[1526] in cryptography@c2.net mail archive
Defense expert: crypto escrow endangers national security
daemon@ATHENA.MIT.EDU (Mark Hedges)
Thu Sep 18 14:12:01 1997
Date: Thu, 18 Sep 1997 10:55:08 -0700 (PDT)
From: hedges@infonex.com (Mark Hedges)
To: cryptography@c2.net
18 Septmber, 1997
Greetings, concerned cryptographers,
Michael Wilson, the winner of the National Defense University's Sun Tzu
award, asserts that cryptographic key escrow would endanger national
security far more than it would help the fight against crime and
terrorism. I interviewed him extensively. His information warfare
thinktank, 7Pillars Partners, publishes their web pages and discussion
forums with Infonex Internet Inc. A press release follows.
I haven't subscribed cryptography@c2.net to the press release mailing
list, but please ask if you would like to be on the list.
Sincerely,
Mark Hedges
VP Infonex Internet Inc.
hedges@infonex.com
P R E S S R E L E A S E
INFONEX AND 7PILLARS
9/18/97
For Immediate Release
Contact: Mark Hedges Infonex Internet Inc.
(619) 667-7969 (ph) Anonymizer Inc.
(619) 667-7966 (fx) 8415 La Mesa Blvd. Ste. 3
hedges@infonex.com La Mesa, CA 91941
Michael Wilson 7Pillars Partners
5514706@mcimail.com www.7pillars.com
DEFENSE EXPERT ASSERTS: KEY ESCROW ENDANGERS NATIONAL SECURITY
Michael Wilson has over fifteen years experience in information and
infrastructure warfare as a field operations professional, and recently
won the National Defense University Sun Tzu Award for his work. He
agrees that mandatory cryptographic key escrow and key recovery endanger
national security. Individual and private maintenance of strong
cryptographic systems, he claims, are essential to the protection of the
United States' government and people.
"Escrow and government involvement," says Wilson, "are antithetical
positions to safety, security, and, incidentally, reliability and
serviceability [of cryptographic systems]. How many billions of dollars
are lost per year to industrial espionage because the data that gets
moved around isn't secure? How much downtime from viral or hacker attack
could be prevented by using cryptography in building real defensive
systems?
"As far as I can see, the real criminals are those supporting escrow, or
blocking cryptography's use by the market -- they are allowing a
situation to persist that perpetuates the risk. Escrow negates the
strength of ciphersystems. Back doors will be discovered and will work
against everyone."
With distributed, independent maintenance of cryptography, the whole
body of information in the U.S. is much more secure. Wilson has studied
the subject extensively, and his work is used in training top military
intelligence officers. "Escrow only shifts the points of attack, and in
fact, once you've subverted escrow, you have the keys to the candystore.
This is like the Ames case in the U.S. -- by subverting the counter-
intelligence arm of the CIA, the Soviets/Russians were able to run their
own operations without worry, and able to close down any real threats.
It took a great many years to catch Ames, long after the major damage
was done, and long after it was even suspected that there was a mole in
the Agency.
"What makes anyone think the escrow agency will be any more secure?
After all, if the NSA were doing its job in the first place (in their
charter they are also given the responsibility of protecting U.S.
security and integrity with technology), this wouldn't be an issue. But
the job isn't possible; solutions to security issues aren't going to
come from the government, but from the free market."
The law enforcement agencies and intelligence community say that
unregulated cryptography will aid criminals. Says Wilson, criminals
"already have cryptography in place. What needs protecting is everyone
else, and cryptography is the best way to secure the systems." With
mandated key escrow or key recovery, he says, the government assumes
"somehow the terrorist isn't going to have any tradecraft, and so will
use the escrow, from a stable, known phone, to discuss plans, and not in
code...as for what escrow supposedly 'buys' you, well, it reminds me of
a comment about the law. You shouldn't make a law because of a small
number or even an isolated case -- yet escrow is intended to 'fix' a
very small number of problems by creating an even larger set of
problems. Given a small set of problems, it creates an inelegant
solution, and then mandates that as the only solution."
An increasing information warfare threat, posits Wilson in his paper
"Waging IWAR", is viral attack of computer systems through use of active
and dynamic software. In the paper, he says "cryptography will soon be
an essential tool" to combat viral and other computer infiltration
attacks. Using cryptography, Wilson designed a computer hardware and
operating system which was 100% resistant to over 200 known computer
viruses, and some which he programmed himself for the test. Such a
system is currently unmarketable, he says, because cryptography is
treated as munitions by the intelligence agencies. "The criminal
conduct of the intelligence and law enforcement community in their
persistent attempts to control cryptography mean that it can't be well
integrated into systems as a basic enabling technology."
Infonex is a firm which provides security, privacy, anonymity and free
speech tools to the world-wide Internet community. 7Pillars is a
private defense thinktank specializing in information, infrastructure,
conventional and political warfare. 7Pillars publishes their web
pages and public forums with Infonex. To subscribe to the IWAR mailing
list, send e-mail to iwar-request@infonex.com with the word "subscribe"
in the body of the message. See the 7Pillars web pages at
www.7pillars.com for essays and other information.
