Return-Path: <sentto-279987-2357-1001460208-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Tue, 25 Sep 2001 16:25:11 -0700 (PDT) Received: (qmail 8103 invoked by uid 510); 25 Sep 2001 23:23:48 -0000 Received: from n29.groups.yahoo.com (216.115.96.79) by 204.181.12.215 with SMTP; 25 Sep 2001 23:23:48 -0000 X-eGroups-Return: sentto-279987-2357-1001460208-fc=all.net@returns.onelist.com Received: from [10.1.4.55] by b05.egroups.com with NNFMP; 25 Sep 2001 23:23:29 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_3_2_2); 25 Sep 2001 23:23:28 -0000 Received: (qmail 56638 invoked from network); 25 Sep 2001 23:23:27 -0000 Received: from unknown (10.1.10.142) by l9.egroups.com with QMQP; 25 Sep 2001 23:23:27 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 25 Sep 2001 23:23:27 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id QAA03780 for iwar@onelist.com; Tue, 25 Sep 2001 16:23:27 -0700 Message-Id: <200109252323.QAA03780@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 25 Sep 2001 16:23:27 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Disputes.on.Electronic.Message.Encryption.Take.On.New.Urgency] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit New York Times Disputes on Electronic Message Encryption Take On New Urgency September 25, 2001 By JOHN SCHWARTZ The attacks on the World Trade Center have reawakened a debate on how strongly the public — and by extension terrorists and other criminals — should be able to encrypt their electronic messages. The technology of scrambling data and messages has become a crucial element of computer security for businesses and consumers alike. Officials of law enforcement and intelligence agencies have long warned lawmakers that they were unable to break the strongest encryption products, and that crimes eventually would be committed that might otherwise have been prevented. "We can give our codebreakers all the money in the world, but the technology has outstripped the codebreakers," said Senator Judd Gregg, Republican of New Hampshire, who has met with Attorney General John Ashcroft and other officials to get encryption limits on the legislative agenda. The F.B.I. has not said publicly whether the hijackers who attacked the World Trade Center and the Pentagon even used encryption to cloak their communications. But Philip R. Zimmermann, the creator of one of the most popular encryption programs, known as P.G.P., for Pretty Good Privacy, said that he would be surprised if this were not the case. "I just assumed somebody planning something so diabolical would want to hide their activities using encryption," Mr. Zimmermann said. Senator Gregg said he will not make a specific legislative proposal until he sees what Attorney General Ashcroft includes in the final version of his broad anti-terrorism bill. But he said he wanted to see legislation to order encryption companies that sell products in the United States to include a back door that would allow government access when "a bad guy or a terrorist" uses encryption. "Law enforcement agencies, after pursuing proper law enforcement restrictions, will have access" to the encrypted data, he said. Proposals for such systems, known as "key escrow" because a key that unlocks encrypted messages would be stored and made available to law enforcement, were the subject of bitter debate in the mid- 1990's. The Clinton administration proposed a technology popularly known as the "Clipper Chip" that would provide back- door access for law enforcement, and also restricted the export of strong encryption products by American firms. Over time, however, the administration's two-pronged encryption initiative failed. Companies and consumers said they would not use a product that had government access built in, and argued that criminals surely would not; the trove of escrowed keys, they argued, would itself become a prime target of hackers and spies. Also, encryption companies were able to show that foreign competitors were already producing strong encryption products that rendered any export ban useless. By the end of the Clinton administration, the Clipper proposal was dead and the export controls were largely lifted. To experts like Dorothy E. Denning, a professor of computer science at Georgetown University who supported the Clinton administration's key escrow efforts, the issue was properly settled and should not be reopened. "We had all those debates a few years ago at a time when we could rationally debate it — the consensus really emerged," said Professor Denning, "that regulating encryption wasn't the right thing to do." But Senator Gregg argued that the issue should, in fact, be reopened. "This is an attempt to find a functional approach to this that both sides can agree with," he said. He is recommending that Congress create a "quasi-judicial" body appointed by the Supreme Court that would handle subpoenas for encryption keys to avoid one of the objections to the original Clinton administration plan. But he also acknowledged that criminals and terrorists would find alternatives to any escrowed system. "Nothing's ever perfect," he said. "If you don't try, you're never going to accomplish it. If you do try, you've at least got some opportunity for accomplishing it." For Mr. Zimmermann and many other programmers who have brought encryption products to market, the Sept. 11 attacks brought reflection on the balance between the good uses of encryption and the bad. "Did I reexamine the question? Of course I did," he said. "But after some reflection, the conclusion is still the same." "I have no regrets," said Mr. Zimmermann, whose product was distributed free of charge via the Internet. "I did this for human rights 10 years ago, and today every human rights group uses it. And I feel very good about that." A newspaper article last week suggested that Mr. Zimmermann felt guilty about P.G.P., but he said the account, which appeared in The Washington Post (news/quote), misrepresented his views; he had only said that he felt bad that his technology might have been used for evil ends, "the way that the Boeing (news/quote) engineers felt bad that their airplanes were used" to commit the attacks, he said. Last week a group of 150 civil liberties organizations from across the political spectrum urged lawmakers to consider with caution any measures that might reduce the rights of citizens. The coalition stressed what, in a statement, it called the "need to consider proposals calmly and deliberately with a determination not to erode the liberties and freedoms that are at the core of the American way of life." <a href="http://www.nytimes.com/2001/09/25/technology/25CODE.html?ex=1002454000&ei=1&en=4935b0e058c7bc58">http://www.nytimes.com/2001/09/25/technology/25CODE.html?ex=1002454000&ei=1&en=4935b0e058c7bc58> Copyright 2001 The New York Times Company ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more! http://us.click.yahoo.com/XrFcOC/m5_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:49 PDT