[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Golden Coy Freeh
The New York Times, January 25, 1995, p. D5.
The F.B.I. Sting Operation on Child Pornography Raises
Questions About Cryptography
By Peter H. Lewis
Federal agents swooped down on more than 125 homes and
offices across the United States on Sept. 13, seizing
computers and diskettes from people suspected of
trafficking in child pornography over the America Online
network. But to date, the number of arrests in the sting
operation remains at 15.
More arrests are expected, but why haven't more occurred?
Last week, Louis J. Freeh, the director of the F.B.I.,
offered an oblique explanation for the seemingly low
initial success rate.
At least some of the suspected child pornographers had used
data encryption software, Mr. Freeh said Thursday in
remarks at an International Cryptography Institute
conference in Washington. In other words, they had
scrambled their computer files so that only someone with
the password -- or with proper code-breaking skills --
could view the contents.
Mr. Freeh wisely did not say whether the F.B.I. agents were
able to decipher the encrypted files seized in the
investigation. It would be foolhardy, from a
law-enforcement perspective, to tip one's hand.
If the head of the F.B.I. acknowledged that his agency was
powerless to crack a cryptography program like Pretty Good
Privacy, the stampede for that software on the Internet
would make the run on Windows 95 look puny.
From a political perspective, Mr. Freeh's coyness is shrewd
as well. By making even a subtle suggestion that some child
pornographers may walk free because of unbreakable
cryptography, he gains more leverage in seeking
Government-mandated controls over the use of encryption
technology.
Mr. Freeh said that encryption was a "public safety" issue,
and he said law-enforcement agencies around the world "will
not tolerate" the use of private data encryption to impede
investigations. He said encryption had also been
encountered in the Philippines in a plot to blow up an
American jet and to assassinate Pope John Paul lI (in that
case, at least, one can presume the code was cracked.)
It seems worthwhile to point out that even if the suspects
in the child pornography sting, called Operation Innocent
Images, used cryptography, that did not provide evidence
that they were doing something illegal. Our legal system is
predicated on the belief that one is innocent unless proved
guilty, and there is no exception clause for technology.
"Fortunately we are not yet at the point where the mere use
of encryption overcomes the presumption of innocence," said
David Sobel, staff counsel for the Electronic Privacy
Information Center in Washington.
Another point to remember is that the F.B.I. identified
more than 100 suspects, and gathered sufficient information
to warrant raids, using existing laws and enforcement
techniques. On the other hand, there is no denying that
child pornographers use data encryption to keep co-workers,
family members and police from discovering their secrets.
"We are involved in a couple of jobs every week resolving
some kind of a child pornography investigation," said Eric
K. Thompson, president of Access Data Inc. of Orem, Utah,
a private company that specializes in cracking encrypted
files for corporations and Government agencies.
The Government's elite codebreakers at the National
Security Administration are prohibited by law from using
their talents against American citizens. The F.B.I. has its
own code-breaking experts, but it routinely calls on
independent experts like Access Data to help on some cases.
After eight years of breaking into encrypted files, ranging
from situations involving secretaries who simply forgot
their passwords for important memos to cases involving
corporate computer systems that were encrypted by
disgruntled employees, Mr. Thompson has concluded:
"Basically, the criminal element is becoming more computer
literate, and they are discovering encryption. Files are
becoming more difficult to break."
Dorothy Denning, an expert in cryptography and a professor
of computer science at Georgetown University in Washington,
said she recognized the importance of encryption for
businesses seeking to protect information. At the same
time, she said, she also recognized the problems that
law-enforcement agencies face because of cryptography.
"So many people had been saying people in law enforcement
weren't having this problem, and I didn't believe that,"
Dr. Denning said. So in May, she said, she spent two days
calling sources at law-enforcement organizations. "I came
up with over 20 cases -- child pornography, terrorism,
murder, embezzlement fraud, tax protesters, export
violations -- and, in some cases, they were able to crack
it, and others they couldn't," she said.
What can be done? The Administration's plan is to seek
voluntary compliance with a "key escrow" plan, which would
enable citizens to use strong, private cryptography as long
as a copy of the software "key" were made available to law
enforcement officials.
Last week, Mr. Freeh stressed that he preferred a voluntary
approach. But "if consensus is impossible" on the
encryption issue, he said, the F.B.I. might consider other
approaches.
The debate is certain to heat up as more information about
Operation Innocent Images becomes known. There are no
comforting answers, only an echo of advice from a time
predating the Internet: There is no solution. Seek it
wisely.
[End]