Golden Coy Freeh

[John Young <jya@pipeline.com>]

   The New York Times, January 25, 1995, p. D5.

   The F.B.I. Sting Operation on Child Pornography Raises
   Questions About Cryptography

   By Peter H. Lewis


   Federal agents swooped down on more than 125 homes and
   offices across the United States on Sept. 13, seizing
   computers and diskettes from people suspected of
   trafficking in child pornography over the America Online
   network. But to date, the number of arrests in the sting
   operation remains at 15.

   More arrests are expected, but why haven't more occurred?

   Last week, Louis J. Freeh, the director of the F.B.I.,
   offered an oblique explanation for the seemingly low
   initial success rate.

   At least some of the suspected child pornographers had used
   data encryption software, Mr. Freeh said Thursday in
   remarks at an International Cryptography Institute
   conference in Washington. In other words, they had
   scrambled their computer files so that only someone with
   the password -- or with proper code-breaking skills --
   could view the contents.

   Mr. Freeh wisely did not say whether the F.B.I. agents were
   able to decipher the encrypted files seized in the
   investigation. It would be foolhardy, from a
   law-enforcement perspective, to tip one's hand.

   If the head of the F.B.I. acknowledged that his agency was
   powerless to crack a cryptography program like Pretty Good
   Privacy, the stampede for that software on the Internet
   would make the run on Windows 95 look puny.

   From a political perspective, Mr. Freeh's coyness is shrewd
   as well. By making even a subtle suggestion that some child
   pornographers may walk free because of unbreakable
   cryptography, he gains more leverage in seeking
   Government-mandated controls over the use of encryption
   technology.

   Mr. Freeh said that encryption was a "public safety" issue,
   and he said law-enforcement agencies around the world "will
   not tolerate" the use of private data encryption to impede
   investigations. He said encryption had also been
   encountered in the Philippines in a plot to blow up an
   American jet and to assassinate Pope John Paul lI (in that
   case, at least, one can presume the code was cracked.)

   It seems worthwhile to point out that even if the suspects
   in the child pornography sting, called Operation Innocent
   Images, used cryptography, that did not provide evidence
   that they were doing something illegal. Our legal system is
   predicated on the belief that one is innocent unless proved
   guilty, and there is no exception clause for technology.

   "Fortunately we are not yet at the point where the mere use
   of encryption overcomes the presumption of innocence," said
   David Sobel, staff counsel for the Electronic Privacy
   Information Center in Washington.

   Another point to remember is that the F.B.I. identified
   more than 100 suspects, and gathered sufficient information
   to warrant raids, using existing laws and enforcement
   techniques. On the other hand, there is no denying that
   child pornographers use data encryption to keep co-workers,
   family members and police from discovering their secrets.

   "We are involved in a couple of jobs every week resolving
   some kind of a child pornography investigation," said Eric
   K. Thompson, president of Access Data Inc. of Orem, Utah,
   a private company that specializes in cracking encrypted
   files for corporations and Government agencies.

   The Government's elite codebreakers at the National
   Security Administration are prohibited by law from using
   their talents against American citizens. The F.B.I. has its
   own code-breaking experts, but it routinely calls on
   independent experts like Access Data to help on some cases.

   After eight years of breaking into encrypted files, ranging
   from situations involving secretaries who simply forgot
   their passwords for important memos to cases involving
   corporate computer systems that were encrypted by
   disgruntled employees, Mr. Thompson has concluded:
   "Basically, the criminal element is becoming more computer
   literate, and they are discovering encryption. Files are
   becoming more difficult to break."

   Dorothy Denning, an expert in cryptography and a professor
   of computer science at Georgetown University in Washington,
   said she recognized the importance of encryption for
   businesses seeking to protect information. At the same
   time, she said, she also recognized the problems that
   law-enforcement agencies face because of cryptography.

   "So many people had been saying people in law enforcement
   weren't having this problem, and I didn't believe that,"
   Dr. Denning said. So in May, she said, she spent two days
   calling sources at law-enforcement organizations. "I came
   up with over 20 cases -- child pornography, terrorism,
   murder, embezzlement fraud, tax protesters, export
   violations -- and, in some cases, they were able to crack
   it, and others they couldn't," she said.

   What can be done? The Administration's plan is to seek
   voluntary compliance with a "key escrow" plan, which would
   enable citizens to use strong, private cryptography as long
   as a copy of the software "key" were made available to law
   enforcement officials.

   Last week, Mr. Freeh stressed that he preferred a voluntary
   approach. But "if consensus is impossible" on the
   encryption issue, he said, the F.B.I. might consider other
   approaches.

   The debate is certain to heat up as more information about
   Operation Innocent Images becomes known. There are no
   comforting answers, only an echo of advice from a time
   predating the Internet: There is no solution. Seek it
   wisely.

   [End]