12 July 1998: Link to DirFBI response
6 July 1998
Source: Hardcopy The New York
Times, July 6, 1998, p. A10.
[Lead Editorial]
As more and more Americans communicate and do business electronically, the fear is spreading that information they transmit can be seized by hackers or criminals and used for illegal or unsavory purposes. Fortunately, the technology to thwart such invasions already exists. It is called encryption, or the encoding of digital information to secure its privacy. But the Federal Bureau of Investigation is trying hard to prevent the growing use of encryption, both in the United States and abroad, because of fears that the protective technology itself will get into the wrong hands. That shortsighted stand will undermine efforts to protect commercial transactions and may actually hamper law enforcement rather than help it.
The Clinton Administration's current policies toward encryption have been largely dictated by the F.B.I. and the Justice Department. These two agencies now block encryption makers from exporting their most advanced technology unless they agree to develop a method allowing law enforcement agencies to gain access to it. The method favored by the F.B.I. is known as the key escrow, in which the key to cracking a code is kept with a third party that could hand it over quickly if law enforcement agencies demanded it.
But the key escrow method poses tremendous threats to privacy. There is a danger that access to keys for the code could be abused by law enforcement agencies and others. Worse, the United States would be required to share key escrow information with law enforcement agencies of other countries, and giving access to private communications to countries with poor human rights records could lead to crackdowns on dissidents using encryption for their own communications.
According to industry officials, the export controls are already backfiring. More and more foreign companies are supplying encryption technologies without key escrow arrangements, making it virtually impossible for the F.B.I. to eavesdrop and stealing business from American firms. The growing foreign role diminishes the ability of the F.B.I. to demand new safeguards or ways to penetrate the communications of criminals who use encryption.
President Clinton might normally be more sympathetic to concerns over maintaining privacy in the digital world. But since Attorney General Janet Reno has protected Mr. Clinton from an independent counsel on campaign finance, the White House is said to be loath to oppose either her or Louis Freeh, the F.B.I. Director, on this issue.
On Capitol Hill, the debate over encryption has created some unusual political alliances. Many conservative Republicans have stood with leaders of the high-tech industry to oppose any kind of ban on encryption within the United States and to support a loosening of export controls on encryption technology. It has been odd to see Trent Lott, the Senate majority leader, and Dick Armey, the House majority leader, stand with civil libertarians against the demands of the F.B.I. But the F.B.I. is not without influence. House Speaker Newt Gingrich, more friendly to the agency, has prevented a bill encouraging greater use of encryption from coming to a vote in the House.
The concerns of law enforcement agencies are legitimate. But smart criminals are already using encryption, some of which is readily available on the Internet. That was the message conveyed only a few weeks ago by such unlikely allies as Bill Gates of Microsoft and Jim Barksdale of Netscape, who are on opposite sides in the Justice Department's antitrust lawsuit against Microsoft but agree on this issue.
The F.B.I. should give up its losing fight against encryption and work with industry to develop new means to catch criminals who use it. One approach under discussion would be to develop software technology that could be surreptitiously placed in a suspect's computer to capture keystrokes before they are encrypted. Any such operation would have to be carried out under strict court control as the electronic equivalent of a search warrant. But law enforcement agencies have to find a legal and ethical way to stay ahead of technology, rather than stand in the way of it. Trying to block advances in the digital age is futile.
[End]
JYA
Would any of the members of the NAS CRISIS cryptography study panel know
if keystroke surveillance one of the technologies proposed for the FBI as
an alternative to GAK?
Could this technology to be covertly placed in all keyboards for activation
say, by remote control, or via a program/device on the Internet?
Recall the various proposals for putting hardware encryption in keyboards,
with the possibility of covert GAK.
See Dave Emory response to query:
http://jya.com/gaks-de.htm