IP: I want to congratulate

[David Farber <farber () cis upenn edu>]

=20
Dorothy for publishing this work and look forward to wide spread
distribution. While the report does not make policy recommendations perhaps
we can now engage a rational look at what policy should be.


Dave
----------------------------------------------------------------------------
----
=20
Encryption expert revises views
Authorities crack codes on their own


Published: July 31, 1997


BY SIMSON GARFINKEL
Special to the Mercury News=20


=20
A key academic supporter of the Clinton administration's position in the
debate over controls on encryption software has found that the scrambling
techniques widely used today have not shielded criminals from law
enforcement authorities. As a result, she is backing off from her long-held
belief that controls on strong encryption are essential to fight crime.


In a study to be released today, Dorothy Denning, a Georgetown University
computer science professor, reports that a survey of law enforcement
officials found that they have been able to nab suspected criminals even
when the suspects employed encryption to hide evidence of their wrongdoing.


Encryption technology allows data to be scrambled so that it cannot be
intercepted or understood by anyone other than the intended recipients. The
administration -- and Denning -- have long argued that the use of strong
encryption should be controlled so that terrorists, drug dealers and other
criminal elements do not gain the upper hand over law enforcement.


The report, to be published by the National Strategy Information Center, a
Washington, D.C., think tank, is the first of its kind and includes more
than 20 incidents in which law enforcement organizations encountered
encrypted data.


``Most of the investigators we talked to did not find that encryption was
obstructing a large number of investigations. When encryption has been
encountered, investigators have usually been able to get the keys from the
subject, crack the codes or use other evidence,'' the report says.=20


The report -- whose other author is William E. Baugh Jr., vice president of
defense contractor Science Applications International Corp. -- provides
new, behind-the-scenes details on well-known cases.


Encryption controls are at the center of a debate that pits the computer
industry and civil libertarians against the Clinton administration and law
enforcement organizations. Businesses argue that encryption is vital in the
computerized world to protect business records and personal communications.


But the Clinton administration has argued that it can be, and has been,
used by organized crime, terrorists and child pornographers to hide
evidence of their illegal activities. The administration has fought hard
for increased controls on encryption, both domestically and abroad. But it
has been unwilling to list specific cases in which it has interfered with
law enforcement.=20


Faced with the lack of evidence, Denning set out to interview law
enforcement officials and comb news reports, amassing as many cases as
possible in which encryption had played a role in a criminal investigation.


Her report, ``Encryption and Evolving Technologies as Tools of Organized
Crime and Terrorism,'' had been expected to call for increased restrictions
on encryption. Instead, Denning said, she has now stepped back from her
former position of advocating controls on the dissemination of strong
encryption technology.


``If anything, I am in a greater state of questioning about what we should
do,'' she said in an interview.


``I don't have a position about what we should do. That is why the report
does not make any recommendations about policy. The only recommendation is
that we think that we need to be collecting data, not just on the number of
cases, but on what the outcomes of those cases are.''


The report does make clear that encryption could pose problems for law
enforcement in the future. ``Our findings suggest that the total number of
criminal cases involving encryption worldwide is at least 500, with an
annual growth rate of 50 to 100 percent,'' it says.




The cases examined include:




The Japanese death cult, Aum Shinrikyo, which used encryption to store
records on its computers. Authorities were able to decrypt the files in
1995 after finding the decryption key on a floppy disk.=20


The New York subway bomber, Edward Leary, who had created his own
encryption system to scramble files on his computer. According to the
report, after Manhattan police ``failed to break the encryption, the files
were sent to outside encryption experts. These experts also failed.
Eventually, the encryption was broken by a federal agency. The files
contained child pornography and personal information which was not
particularly useful to the case.''


``A police department in Maryland encountered an encrypted file in a drug
case. Allegations were raised that the subject had been involved in
document counterfeiting, and file names were consistent with formal
documents. Efforts to decrypt the files failed, however, so the conviction
was on the drug charges only.''
Many programs, such as Microsoft Word, Word Perfect and Intuit Inc.'s
Quicken, include some form of weak encryption. According to the report,
these systems can be broken with automatic programs in 80 to 85 percent of
all cases.






    =20






=20


----------------------------------------------------------------------------
----
=20


| Mercury Center Home | Index | Feedback |
=A91996-7 Mercury Center. The information you receive on-line from Mercury
Center is protected by the copyright laws of the United States. The
copyright laws prohibit any copying, redistributing, retransmitting, or
repurposing of any copyright-protected material.=20