Wired News
Monday, June 8, 1998

Crypto Kills -- Really, It Does

At a Washington conference, a senior DOJ official made a dramatic case for the government's desire for a back door into scrambled information: The more strong crypto spreads, the more people will die.

by James Glave,

WASHINGTON -- A senior Department of Justice official pulled no punches in spelling out the federal government's case in pushing for a "back door" that would give law enforcement access to all encrypted communications transmitted in the United States.

Robert Litt, principal associate deputy attorney general, turned to drama to make his point at the 1998 EPIC Cryptography Conference, before a skeptical audience of approximately 250 crypto and security experts.

"We can count on the fact that the spread of strong encryption is going to mean that lives are going to be lost", Litt said. "People are going to be at greater risk because it is going to compromize law enforcement's ability to investigate [crimes]."

Jim Bidzos, chief of RSA Data Security and a tough critic of federal encryption policy, responded at a luncheon keynote that Litt's argument is akin to saying that since cars go fast and motorists sometimes die in accidents, automobiles should be banned.

"We have an investment in infrastructure in the form of hospitals, because cars that only go 5 mph are not acceptable", he said.

US government policy has long held that strong encryption ought to be limited because it poses a threat to public safety and national security. The qualities that make hard-to-crack encryption desirable as ecommerce expands -- allowing consumers to communicate and carry out transactions beyond the reach of eavesdroppers or thieves -- make the technology a menace when used by criminals, spies, and other ne'er-do-wells, the government argues.

That view of the issue has led the FBI and the National Security Agency to push for a mandatory system of real-time domestic key recovery -- a regime under which police and prosecutors could get quick access to both stored and transmitted encrypted data. The insistence that federal law should require such a built-in back door to Americans' private data has discouraged congressional efforts to enact a more liberal policy.

At a Monday panel discussion on the future of crypto policy, Litt tried to dispel what he called some of the biggest myths surrounding the government's code-breaking capabilties.

Litt claimed that law enforcement officials need data back doors because encoded evidence of criminal activity is very difficult for government agencies to crack. He cited the recent distributed-computing 56-bit challenge, which required thousands of Pentium computers to break a single encrpyted message.

"[It is a myth that] we have supercomputers that can crack anything that is out there", Litt said.

"Let me put the technical problem in context: It took 14,000 Pentium computers working for four months to decrypt a single message.... We are not just talking FBI and NSA [needing massive computing power], we are talking about every police department"

Cryptographers openly snickered at Litt's suggestion that the National Security Agency, whose computing and surveillance resources are believed to be enormous, faces the same computing crunch as local police departments.

"Litt is either lying or incompetent", said Bruce Schneier, president of Counterpane Systems. He added that the computing power that the National Security Agency devotes to decryption -- documented in 1983's The Puzzle Palace by James Bamford -- is unparalleled.

"It is a simple matter of engineering, and it is not even hard engineering", said Schneier. "[Connected Pentiums] is not the way you do it, and using that as an example is disengenous."

Representative Bob Goodlatte, author of a bill that would ban mandatory key recovery and ease restrictions on exporting software equipped with strong crypto, told the conference the fight to pass the legislation will continue.

"We need to keep pushing this legislation forward, the administration has continuously run a game of 'running out the clock in Congress'. We need to build up the momentum again to move forward", Goodlatte said.

He emphasized that loosening tight export restrictions -- a policy designed to prevent hostile countries from hiding their communications from the National Security Agency -- is imperative. The policy is widely believed to be only bolstering encryption industries beyond America's borders.

"We are faced with a situation where rapidly changing market conditions around this are putting US companies at a significant disadvantatge in this industry", he said.

Copyright © 1998 by Wired Ventures Inc. All Rights Reserved. Reprinted with permission.