Copy Link
Add to Bookmark
Report
Networks and Community Compiled 016
NETWORKS AND COMMUNITY : feb 25, 1994
Networks and Community is devoted to encouraging
LOCAL resource creation & GLOBAL resource sharing.
The 10th report of 1994 is the 16th weekly survey.
-------------------------------------------------
This special issue is devoted to a discussion of several U.S.
government proposals to eliminate privacy for the average citizen,
including all users of the Internet and the phone system.
I will attempt to show that the Internet related proposal is so
flawed technically as to endanger the security of the country and
that the other proposals contribute to a possible loss of liberty
for all citizens.
While I am not a resident of the United States, I am an active user
of the internet and a promoter of its global utilization. In
particular as a advocate of civic networks I feel compelled to
point out how U.S. regulations and legislation will impact both the
U.S and other nations.
LEGISLATION
===========
The U.S. government, through the actions of various police and
intelligence agencies is undertaking a fundamental revision of the
traditional role of the state in the western industrial world .
Many of its activities related to privacy are being debated or
contested by users of the Internet. Many others are not.
Some of its efforts along this line have already been prevented by
an aware Congress. Hopefully the current crop will all be given a
very thorough examination; and where they lack merit - will be
rejected.
Of particular note among the already rejected efforts is the
legislative proposal introduced in January of 1993 by Robert
Solomon (R-NY). His bill, HR380, would have required intelligence
committee members and their staff to submit to random polygraph
testing to prevent unauthorized disclosure of matters being
considered by the committee. The bill was rejected because it
inverted the traditional role of Congress and the Federal Agencies.
It would have made congress subject to the decisions of individuals
who's only claim to representation of public it the fact that they
were public employees.
This week's arrest of Mr. Ames shows that mere employment - even
employment that requires regular submission to polygraph testing -
is no guarantee of loyalty to the best interests of the country.
Readers may recall that 2 weeks ago I raised exactly this issue of
the corruptibility of Intelligence staff in my discussion of the
clipper chip proposal.
Particularly noteworthy in the Ames case is the small amount of
money alleged to have been required to gain Mr. Ames assistance for
Russia. He may have been paid a princely $150,000 a year for his
efforts. That sum isn't even a drop in the bucket for any country
or reasonable sized business. For that pittance he is alleged to
have compromised the entire overseas intelligence network of the
U.S.
He may not have been the first official in his position to have
compromised U.S. intelligence. James Jesus Angleton, head of U.S.
counterintelligence for nearly 30 years, was removed from office
under a similar cloud of suspicion. I will return to the issue of
Mr. Angleton's removal at the end of this report.
FLAWS IN THE CLIPPER CHIP PROPOSAL
The clipper chip proposal suffers from numerous flaws. The most
devastating are technical. The most worrisome would result from the
consequences of its implementation.
TECHNICAL
This proposal is based on the use of a "split key encryption
system". Such systems are not uncrackable. Instead they are time
consuming to crack. But every set of keys is crackable by a well
known approach, given enough time. The security the system provides
lies in the technical fact that the average time to crack such a
set of keys with a particular computer is currently many years.
This does not mean that some keys won't be randomly cracked in a
few minutes. That can happen. Its just that on average the time
required might be many years.
Such a system normally permits the user to choose any key and to
change keys as often as the user desires. The adminstration's
proposal freezes the key once its chosen.
The ability to change keys provides the user with an additional
guarantee that even if his prior key was broken - his new key will
offer some assurance of privacy for a time.
The ability to choose any key permits the user to make his key
longer as the technical means of key cracking improves. The longer
the key the more time it takes to crack.
By freezing the key length and value the NSA provided proposal
guarantees that any country or company with sufficient money will
soon be able to crack any key rapidly.
The problem is simple - we are moving into an era of mutli-cpu
computers and of course the rate of change in computational power
is not slowing either.
The administration reports that the current scheme will take an
average of 35 years to crack. That's well and good - but they do
not report which computer chip that estimate was based on. Assuming
the fastest available chip was used; all that is needed to turn
the problem into just one days work, is a bank of 35 x 365
computers - or 12,775 computers. But wait. Machines are now on the
market that incorporate from 1,000 to 64 thousand cpu chips in a
single [ relatively inexpensive ] system. The 64k cpu system could
crack the code in about 3 hours on average.
In addition current lab systems using optical computing elements
look like they will provide a 1,000 fold increase in power within
the next 5 years. That would take the current scheme and make it
possible for a 64Kcpu system to crack the codes in under 1 second.
So any foreign nation or large corporation with some money and some
technical skill could just capture as much traffic as feasible and
then save it for a few years before being able to examine it at
will. This saving of old traffic has already been done and proved
useful by the allies. They found material captured during the
second world war and then stored; to be of use even decades later.
At the same time those nasties could systematicly attack the codes
used by their major competitors or rivals. You know, 3 hours and
you've got all the IBM traffic another 3 hours and you've cracked
the White House flows.
This flaw is fundamental to the proposal. But other problems of a
technical nature also exist.
1. Where are the keys kept.
The keys are to be kept with 2 separate agencies. Those agencies
are unfortunately both vitally linked to the intelligence
community.
NIST has long acted as a front agency for the NSA. Its cover
identity allows NSA staff to attend conferences without arousing
suspicion from wary academics and business people. The current
budget request an near doubling of the level of funding for NIST.
TREASURY is the home of the Secret Service and INTERPOL.
2. How are the keys sent and received.
They will be networked. So little wires will come out of the back
of each black box. Its efficient, but since these devices will be
kept in heavily guarded locations who will know just were the other
connections on this network are. There could for instance be more
than 2 boxes produces. None of us will ever be in a position to
know.
3. Who will guarantee that the keys won't be captured in transit.
They could be easily duplicated and sent to other machines.
REBIRTH OF THE DOMESTIC INTELLIGENCE STATE
These flaws are not trivial. But any scheme that attempts to meet
both the needs of police and of the citizenry will be flawed.
The danger lies in the natural tendency of policing agencies to
suspect everyone. It comes with the territory. The problem is not
new.
In 1989, William W. Keller, on the staff of the congressional
Office of Technical Assessment's program on international security
- which was examining the problem of international terrorism,
published an important study. His book is "The Liberals and J.
Edgar Hoover - RISE AND FALL OF A DOMESTIC INTELLIGENCE STATE. He
wrote it because he became fascinated by the history of counter
terrorism work in the U.S. In it he articulately and carefully
shows how a well intentioned FBI program to defend black civil
rights in the south turned into the Legendary COINTELLPRO program.
Congress dismantled the program once its excesses were exposed.
That program did not go forward without high level approval. The
highest level Justice official to approve it is now the U.S.
Secretary of State.
Mr. Keller closes his book with a warning that the domestic
intelligence state could return. He points out that new technology
will make it even harder to control if its starts up again. I think
his warning was prescient and needs attention now.
In the past both Congress and the White House have been subject to
monitoring and manipulation by elements of the police and
intelligence community.
THE DANGER FOR CONGRESS
During the Hoover years every phone in congress was taped.
Hoover liked to greet freshman congresspersons and let it slip that
he was privy to a conversation they recently had with someone in
the Halls of congress. This trick was made possible by the phone
taps. Someone calling an associate and reporting a conversation
made this possible.
It put the fear of Hoover and the mistrust of other congress people
uppermost in the minds of a freshman. The information from taps was
also used for planning on bills the community wanted passed over
opposition.
The Church committee hearings delved into these matters. Much was
covered in closed sessions. The final public report sanitized the
findings and reported that only 5 people had their phones tapped.
Any congressperson with suitable clearances can examine the
committee minutes in the classified stacks of the Library of
Congress. But most current congressional reps don't have the
clearances and were not serving at the time those hearings took
place. So history gets lost and forgotten.
At the very least Congress should not permit "low level" [ to use
Mr. Gore's disingenuous description of those making decisions on
the clipper chip proposal ] officials to choose its security system
for data services. Each office would be best served by purchasing
its own facilities. Preferably a software based system that was
more generally usable.
THE DANGER FOR THE WHITEHOUSE
As the ensign Radford incident shows, - during the Nixon years -
anxious members of the military were not beyond taping White House
phones when they are uncomfortable with administration positions
or actions. President Kennedy would have sensitive discussions
while walking in the White House garden. He was convinced that his
offices were tapped.
THE DANGER FOR THE INTELLIGENCE COMMUNITY
As the Ames case and the many that have gone before it show -
information made secret for whatever reason, becomes the target of
espionage. With the secrets of commerce and civic discourse
available to the intelligence community they too will become
targets. The next Mr. Ames will endanger far more the espionage
establishment if the clipper chip proposal and its companion bills
are passed.
THE DANGER FOR INDUSTRY AND COMMERCE
As I have previously pointed out. The intelligence and police
communities are too easily corrupted to be trusted with the
capacity to capture and reveal the private actions of American
firms. The problem is that their work breeds cynicism. While most
staff accept the cynicism and serve honourably; it only takes a few
dishonest individuals to subvert the commercial future of the U.S.
Those few having grown cynical, become greedy. The rest as they say
is "history".
THE DANGER FOR CIVIC DISCOURSE
The right of citizens to work on legislation or to engage privately
in any activity is paramount to a well functioning society. The
tendency of police states to evolve - as Mr Keller warns - is a
constant danger to the exercise of such rights by the citizenry.
Traditional police work cracked the World Trade Center bombing. It
will serve equally well in the future.
WHAT ACTION CAN BE TAKEN TO PROMOTE NATIONAL SECURITY
and PERSONAL OR COMMERCIAL PRIVACY
The most appropriate action - after reject this bill and the
companion bills on telecom and FBI rights to obtain personal
records without a court hearing - is to encourage additional
research on cryptographic security systems. The results should be
incorporated in technology including software that is readily
available. If the U.S. does not keep up with technical advances its
capacity to both defend itself and compete commercially will be
irreparably damaged.
There are many promising areas for research in improved security
systems. With a diversity of systems available it really does
become possible to attempt to safeguard governmental, commercial
and individual privacy. Many systems makes cracking more difficult.
Modernizing systems also helps prevent intrusion. As anyone who
has ever dealt with a virus on his system knows. The most
unexpected things can turn up on your system. Unless you can defeat
efforts to harm you or steal your secrets - you are vulnerable.
Cryptography defeating systems will evolve just as readily as
viruses. Only ongoing research will defeat these dangers.
ANOTHER LESSON FROM THE PAST
I mentioned the case of Mr Angleton earlier. There may be a lesson
to be learned from it. Mr Angleton effectively disrupted the U.S.
and allied intelligence communities for decades through his
excessive paranoia and his incompetent methods. He was finally
stopped when one official, Clare George, [ staff to the CIA ] wrote
a report pointing out that it really didn't matter if Mr Angleton
was sincere or a Soviet Mole. His behaviour was as disruptive as
if he was in fact a mole. Mr George's report was acted on.
Mr Angleton was retired, given a good pension, and other
indications of the appreciation of a grateful republic.
Perhaps the various groups responsible for this round of dangerous
nonsense should also be examined. It just might be the case that
they too deserve early retirement, a good pension, and the thanks
of a grateful republic.
==============================================
NETWORKS and COMMUNITY is a public service of FUTURE DATA; but this
issue is entirely the responsibility of Sam Sternberg
<samsam@vm1.yorku.ca>
.