From: Ariel Glenn <ariel@watsun.cc.columbia.edu>
Date: Thu, 23 Oct 1997 23:06:50 +0800
To: cypherpunks@cyberpass.net
Subject: Cyberterrorism report according to the NYT
Message-ID: <CMM.0.90.4.877618095.ariel@stealth.cc.columbia.edu>
MIME-Version: 1.0
Content-Type: text/plain



Day before yesterday I actually saw Ian Goldberg and David Wagner
on CNN Headline news, second billing after some auto fuel cell thing,
talking about weak encryption etc. in the context of the White House
report on cyberterrorism. 
In any case here's the NYT take on it...

Ariel Glenn
ariel@columbia.edu

-----
[beginning irrelevance deleted]

The use of encryption by United States residents has been a hotly
debated security issue in the White House, in Congress and
on the Internet. Louis J. Freeh, the director of the Federal
Bureau of Investigation, has testified repeatedly that allowing
private citizens to use unbreakable encryption would enable criminals to
mask their activities unless the police are allowed keys to all
scrambled communications. 

Even so, the commission's report appears to suggest that
widespread use of encryption is the nation's first line of defense
against attacks by terrorists or spies who want to steal information
or eavesdrop. Sophisticated systems like digital signatures can
prevent terrorists from shutting down networks, crashing
individual computers or erasing databases. 

Several people familiar with the commission's work, all of whom
asked that they not be named, said that the panel had come under
intense pressure to support the FBI's plan to build in trap doors
known as "key recovery systems" into encryption schemes to
make scrambled data easily accessible to the police. 

In the end, the commission did endorse key recovery, but
only because such systems would
allow people and companies to recover data if their own
keys were lost. It stopped short of
recommending easy access for law enforcement. 

In the interview on Tuesday, Marsh avoided commenting
directly on the FBI's assertion that
it needs "instant access" to all communications in the
nation, saying only that the commission
 did not "probe into that in great depth." 

"Exactly how that is done," Marsh said of key recovery systems, "the
commission is not expert at that." 

Some security analysts have argued that a widespread
key recovery system could turn out to be a major
vulnerability because if it was ever infiltrated or
compromised, it would offer cyber-terrorists a
database full of keys that could unlock significant
portions of communications and computer systems in
the United States. 

In addition to terrorists, any insider could easily reveal
secret or proprietary data, either accidentally or
maliciously. In recent months, for example, the FBI has
been criticized for releasing the background files of
Republican leaders to the White House, apparently because of a
clerical error.

[more irrelevance deleted]

Peter Neumann, author of Computer-Related Risks, said of the report: 
"I think the Commission has made a very important first step toward 
recognizing the vulnerabilities, threats, and risks." 

Even so, Neumann said: "They could have gone much further in
addressing the risks of the inherently weak computer-communication 
infrastructures that underlie our critical infrastructures. Also, they
almost completely ducked the importance of nonsubvertible
cryptography, and issues relating to the intrinsic risks of
key-recovery schemes. But the real question is: Where does the
government go from here?"