8 September 1997

--------------------------------------------------------------------------------------

 8 September 1997, ZDNet News:

 Is Big Brother Right Around the Corner?

 The issues seem simple, the technology complex. 

 Yet the current debate in Congress, spurred by the introduction of the Secure
 Public Networks Act, goes beyond a simple choice between safer streets or better
 privacy. The act could signal a brave new world of governmental power. 

 "The idea that we should deny (ourselves) basic rights to make it easier to catch a
 few criminals is ludicrous," said Bruce Schneier, president of security firm
 Counterpane Security, and author of the book Applied Cryptography. "The bad far
 out weighs the good in this bill." 

 Comments by FBI Director Louis Freeh to Congress calling for limits on domestic
 encryption product on Wednesday had privacy and free-speech advocates
 imagining a future of Big Brotherhood. Freeh's statements had been made as part
 of expert testimony to the Senate subcommittee on Technology, Terrorism and
 Government Information, as part of the subcommittee's consideration of the
 Secure Public Networks Act. 

 The act -- introduced by Senators John McCain (R-Ariz.) and Bob Kerrey
 (D-Neb.) -- mandates that all encryption software have a back door, to which the
 government will be allowed access. Many factions in Congress, supported by law
 enforcement officials, see the need for the storage of encryption keys to facilitate
 access to data -- a method called "key escrow." 

 In an analysis of the bill, the Center for Democracy and Technology, a watchdog
 group based in Washington, stated that it puts the government above the people.
 "The (McCain-Kerrey bill and a bill proposed by the Clinton Administration) require
 any third-party holding decryption keys to surrender them in response to a mere
 subpoena, issued without judicial approval and without notice to the encryption
 user," stated the report. 

 During his testimony, Freeh defended the requirement, stating that law
 enforcement needed quick access to user data. "What we need as a minimum is a
 feature ... that will allow law enforcement to have immediate access to encrypted
 information," he told the subcommittee. "This can be done in a voluntary manner
 or ... a mandatory manner." 

 Encryption specialist Dorothy Denning, a professor of Computer Science at
 Georgetown University, supported the need of law enforcement to somehow deal
 with encryption. "We are at the leading edge of what could become a serious
 threat to law enforcement," she said in her testimony to the Senate subcommittee
 on Wednesday. Denning stopped short of any recommendations, however. 

 Still, according to findings reported by Denning and co-researcher and consultant
 William Baugh, Jr., 100 U.S. crime cases contained an element of encryption in
 1996. According to Freeh's numbers, 12 of those cases were significantly slowed
 by the inability to decrypt possibly important data. While small, the number of
 cases with encryption will grow 50 to 100 percent a year, predicted Denning. 

 Does this give the government the right to spy? Many experts say no. They don't
 believe the government can be trusted to use the keys properly, or even to
 safeguard access to them. "It means our privacy is at the pleasure of the
 government," said Counterpane's Schneier. "Worse, the danger (of keys being
 leaked) is enormous -- to me, it is certain. Any government project that big cannot
 be built securely." 

 Lack of trust in the government has an unfortunate basis in fact. In California, the
 Department of Motor Vehicles revealed earlier this summer that some employees
 had been selling the names and addresses of registered drivers. Supermarkets used
 the information to create a mailing list of customers at rival supermarkets. A
 similar leak of an escrowed key could cause immeasurable damage to a citizen or
 business. 

 While the issues seem new, in fact they have been dealt with before. The framers
 of the Constitution knew about the benefits of encryption. "It is well known that
 Thomas Jefferson and James Madison encoded their letters to protect the
 contents," said Bob Kohn, general manager and vice consul for cryptography
 software firm Pretty Good Privacy Inc. Freeh had made several comments that
 encryption demands that we rethink the Fourth Amendment of the Constitution. 

 Yet the Amendment is there to protect basic rights. "Today, you have a right to
 remain silent," said Kohn. "They may be able to seize your property, but you can
 keep the passwords." If the bill passes, tomorrow, you may not have that right. 

----------

 8 September 1997, ZDNet News:

 Industry Blasts Domestic Key-escrow Proposal 

 Wednesday's calls by the FBI chief and several senators for a key recovery plan 
 for data-scrambling software used within the United States drew sharp criticism 
 from the IT industry and cyberactivists, who said new controls on the domestic 
 use of encryption tools would violate citizens' privacy rights. 

 Officials from software makers including Netscape Communications Corp. and
 Sybase Inc. said the proposal from Louis Freeh, director of the Federal Bureau of
 Investigation, could represent a troubling shift away from the Clinton
 administration's earlier policy statements on key escrow. White House officials
 said again today, that the Clinton administration officially opposes domestic
 key-escrow schemes. 

 Netscape public policy Vice President Peter Harter said in a statement that if a
 move was undertaken to give government officials keys to encryption software
 used in the United States, it could stymie the growing industry for Internet- related
 products and services. 

 For Internet users, the specter of a Big Brother holding the key to their encrypted
 E-mail messages could chill the use of the medium, Harter and others said. 

 What's more, a protracted fight between the government and the IT industry on
 crypto standards would mean major financial losses for software companies,
 Harter said. 

 Sybase's director of communications security, Tom Parenty, maintained that
 strong encryption software has more potential as a crime fighter than as a tool for
 criminals, as FBI officials allege. 

 "There is no substitute for widespread, strong cryptography in preventing crime
 aimed at computer networks," Parenty noted. 

 But crime prevention is precisely the goal of FBI Director Freeh, who told the
 Senate Judiciary subcommittee on technology, terrorism and government
 information Wednesday that without a domestic key-recovery mechanism, "our
 ability to investigate and sometimes prevent the most serious crimes and terrorism
 will be severely impaired." 

 Freeh told the subcommittee that he supports requiring manufacturers of
 encryption tools to make decryption keys available to police during criminal
 investigations. The proposal gained the support of Sen. Dianne Feinstein, a
 California Democrat, and Sen. John Kyl, an Arizona Republican who heads the
 technology, terrorism and government subcommittee. 

 Officials from the Electronic Frontier Foundation said the proposal should set off
 alarms throughout the Internet community, since encryption allows Netizens to
 speak privately and to protect the integrity of online financial transactions, said
 Shari Steele, staff counsel at the EFF. 

----------

 8 September 1997, ZDNet News:

 Silicon Valley says 'we don't believe it' to Clinton 

 Silicon Valley leaders cast a critical eye on a Clinton official who came to 
 town to tout the administration's new Internet policy. 

 Senior White House advisor Ira Magaziner pushed the laissez-faire plan before
 members of the American Electronics Association trade group Thursday night, but
 many technology officials wonder if the government will keep its promise to keep
 its hands off the Web. 

 "I don't believe it," said Cypress Semiconductor Corp. Chief Executive T.J.
 Rodgers, who's been a vocal critic of the plan. "I think we're going to go back to
 politics as usual." 

 The administration's Framework for Global Electronic proposes self-regulated,
 tax-free Internet commerce, and it urges the industry to adopt a global perspective
 as it defines its own policy and standards. 

 "What we need is a break with the past," Magaziner told AEA members.
 "Electronic commerce as it develops should be a market-driven industry, not a
 regulated industry." But many in the audience questioned whether the government
 would stick to its promise of no new federal taxes on the Internet. 

 Rodgers said federal officials won't be able to resist taxing Internet commerce
 once it becomes lucrative, comparing the government to a monster that needs
 food. "You and me, Bill Gates, as soon as anyone starts making money on this
 thing, they're gonna get fed," Rodgers said. "The animal needs food." 

 Others were more supportive of the plan, calling it a first step in the right
 direction. AEA Chairman George Sollman, who is also vice chairman of Centigram
 Communications Corp., proposed adopting the report as an Internet Bill of Rights
 to guide the industry. 

 However, he urged the government to relax its encryption policies first. 

 "We very much support this document, but we have some issues about how
 encryption might be implemented," Sollman said. Despite its hands-off approach to
 regulating the Web, the government has taken a hard line on encryption, or the
 scrambling of data to prevent hackers from reading it. 

 U.S. policy prevents the export of strong encryption products unless they contain
 a way for federal officials to unscramble the code. They say the policy prevents
 criminals like terrorists and pornographers from transmitting illegal material over
 the Internet. But many said the tough encryption policy could hinder American
 companies selling their products abroad. AEA Chairman Sollman said foreign
 companies might be leery of buying software from American companies if U.S.
 officials have the keys, or code, to decipher scrambled messages. "Would an
 American company buy software from the Japanese where the Japanese
 government had access to key recovery?" Sollman asked. Technology officials
 also urged the government to take up the issues of software piracy abroad and
 frivolous lawsuits. 

----------
