[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FBI calls for mandatory key escrow; Denning on export ctrls




All encryption products sold or distributed in the U.S.
must have a key escrow backdoor "like an airbag in a car,"
law enforcement agents advised a Senate panel this
afternoon.

FBI Director Louis Freeh also told a Senate Judiciary
subcommittee that "network service providers should be
required to have some immediate decryption ability
available" permitting agents to readily descramble
encrypted messages that pass through their system.

This marks the most aggressive push to date for
mandatory domestic key escrow (or "key recovery"),
which means someone else other than the recipient can
decipher messages you send out. Now, the easiest way
to win such a political tussle in Washington is to
control the terms of the debate. And nobody
understands that rule better than Sen. Jon Kyl
(R-Arizona), chair of the Judiciary subcommittee on
technology, terrorism, and government information.

Kyl opened today's hearing not by saying its purpose
was to discuss crypto in a balanced manner, but that
he wanted "to explore how encryption is affecting the
way we deal with criminals, terrorists, and the
security needs of business." Then he talked at length
about "criminals and terrorists" using crypto, and
child pornographers "using encryption to hide
pornographic images of children that they transmit
across the Internet."

Kyl also stacked the three panels. Out of seven
witnesses, five were current or former law enforcement
agents. No privacy or civil liberties advocates
testified. Some companies including FedEx apparently
dropped out when told they'd have to pay lip service
to key escrow if they wanted to speak.

Dorothy Denning, a Georgetown University professor of
computer science, did testify. Kyl made a point of
asking her if she still supported key escrow systems
(two recent articles by Will Rodger and Simson
Garfinkel said she was changing her mind). "I think
key recovery offers a very attractive approach,"
Denning said. What about export controls? "In the
absence of any controls, the problem for law
enforcement would get worse," she replied.

But when Sen. Dianne Feinstein (D-Calif) asked if
Denning would support a *mandatory* key escrow system,
the computer scientist said she wouldn't. "No, because
we don't have a lot of experience we key recovery
systems... a lot of people are legitimately nervous."

(Keep in mind that although Feinstein supposedly
represents Silicon Valley, she's no friend of high
tech firms. She opposes lifting export controls; in
fact, she says that "nothing other than some form of
mandatory key recovery really does the job" of
preventing crime. Of course, Feinstein doesn't have a
clue. She talks about whether businesses would want "a
hard key or digital key or a key infrastructure." Yes,
folks, this is in fact meaningless blather.)

Marc Rotenberg, director of the Electronic Privacy
Information Center in Washington, DC, says, "Simply
stated, the Senate train is headed in the wrong
direction. But of course this doesn't answer the
question of what will ultimately be resolved by
Congress? There's a very popular measure in the House
right now that's heading in a different direction."

Rotenberg is talking about Rep. Bob Goodlatte's SAFE
bill, which is much more pro-business than S.909,
the McCain-Kerrey Senate bill that Kyl supports. Now,
S.909 doesn't mandate key recovery; it only strongly
encourages it by wielding the federal government's
purchasing power to jumpstart a key recovery
infrastructure.

But Kyl would go further. At a recent Heritage
Foundation roundtable on encryption, I asked him, "Why
not make key recovery technology mandatory -- after
all, terrorists, drug kingpins and other criminals
won't use it otherwise. Kyl's response? Not that it
would be a violation of Constitutional due process and
search and seizure protections or a bad idea. Instead,
he told me he simply didn't have enough votes...

-Declan