8 September 1997 -------------------------------------------------------------------------------------- 8 September 1997, ZDNet News: Is Big Brother Right Around the Corner? The issues seem simple, the technology complex. Yet the current debate in Congress, spurred by the introduction of the Secure Public Networks Act, goes beyond a simple choice between safer streets or better privacy. The act could signal a brave new world of governmental power. "The idea that we should deny (ourselves) basic rights to make it easier to catch a few criminals is ludicrous," said Bruce Schneier, president of security firm Counterpane Security, and author of the book Applied Cryptography. "The bad far out weighs the good in this bill." Comments by FBI Director Louis Freeh to Congress calling for limits on domestic encryption product on Wednesday had privacy and free-speech advocates imagining a future of Big Brotherhood. Freeh's statements had been made as part of expert testimony to the Senate subcommittee on Technology, Terrorism and Government Information, as part of the subcommittee's consideration of the Secure Public Networks Act. The act -- introduced by Senators John McCain (R-Ariz.) and Bob Kerrey (D-Neb.) -- mandates that all encryption software have a back door, to which the government will be allowed access. Many factions in Congress, supported by law enforcement officials, see the need for the storage of encryption keys to facilitate access to data -- a method called "key escrow." In an analysis of the bill, the Center for Democracy and Technology, a watchdog group based in Washington, stated that it puts the government above the people. "The (McCain-Kerrey bill and a bill proposed by the Clinton Administration) require any third-party holding decryption keys to surrender them in response to a mere subpoena, issued without judicial approval and without notice to the encryption user," stated the report. During his testimony, Freeh defended the requirement, stating that law enforcement needed quick access to user data. "What we need as a minimum is a feature ... that will allow law enforcement to have immediate access to encrypted information," he told the subcommittee. "This can be done in a voluntary manner or ... a mandatory manner." Encryption specialist Dorothy Denning, a professor of Computer Science at Georgetown University, supported the need of law enforcement to somehow deal with encryption. "We are at the leading edge of what could become a serious threat to law enforcement," she said in her testimony to the Senate subcommittee on Wednesday. Denning stopped short of any recommendations, however. Still, according to findings reported by Denning and co-researcher and consultant William Baugh, Jr., 100 U.S. crime cases contained an element of encryption in 1996. According to Freeh's numbers, 12 of those cases were significantly slowed by the inability to decrypt possibly important data. While small, the number of cases with encryption will grow 50 to 100 percent a year, predicted Denning. Does this give the government the right to spy? Many experts say no. They don't believe the government can be trusted to use the keys properly, or even to safeguard access to them. "It means our privacy is at the pleasure of the government," said Counterpane's Schneier. "Worse, the danger (of keys being leaked) is enormous -- to me, it is certain. Any government project that big cannot be built securely." Lack of trust in the government has an unfortunate basis in fact. In California, the Department of Motor Vehicles revealed earlier this summer that some employees had been selling the names and addresses of registered drivers. Supermarkets used the information to create a mailing list of customers at rival supermarkets. A similar leak of an escrowed key could cause immeasurable damage to a citizen or business. While the issues seem new, in fact they have been dealt with before. The framers of the Constitution knew about the benefits of encryption. "It is well known that Thomas Jefferson and James Madison encoded their letters to protect the contents," said Bob Kohn, general manager and vice consul for cryptography software firm Pretty Good Privacy Inc. Freeh had made several comments that encryption demands that we rethink the Fourth Amendment of the Constitution. Yet the Amendment is there to protect basic rights. "Today, you have a right to remain silent," said Kohn. "They may be able to seize your property, but you can keep the passwords." If the bill passes, tomorrow, you may not have that right. ---------- 8 September 1997, ZDNet News: Industry Blasts Domestic Key-escrow Proposal Wednesday's calls by the FBI chief and several senators for a key recovery plan for data-scrambling software used within the United States drew sharp criticism from the IT industry and cyberactivists, who said new controls on the domestic use of encryption tools would violate citizens' privacy rights. Officials from software makers including Netscape Communications Corp. and Sybase Inc. said the proposal from Louis Freeh, director of the Federal Bureau of Investigation, could represent a troubling shift away from the Clinton administration's earlier policy statements on key escrow. White House officials said again today, that the Clinton administration officially opposes domestic key-escrow schemes. Netscape public policy Vice President Peter Harter said in a statement that if a move was undertaken to give government officials keys to encryption software used in the United States, it could stymie the growing industry for Internet- related products and services. For Internet users, the specter of a Big Brother holding the key to their encrypted E-mail messages could chill the use of the medium, Harter and others said. What's more, a protracted fight between the government and the IT industry on crypto standards would mean major financial losses for software companies, Harter said. Sybase's director of communications security, Tom Parenty, maintained that strong encryption software has more potential as a crime fighter than as a tool for criminals, as FBI officials allege. "There is no substitute for widespread, strong cryptography in preventing crime aimed at computer networks," Parenty noted. But crime prevention is precisely the goal of FBI Director Freeh, who told the Senate Judiciary subcommittee on technology, terrorism and government information Wednesday that without a domestic key-recovery mechanism, "our ability to investigate and sometimes prevent the most serious crimes and terrorism will be severely impaired." Freeh told the subcommittee that he supports requiring manufacturers of encryption tools to make decryption keys available to police during criminal investigations. The proposal gained the support of Sen. Dianne Feinstein, a California Democrat, and Sen. John Kyl, an Arizona Republican who heads the technology, terrorism and government subcommittee. Officials from the Electronic Frontier Foundation said the proposal should set off alarms throughout the Internet community, since encryption allows Netizens to speak privately and to protect the integrity of online financial transactions, said Shari Steele, staff counsel at the EFF. ---------- 8 September 1997, ZDNet News: Silicon Valley says 'we don't believe it' to Clinton Silicon Valley leaders cast a critical eye on a Clinton official who came to town to tout the administration's new Internet policy. Senior White House advisor Ira Magaziner pushed the laissez-faire plan before members of the American Electronics Association trade group Thursday night, but many technology officials wonder if the government will keep its promise to keep its hands off the Web. "I don't believe it," said Cypress Semiconductor Corp. Chief Executive T.J. Rodgers, who's been a vocal critic of the plan. "I think we're going to go back to politics as usual." The administration's Framework for Global Electronic proposes self-regulated, tax-free Internet commerce, and it urges the industry to adopt a global perspective as it defines its own policy and standards. "What we need is a break with the past," Magaziner told AEA members. "Electronic commerce as it develops should be a market-driven industry, not a regulated industry." But many in the audience questioned whether the government would stick to its promise of no new federal taxes on the Internet. Rodgers said federal officials won't be able to resist taxing Internet commerce once it becomes lucrative, comparing the government to a monster that needs food. "You and me, Bill Gates, as soon as anyone starts making money on this thing, they're gonna get fed," Rodgers said. "The animal needs food." Others were more supportive of the plan, calling it a first step in the right direction. AEA Chairman George Sollman, who is also vice chairman of Centigram Communications Corp., proposed adopting the report as an Internet Bill of Rights to guide the industry. However, he urged the government to relax its encryption policies first. "We very much support this document, but we have some issues about how encryption might be implemented," Sollman said. Despite its hands-off approach to regulating the Web, the government has taken a hard line on encryption, or the scrambling of data to prevent hackers from reading it. U.S. policy prevents the export of strong encryption products unless they contain a way for federal officials to unscramble the code. They say the policy prevents criminals like terrorists and pornographers from transmitting illegal material over the Internet. But many said the tough encryption policy could hinder American companies selling their products abroad. AEA Chairman Sollman said foreign companies might be leery of buying software from American companies if U.S. officials have the keys, or code, to decipher scrambled messages. "Would an American company buy software from the Japanese where the Japanese government had access to key recovery?" Sollman asked. Technology officials also urged the government to take up the issues of software piracy abroad and frivolous lawsuits. ----------