New encryption laws for e-mail unlikely

posted onOctober 8, 2001
by hitbsecnews

As lawmakers re-examined the nation's security in
the aftermath of Sept. 11th's terrorist attacks, the
liberal encryption policy established by the Clinton
administration appeared to be a likely target for
change.

After all, some reasoned, the policy makes it possible
for anyone -- including possible terrorists -- to send
secret e-mails cloaked by codes so strong the
National Security Agency can't crack them.

But now it appears that no crackdown on encryption
programs is coming.

The technology industry and others who fought for years for free encryption
were alarmed when, shortly after the attacks, Sen. Judd Gregg, R-N.H.,
suggested giving the federal government the keys to unscramble everyone's
encoded messages.

In a Senate speech, Gregg called for a system known as "key escrow," in
which all the keys are stored in a database that authorities could access with
a court order.

But the Department of Justice -- in the past the leading proponent of such
limits -- did not mention encryption when it asked Congress for expanded
surveillance powers for fighting terrorism.

"It's not going to happen," said Stewart Baker, a Washington, D.C.,
technology lawyer and former general counsel to the NSA. "The Bush people, who
watched the Clinton administration struggle with that unsuccessfully for years,

aren't going to revisit this."

Gregg has yet to put his idea into a bill, and staffers say he has no
specific plans to do so soon.

"I'm feeling more and more confident each day that it won't be (introduced),
" said Rep. Bob Goodlatte, R-Va., who pushed for liberalized encryption laws
the first time around.

"I think that time is on our side on this. If it was on the table ready to
go right after the attack, such legislation probably would have had a better
chance of passing. But as time goes on, there's more time to contemplate its
full effects," said Phil Zimmermann, a computer programmer who created Pretty
Good Privacy, the most widely used e-mail encryption program.

Encryption is used in all kinds of Internet programs. Web browsers like
Internet Explorer and Netscape use it to make secure online credit card
transactions possible.

Before January 2000, government regulations made it difficult or impossible
to export programs containing strong encryption. The tech industry and civil
liberties advocates battled lawmakers' concerns, eventually convincing the
Clinton Administration to lift the restrictions -- without establishing any
kind of "back door" through which law enforcement could spy.

Zimmermann and legislators who fought this battle the first time around say
that the key escrow plan Gregg has advocated would not only diminish the
privacy of individual e-mail users, but that it wouldn't achieve its goal.

Terrorists probably wouldn't use encryption to which U.S. officials had the
keys, said Goodlatte, who co-chairs the Congressional Internet Caucus. U.S.
authorities wouldn't get the keys to encryption products made in other
countries, for example.

"Anybody bent on misusing encryption could buy it from hundreds of foreign
sources or create it themselves," said Goodlatte. "It's been revealed that
(Osama bin Laden) has some very top-notch software engineers."

The plan could also endanger the security of everyone who uses encryption,
critics say.

"The escrow or recovery mechanisms themselves may actually be compromised
by criminals," warned members of the Association for Computing Machinery, a
New York society for technology professionals. Hackers who broke into the
database where the keys were held might use the keys to compromise millions of
computers.

While spokesman Brian Hart said Gregg has gotten some positive feedback
from other lawmakers, no one has seconded his idea publicly.

"Gregg seems to be an isolated case," said Bruce Heiman, a Washington
attorney who serves as executive director of Americans for Computer Privacy, a
technology industry group.

Sen. Conrad Burns, R-Mont., has joined Goodlatte in speaking out against
encryption limitations.

Like Goodlatte, Burns pushed for liberalized encryption laws in the 1990s.

Others who joined their fight are still in Congress, such as Rep. Zoe
Lofgren, D-San Jose and Sen. Pat Leahy, D-Vt.

But one of the major proponents, former Missouri Sen. John Ashcroft, is now
the attorney general.

"Ashcroft was on our side at that time. It could be that maybe that's why
we're not seeing something from the Justice Department specifically about
encryption," Zimmermann said.

E-mail Carrie Kirby at ckirby@sfchronicle.com..

SF Gate.

Source

Tags

PDAs

You May Also Like

Other Articles In This Section

Recent News

Friday, November 29th

North Korean hackers posing as IT workers steal over $1B in cyberattack
OpenAI is at war with its own Sora video testers following brief public leak
Found on VirusTotal: The world’s first UEFI bootkit for Linux

Tuesday, November 19th

CISA Director Jen Easterly, in Place Since 2021, to Step Down
Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme
WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Friday, November 8th

North Korean hackers target cryptocurrency with malware
Man sick of crashes sues Intel for allegedly hiding CPU defects
Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Friday, November 1st

Youth of today say passwords are old news, passkeys are the future
Chinese attackers accessed Canadian government networks – for five years
OpenAI launches ChatGPT with Search, taking Google head-on
Here’s the paper no one read before declaring the demise of modern cryptography
Not just ChatGPT anymore: Perplexity and Anthropic’s Claude get desktop apps

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes