Subject: RISKS DIGEST 11.44 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Thursday 11 April 1991 Volume 11 : Issue 44 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: [The 11s abound in this issue. 1991 and 44 both divisible by 11!] Re: U.S. Senate 266, Section 2201 (cryptographics) (Jerry Leichter, Douglas S. Rand, Ed Wright, Gary Greene) Re: SB 266 (Willis H. Ware, Bill Murray) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others ignored! REQUESTS to RISKS-Request@CSL.SRI.COM. For vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 11, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. If you cannot access "CRVAX.SRI.COM", try Internet address "128.18.10.1".<==== ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Thu, 11 Apr 91 09:32:49 EDT From: Jerry Leichter Subject: re: U.S. Senate 266, Section 2201 (cryptographics) In a recent RISKS, Bill Murray comments on this "sense of the Senate" that would require providers of information transfer equipment and services to ensure that the government, as authorized by law, could obtain clear-text copies of any messages sent. Murray comments that that this would require the providers to leave "trap doors" in their systems, and that as a result it would be impossible to ensure that others did not gain access to the trap doors. In fact, this claim is false. A system with the properties desired was proposed several years ago as a replacement for DES, and is used (where DES was never approved to begin with) for classified information. In this system, the government supplies the cryptographic "boxes" as sealed units; details of their operation is not made public. Keys are also provided only by the government. The algorithm has the property that only a tiny fraction of the possible keys actually work; using an "incorrect" key either produces nonsense, or produces an encryption that is easily breakable. Note that, while the algorithm used may be kept secret, it is quite possible that even if it were known, the following two problems would still be very difficult: Reversing an encryption with an unknown, good key; finding the algorithm for generating good keys. DES appears to have properties somewhat like this: Text encrypted with a "good" key - any but one of a small set of weak keys - is hard to decrypt (no one appears to have broken DES in years of trying, except by brute force); and the method used for constructing the particular S and P tables in DES and showing that they are "safe" remains secret to this day, despite all details of DES itself being public. With a system of this sort, the government (read some central authority) has in its hands a registry of all keys used, and can read whatever it wants. This is no different from, say, French law, which has always required that all users of cryptographic equipment register design details AND KEYS USED with the government. A database of this sort, if properly implemented, would be fairly small. It could be centrally maintained and NOT available on networks. (In fact, ideally it might even be kept on paper, not in a computer!) No system of protection is foolproof, but a constrained system like this could be made quite secure. Whether we SHOULD accept such a system is a political and moral question, quite apart from its feasibility. I will point out, however, that the strongest argument FOR such a system is that it doesn't take away any rights that anyone has ever had in the past - it simply refuses to create a new right to (essentially) absolutely secure storage of information. (I'll also point out a strong argument AGAINST: The genie is long out of the bottle on this one. There are too many computers out there, with too much power, and too many reasonably good, well-known cryptographic algorithms to prevent anyone who really wants to keep data secure from doing so. Sure, the algorithms available to most people will probably fall quickly to a concerted attack by the NSA - but how many such attacks can the government reasonably expect to mount? This is difficult, labor-intensive work by highly skilled people who are a scarce resource.) BTW, the same issue is certain to come up in a different form - in fact, I'm surprised it hasn't yet. I work for BIGCORP, which provides me with a workstation on which I store all my "work product". To keep the data secure, I encrypt it, using a key only I know. Can BIGCORP demand that I tell them the key? They, of course, argue, that the data is THEIRS, not mine. If I'm hit by a truck tomorrow, they need to be able to get at their data without me. (Further, though they probably won't say so in public, it's intolerable to them that I hold so much power over them: If I demand a raise "or the data stays encrypted", they are in big trouble. Sure, they can sue me, but they are unlikely ever to be able to recover what the lost data could cost them.) -- Jerry ------------------------------ Date: Thu, 11 Apr 91 10:06:00 -0400 From: dsr@mir.mitre.org Subject: Re: U.S. Senate 266, Section 2201 (cryptographics) It seems to me that it is not in the national interest for manufacturers of cryptographic gear to retain anything resembling a back door for themselves or "appropriate use of law enforcement." The existence of such a back door renders the equipment useless for secure transmission as those organizations and agencies which rely on secure transmission would have to rely on not just a private key remaining secret but also a constant, i.e. the back door. It is not even the case that the entire US government would be sanguine about even other sections of the government being able to wiretap secure conversations. And as W. H. Murray points out, there are definitely problems with violating the constitutional guarantees against unreasonable search and seizure. So any gear manufactured for Sec 2201 would, by default, be useless for any serious user of such gear. Maybe someone should tell the senate? Douglas S. Rand, MITRE, Burlington Road, Bedford, MA ------------------------------ Date: Thu, 11 Apr 91 10:28:45 PDT From: Ed Wright Subject: Re: U.S. Senate 266, Section 2201 (Cryptographics)(Bill Murray) > ensure that communications systems permit the government to obtain the plain > text contents of voice, data, and other communications when appropriately > authorized by law. It is precisely because of provision for such government snooping that people in Germany may not have extension phones. The analogy of the Secret Police listening in the phone is a bit crude but not entirely farfetched. Should this bill pass, I wonder how long it will take for the whiplash, or if society will still be able to produce whiplash. ------------------------------ Date: Thu, 11 Apr 91 11:54:35 PDT From: Gary Greene Subject: Re: U.S. Senate 266, Section 2201 (cryptographics) >The referenced language requires that manufacturers build trap-doors >into all cryptographic equipment and that providers of cconfidential >channels reserve to themselves, their agents, and assigns the ability to >read all traffic. ...Stuff intimating that leaks of back-doors are likely deleted... It is quite likely, so no argument. >Is there anybody out there who would buy crypto gear or confidential services >from vendors who were subject to such a law? Given any choice in the matter, I likely would not. I am not a drug dealer, but still have some things (strictly legal) that are my business and nobody else's. I may seem hypocritical to you in light of my comments below, but I see no conflict. >David Kahn asserts that the sovereign always attempts to reserve the use of >cryptography to himself. Nonetheless, if this language were to be enacted into >law, it would represent a major departure. An earlier Senate went to great >pains to assure itself that there were no trapdoors in the DES. Mr. Biden and >Mr. DeConcini want to mandate them. The historical justification of such >reservation has been "national security;" just when that justification begins >to wane, Mr. Biden wants to use "law enforcement." Both justifications rest >upon appeals to fear. >In the United States the people, not the Congress, are sovereign; it should not >be illegal for the people to have access tto communications that the government >cannot read. We should be free from unreasonable search and seizure; we should >be free from self-incrimination. The government already has powerful tools of >investigation at its disposal; it has demonstrated precious little restraint in >their use. < ...restatement deleted> The problem I see in the above is what does the government do when there is grounds for "reasonable" search or seizure. And yes we should be free from self-incrimination, but as I understand the term (and I'm a pointy-headed liberal who worked for McGovern in '72 ...wonder how many of us are left who admit to it?) this protection from self-incrimination extends to our being forced to give testimony against ourselves. Fifth Amendment does not give blanket coverage to all our documents or uterances to third parties. A search warrent or a wire tap must have means of entry to be enforceable, or are you saying that all electronic data communications should be off limits because they already can tap our phones and search our homes with an appropriate warrent? I can think of a few people in organized crime who would promptly move ALL their data and communications to this media if this were true. The guarantees in the Bill of Rights never said nor have the courts ever upheald, to my knowledge at least, any assertion that the government had no right of search or seizure, nor have the courts ever upheld that the people as a whole or individualy had a blanket right to communications which the the government could not access during proper and reasonable process. While any process is subject to abuse by self-rightious people under color of office, and we can certainly point to many abuses in the past to our civil liberties (and not just in recent times ...look at the Palmer raids under Woodrow Wilson, and still earlier abuses throughout our history) I personally find your assertion that the government "has demonstrated precious little restraint" specious without supporting evidence. What I would like to see in your arguments is something more to the practical point of how we balance these various rights against the daily value and practice of law enforcement. Government should never be trusted blindly to protect our interests; that is the central theory behind seperation of powers. The problem with government in a libertarian democracy is how do we protect ourselves while extending to government the powers necessary for it to protect us from wolves. As JFK observed riding the tiger is often uncomfortable. Gary Greene, Unisys/Convergent Technology, San Jose, California ------------------------------ Date: Thu, 11 Apr 91 15:46:45 PDT From: "Willis H. Ware" Subject: SB 266 -- MORE Everything Bill Murray has raised about SB 266 is appropriate. But do note that the draft legislation says "It is the sense of Congress ...." It's a strange section in a way; Congress is simply stating its position on the matter, not doing something about it. SB 266 per se would take no action as Bill has outlined, but it sets the stage for action later by someone else. The more subtle and real RISK in SB 266 is that it opens the door for putting such provisions into effect at other times. Then the Washington pols can claim: "It didn't happen on my shift." Some time, some place, somebody -- legislator or agency bureaucrat -- will propose an action under SB 266 [if this Section passes] that will be socially acceptable and maybe even innocuous at the time. Then another one will come along, and maybe some ideas would not make it. But the cumulative consequence of all such indivdually small and individually socially acceptable actions will be disasterous to the established traditions and mores of the country and its basic structure. Willis H. Ware ------------------------------ Date: Thu, 11 Apr 91 15:57 EDT From: WHMurray@DOCKMASTER.NCSC.MIL Subject: S. 266 On re-reading S. 266, I find that I may have overstated my case a little. If this section were a stand-alone resolution of the Congress, then it is fairly clear that it would not be binding upon anyone. That is, the fact it is the sense of the Congress that someone ought to do something, does not mean that they must do so. As a part of this bill the provision has great potential for mischief, but it is still not clear that it would have the force of law. William Hugh Murray, Executive Consultant, Information System Security 21 Locust Avenue, Suite 2D, New Canaan, Connecticut 06840 203 966 4769, WHMurray at DOCKMASTER.NCSC.MIL ------------------------------ End of RISKS-FORUM Digest 11.44 ************************