Reply From: Vin McLellan <vin@shore.net>
Anthony J. Bettini <tony@cs.umb.edu> wrote:
> Information warfare is very real. Whitfield Diffie, a strong
>opponent of key escrow specifically mentioned the reality and harms of the
>future of information warfare when he spoke at MIT in April regarding his
>newly
>published book, Privacy on the Line: the Politics of Wiretapping and
>Encryption.
Actually, what Diffie actually said was that it was not the
mega-threat of catacylsmic infowar that roused him, but rather the
realization that a cyber attack could be addressed at a specific company.
It was when he considered the potential threat to his employer, Sun Micro,
that he began to reconsider the potential of cyber-attacks, on-line and off.
I have no doubt that some corporate entities and some
network-connected critical infrastructures could be damaged with on-line
attacks. In one of the early Macintosh viruses, we're already seen a virus
targetted at specific department in a specific company, EDI.
What I think we have to remember is that many of these
vulnerabilities exist today only because the US and other governments -- in
their desire to maintain surveillance on "foreign" and domestic targets:
individual, corporate, and governmental -- have, for 20-odds years,
systematically stimied any attempt to integrate strong cryptography into
operating systems, business and communication applications, and system
management tools.
The obvious solution to many real vulnerabilities in today's system
and network infrastructures has been crypto -- but so long as government
remain enchanted with establishing a universal surveillance option on any
electronic communications, governments will try to promote punitive law
enforcement and military options and ignore crypto. Clinton new policy on
Critical Infrastructure Protection is a case in point.
The tension between "national security" interests in maintaining
eavesdropping capabilities (increasingly, for domestic as well as "foreign"
surveillance) and "commercial" interest in a trusted network platform for
electronic commmerce will probably be with us for years. CDT has just
published another superb report on "Key Recovery, Key Escrow, and Trusted
Third Party Encryption" that addresses many aspects of this conflict. See:
<http://www.cdt.org/crypto/risks98>
To my mind, this CDT report is the best, most accessible, and most
insightful analysis of the inherent weaknesses in the GAKed or
crippled-crypto model yet published. The co-authors include Diffie;
Rivest; Ross Anderson; Steve Bellovin and Matt Blaize of AT&T; Josh Benaloh
of Microsoft; Jeff Schiller of MIT co-director of the IETF Security
Section; John Gilmore, cofounder of the EFF; Bruce Schniener, author of
Applied Cryptography; and Hal Abelson of MIT.
> Along the same lines, when Bruce Scheinder spoke at Beyond Hope
>about cryptography he warned of cyber-terrorists using jurisdiction
>shopping as a means towards warfare.
>
>> "Mandatory key escrow" means that citizens protecting their
>> electronic business with encrypted computer code would have to
>> provide government regulators with keys to that code.
>
> Granted I am not a supported of key escrow by any means mind you
>however, when FBI Agent Smith (if I recall correctly Director of Digital
>Telephony Division) spoke at the same MIT special aired on CSPAN in support
>of key escrow, he stated that it was not the so called "government regulators"
>that would hold the "keys to that code" but a neutral trusted third party
>such as a bank.
The point is that someone, and eventually some automatic system, is
expected to give government agents or regulators rapid access to an
individual's or a corporation's secret crypto key surreptitously -- that
is, without telling or alerting the target. Which gives a purely Orwellian
twist to the phrase "trusted third party" -- and the concept of "escrow,"
for that matter. The crux of the concept is not in the mechanics but in
the goal, a universal surveillance option.
The CDT paper above is really helpful in carefully tracking the US
government's expressed goals and contrasting them against various partial
solutions (like self-escrow, or unescrowed but somehow accessible key) that
the feds have been willing to accept as a temporary measures. The
government doesn't just want to access someones private crypto key. Access
alone, what a company might need for its internal backup of data, is not
enough. The spooks want (a) surreptitious access (ie., access thru a third
party holding the keys, so the target of their surveillance remains dumb,)
(b) immediate "real-time" access to content, and they want this
surveillance option to be (c) ubiquitous, built into all cryptographic
products sold or used, by individuals as well as corporate entities.
The CDT's Ad Hoc team of cryptographers and systems experts
effectively demolish -- in terms of what is technically feasible -- the
idea that these goals can be met with a secure and trusted key-escrow or
key-recovery mechanism that can gird the nation (let alone the globe.)
They don't bother getting into the political or economic issues; they just
gut the naive technical assumptions that underlie many of the demands by
the spooks and the cops, in the US and elsewhere. The report is also a
great piece of technical writing.
Matthew Patton <patton@sysnet.net> is right when he points out
that bankers and individual banks have often been wimps when it comes to
safeguarding the privacy of individual depositors, but collectively they
have been potent in defending the integrity of their own internal systems.
It was, for example, the American banks which were the first important
source of resistance to the NSA's attempts to displace DES with
CCEP/Clipper/Capstone chips with backdoors for government access.
The banks, in the US and Europe, were also the first to adopt
cryptography (DES and RSAPKC) to secure their internal communiations. Their
response to the NSA in many ways cracked the myth of the super-spooks. The
American Bankers' Association literally laughed the NSA reps who presented
CCEP as a replacement for DES out of one of their conventions in the mid
80s. (CCEP offered backdoored chips to replace DES, but it was initally
presented as available only for US-owned or controlled banks. At the time,
maybe 15 percent of US banks were foreign owned.) Their response set the
stage for the widespread scorn that today, in business circles, greet the
idea that corporations should surrender control over their internal data
and communications security to government agents.
Don't knock the guys with the vaults. For their own reasons -- and
as users, corporate citizens, rather than as vendors -- the bankers have
collectively shown more balls than any other sector of industry or commerce
in resisting ubiquitous government surveillance of their internal business
operations. Without them, strong un-GAKed cryptography might have been
outlawed years ago.
Suerte,
_Vin
-----
"Cryptography is like literacy in the Dark Ages. Infinitely potent, for
good and ill... yet basically an intellectual construct, an idea, which by
its nature will resist efforts to restrict it to bureaucrats and others who
deem only themselves worthy of such Privilege."
_ A thinking man's Creed for Crypto/ vbm.
* Vin McLellan + The Privacy Guild + <vin@shore.net> *
53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Wed Jun 10 08:51:32 1998