From: Greg Broiles <gbroiles@c2.net>
Date: Mon, 19 May 1997 17:55:13 +0800
To: cypherpunks@cyberpass.net
Subject: Crypto use to foil law enforcement?
Message-ID: <3.0.1.32.19970519023657.00834370@gabber.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


I ran across this entry in the Congressional Record which discusses several
examples where encryption was discovered in the course of a law enforcement
investigation. 

[Congressional Record: September 18, 1996 (Senate)][Page S10882-S10886]

[...]

Mr. GRASSLEY. Mr. President, I'm pleased that the Senate has passed 
the eonomic espionage bill. This is an important measure that I believe 
will save American business significant amounts of money. The theft of 
confidential information from American businesses is a serious problem, 
and this bill takes important steps in the right direction.
  I am particularly pleased that the Senate has accepted the amendment 
I offered with Senator Kyl. This amendment commissions the first-ever 
study on the criminal misuse of encryption technologies. Under the 
Grassley-Kyl amendment, court officers who prepare pre-sentencing 
reports will include information on the use of encryption to conceal 
criminal conduct, obstruct investigations, and commit crimes. The 
sentencing commission will then collect and collate this information 
and include it in its annual report to congress.
  In this way, I am hopeful that Congress and executive branch will 
have reliable data on whether the criminal misuse of encryption is 
actually a problem and, if so, what response to this problem would be 
appropriate.
  As chairman of the Oversight Subcommittee on the Judiciary Committee, 
I did an informal survey of state-level law enforcement concerning the 
criminal misuse of encryption. This informal survey, while not 
scientific, provides valuable insights into the actions of the criminal 
element in our society.
  Here are just some of the responses my subcommittee received.
  In one case involving John Lucich of the New Jersey attorney 
general's office was involved, a computer was seized pursuant to a 
warrant in a serious assault case. Examination revealed that 
approximately 20 percent of the hard drive files were encrypted. 
Investigators sought the assistance of two different Federal agencies. 
Both of these agencies were unsuccessful in decrypting the files. 
Finally, a third Federal agency was successful in decrypting the files 
after expending considerable resources. The Decrypted files did not 
contain evidence of the assault but rather contained evidence of child 
pornography. The encryption type likely used was ``DES.''
  And Officer Tim O'Neill of the Roseville, California Police 
Department reported to the subcommittee that he participated in a 
search involving a complaint against a subject who was on probation for 
solicitation/annoyance of minors. The subject had a hidden encrypted 
file on his personal computer. In the ``slack'' area at the end of the 
file the officer found names, addresses, school, grade, and phone 
numbers of 4-5 young teen girls. The encryption type used was known as 
``pincrypt.''
  Officer Mike Menz of the same department advised the subcommittee 
that he was working on a joint State/Federal major check fraud case 
where part of the potential evidence was encrypted.
  Ivan Ortman, a senior prosecutor in Seattle, Washington, encountered 
some encrypted files and password protection in a cellular phone fraud 
investigation. For a number of files the popular and inexpensive 
``PGP'' type of encryption was used. Orton indicated that no effort was 
even made to examine the files as the police could not locate any 
method for ``cracking that encryption.''
  In other words, why try since such an effort is certain to be futile. 
Surely a rational society should look long and hard at this situation.
  Agent Chuck Davis of the Colorado Bureau of Investigation reported to 
the subcommittee that he has encountered encryption as well as password 
protection problems. In one embezzlement case, a computer system has 
seized. Examination revealed that files on the hard disk were 
encrypted. The software manufacturers were contacted and the technical 
personnel who wrote the program advised that, ``they had left no `back 
door' access to the product as this would adversely impact sales. The 
hallmark of the program's appeal is that it cannot be broken, even by 
those who created it.'' Agent Davis advised that his investigation was 
``halted'' due to the time and expense of a ``brute force attack''. The 
encryption program used was entitled ``watchdog.''
  Agent Davis also advised the subcommittee that password protection 
also presents problems for other types of investigators. In cases 
involving theft of drugs from an emergency room by a doctor, bribery/
extortion by a police officer, and the suicide by an 11 year-old boy 
after telling friends that he had been molested by a family friend, 
investigators encountered password protection. The first two cases were 
successfully resolved through assistance from the manufacturer of the
software.
  The third case, however, especially illustrates the seriousness of 
decryption problems--determining the unique key or in this case, 
password from a large number of possibilities. According to Agent 
Davis, a mere 4 character password has 1.9 million possibilities due to 
the number of keyboard characters. Can you imagine how difficult it 
must be to figure a short, 4 character password. What if the password 
were 10 characters or 20 or more? It's easy to see why criminals are 
moving toward password protection for their records.

--
Greg Broiles
gbroiles@c2.net
510-986-8779 voice
510-986-8777 fax