activist, and Paul Kocher, a 25-year old cryptographer who has gained notoriety in recent years for clever attacks on security systems, including those designed to protect smart cards and Internet software. Gilmore and Kocher were able to unscramble the key to unlock and read a single block of scrambled data in 56 hours. Their home-made machine beat a network of almost 20,000 computers, ranging from desktop PCs to multimillion-dollar supercomputers working cooperatively in a scheme known as distributed processing. Under almost all encryption schemes, each message is scrambled in a different way. Thus, breaking the key to the contest message did not give them access to other messages scrambled with DES. The government has long asserted that it would not be possible for a terrorist or other criminal group to design and make a computer capable of cracking DES. To prove that building a supercomputer would be within the means of many sinister groups, Gilmore assembled his computer for $250,000 from thousands of customized chips capable of testing more than 90 billion different keys each second. "The real news here is how long the government has been denying that these machines were possible," said Bruce Schneier, a cryptography consultant and president of Counterpane Systems in Minneapolis. The effort was financed by the Electronic Frontier Foundation, a San Francisco-based civil liberties and privacy organization that has sparred with government and industry over the impact of new technologies on traditional civil liberties. Gilmore, who was a co-founder of the foundation and who for years has been active in promoting privacy and civil liberties issues on the Internet, was the first employee of Sun Microsystems Inc., a computer company founded in 1984. In recent years he has been an outspoken advocate for traditional privacy rights in cyberspace, which he believes are threatened by the potential for government abuse of powerful new technologies. The computer was designed by Gilmore and Kocher, who ultimately assembled a team of about a dozen computer researchers to build the machine from more than 1,000 chips, each designed to test millions of the mathematical keys that can unlock a scrambled message. The chips and the circuit boards on which they were mounted -- 27 boards each holding 64 chips -- were installed in several old Sun computer chassis. The boards were linked by a simple cable to a standard personal computer that controlled the entire process. In recent years the growing power of personal computers and the ability to hook inexpensive computers together has made cracking DES far less daunting to organizations with limited resources. In 1997, RSA Data Security Inc., a Silicon Valley software company, offered a prize to the first person or organization that successfully cracked a DES scrambled message. The prize was claimed within five months by a loosely connected group of computers scattered around the Internet. In early 1998, the prize was offered again, and it was claimed in 39 days. Gilmore named his custom chip Deep Crack, a tongue-in-cheek allusion to IBM's chess-playing Deep Blue. Each Deep Crack chip is a collection of 21 special units capable of performing a DES encryption on a character millions of times a second. After each unit completes a scrambling operation it checks its result against a table to determine if it has found an "interesting result" -- that is, a letter or a number that could possibly be part of a complete message. On Wednesday evening, after checking billions of keys, the computer was able to determine that the message that had been hidden by the RSA judges was: "It's time for those 128-, 192-, and 256-bit keys." To unscramble the message, it had to try 17,902,806,669,197,312 keys, or about 25 percent of all the possible combinations. Copyright 1998 The New York Times Company From http://books.nytimes.com/library/tech/98/07/biztech/articles/17tap.html July 17, 1998 F.B.I. Seeks Access to Mobile Phone Locations By JOHN MARKOFF Director Louis J. Freeh of the F.B.I. has asked members of the Senate Appropriations Committee to append to the Justice Department appropriations bill language that would require telephone companies to provide police agencies with the precise location of cellular phone users, in some cases without a court order. After learning last week of Freeh's meeting with committee members, civil liberties groups and the telecommunications industry began marshaling opposition. Privacy advocates say the proposal is a dangerous and unconstitutional invasion of privacy, and the telecommunications industry predicts that implementing such a law would cost billions of dollars. On Friday, Attorney General Janet Reno will meet with William Kennard, the director of the Federal Communications Commission to make the F.B.I.'s case that such legislation is needed if the agency is to stay current with an evolving technology that enables criminals to use mobile phones to avoid detection. Most alarming to civil liberties advocates is a provision in the proposed amendment that would allow police agencies to demand the location of a cellular phone user without a court order in certain "emergencies," defined broadly as the suspicion of a felony, the pursuit of a fugitive or instances in which human safety is deemed to be in jeopardy. The proposed amendment would also streamline the legislative review process, narrowing the opportunity for public comment. Under the 1994 law, that process is now overseen by the F.C.C. Among the issues that fall under that review process are the limits of surveillance by police agencies on future data networks. The advanced technology that would enable the kind of tracking that the F.B.I. is seeking is now being deployed nationwide to permit 911 emergency services centers to ascertain the exact physical locations of cellular callers. Such systems use a triangulation scheme that measures variances in signal strength to calculate the location of a phone user within an area roughly equal to that of a football field. But while the 911 centers would only track a caller who had dialed for emergency help, the technology permits phone companies to get location information on any cellular phone that is turned on and operating within the cellular network, whether or not the user is actually making a call. It is this information to which the F.B.I. is demanding access. Civil liberties scholars and cellular telephone industry executives say they believe that the agency has crossed an important line and is asking for broad new powers that potentially raise a "Big Brother" specter. "This is Orwellian," said Tom Wheeler, president of the Cellular Telephone Industry Association. "This is about revising the Bill of Rights via a Congressional appropriations bill." The proposal has also raised concerns among constitutional scholars who view the language of the proposed amendment as overly broad and a violation of the Fourth Amendment's protections against illegal searches. "This is very close to a dragnet search, and I'm not clear you should be able to do this even with a warrant," said Richard Epstein, a professor at the University of Chicago Law School. "I think they've gone too far on this one." Privacy groups and industry executives also criticized the proposal because it would strip away congressionally mandated public oversight. "They are trying to eliminate the whole concept of public accountability," said James Dempsey, a telecommunications expert at the Center for Democracy and Technology, a privacy rights group based in Washington. F.B.I. officials insist that the agency is merely trying to keep up with rapidly changing technology that is confounding law-enforcement agencies with new communications systems. "We attempted to balance privacy concerns with the needs of law enforcement," said Barry Smith, a spokesman for the F.B.I. "We're just as concerned about protecting the Fourth Amendment as anyone else. But when this is needed to solve a crime, we need to get the information." Privacy rights groups have been particularly angered because until recently, F.B.I. officials had stated publicly that law-enforcement agencies had no interest in precise location information. Now, however, the agency is saying that because changing technology has made such information possible, law-enforcement officials should have access to it. Copyright 1998 The New York Times Company