[3118] in cryptography@c2.net mail archive
nev@bostic.com: Top Pentagon official declares no one has a right to secrecy.
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Thu Jul 30 16:29:51 1998
To: cryptography@c2.net
Date: Thu, 30 Jul 1998 16:25:54 -0400
From: "Perry E. Metzger" <perry@piermont.com>
--Multipart_Thu_Jul_30_16:25:54_1998-1
Content-Type: text/plain; charset=US-ASCII
--Multipart_Thu_Jul_30_16:25:54_1998-1
Content-Type: message/rfc822
Date: Thu, 30 Jul 1998 13:05:00 -0400 (EDT)
From: nev@bostic.com
Message-Id: <199807301705.NAA02437@mongoose.bsdi.com>
To: nev@bostic.com (/dev/null)
Subject: Top Pentagon official declares no one has a right to secrecy.
Forwarded-by: Chuck Yerkes <chuck@Yerkes.com>
Forwarded-by: David HM Spector <spector@zeitgeist.com>
Pentagon: No Right to Secrecy
by Michael Stutz
6:45pm 29.Jul.98.PDT The Pentagon's top civil servant believes that no
two people in the world have a "God-given right" to communicate in
total secrecy, according to information made public this week.
US Deputy Secretary of Defense John Hamre also told Fortune 500
company officials in a speech last week that the government was in
talks with Netscape Communications and other software firms about
facilitating law enforcement access, under court order, to scrambled
information sent over the Net.
The text of Hamre's speech to chief information officers in Aspen,
Colorado, was made available online Tuesday.
Hamre addressed the issue of crypto export controls, long a thorn in
the side of Silicon Valley computer security companies. Industry
leaders see the controls, which strictly limit the export of strong
data-scrambling software and hardware, as generating an unfair
advantage for overseas competitors.
But the Department of Defense and intelligence agencies like the FBI
and the National Security Agency believe strong crypto poses a threat
to national security because it would allegedly allow terrorists to
communicate in secret.
Software industry leaders counter that such terrorists already have
access to strong encryption that has been developed overseas --
ironically, a likely result of the US policy.
"I'd also ask American business not to make a campaign out of just
trying to bust through export controls as though somehow there was a
God-given, inherent right to send the strongest encryption to anybody
in the world, no matter who they are," Hamre said.
"I don't agree with that. I will never agree with that."
The US government currently forbids the export of products with
encryption stronger than 56 Kb unless they have "key recovery," a
means by which law enforcement, armed with a court order, could
recover the scrambled information. Civil liberties organizations, such
as the Electronic Frontier Foundation, have battled that plan for
years.
"I would ask you to step past this debate that we're having on cyber
liberties vs. law enforcement," Hamre said. "We're going to have to
get to a more sophisticated understanding of this problem, and we
don't have a lot of time.
"I do not believe that it's more important to protect ourselves
against terrorists if it means it comes at the expense of civil
liberties in the United States," Hamre said.
Hamre admitted that strong encrpytion was dangerous but also essential
to protecting the country's communications and enabling commerce and
secure transmissions on the Internet.
"We have to protect ourselves in this environment and it's got to be
with encryption and some form of security management, key recovery in
our case," Hamre said. "But we're going to make it voluntary.... It's
something we all have to do, frankly, for the country."
In helping to build the information security architecture, Hamre said
the government has entered into contracts with a number of technology
firms, including Netscape.
"We've entered into contracts with a number of large houses to help us
bring that [voluntary key recovery] architecture. We'll get the first
one running this fall with Netscape, and hopefully, it'll be
operational in October," he said.
Netscape was unavailable for comment.
Hamre went on to say that 56-bit encryption was good enough for most
applications.
"I mean, there isn't anybody in the world that could routinely bust
that level of encryption in the same time sequence it takes to issue
it," he said. "[W]e're not prohibiting anybody from using enormously
strong encryption today."
Earlier this month, the Electronic Frontier Foundation announced it
had built a system for less than US$250,000 that could crack a 56-bit
encoded message in fewer than three days.
Despite his reservations about strong crypto, which could protect
critical systems, Hamre said that the nation is currently "wide open
to attack electronically."
He revealed further details of Operation "Eligible Receiver," a
Defense Department information warfare exercise conducted last
year. The Pentagon hired a team of 30 to 35 crackers to see how far
they could penetrate government and critical infrastructure systems.
The hackers worked for three months, using only off-the-shelf hardware
and software and programs downloaded from what Hamre characterized as
"hacker Web sites."
"We didn't really let them take down the power system in the country,
but we made them prove that they knew how to do it," he said.
Hamre admitted that the Defense Department is "surprisingly
vulnerable" as well, since most government communication is now
conducted over commercial channels.
--Multipart_Thu_Jul_30_16:25:54_1998-1--
