Cryptography's Role in Securing the Information Society (1996) / Chapter Skim
Currently Skimming:
Needs for Access to Encrypted Information
Needs for Access to Encrypted Information
Pages 79-110
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 79... ...
Businesses and individuals may want access to encrypted data or communications for their own purposes and thus may cooperate in using products to facilitate such access, while law enforcement and national security authorities may want access to the encrypted data or communications of criminals and parties hostile to the United States. 3.1 TERMINOLOGY It is useful to conceptualize data communications and data storage using the language of transactions.
|
From page 80... ...
Exceptional access can be divided into three generic categories: • Government exceptional access refers to the case in which government has a need for access to information under specific circumstances authorized by law. For example, a person might store data files that law enforcement authorities need to prosecute or investigate a crime.
|
From page 81... ...
The need for exceptional access when the information stored or communicated is encrypted has led to an examination of a concept generically known as escrowed encryption (the subject of Chapter 5) , which, loosely speaking, uses agents other than the parties participating in the communication or data storage to hold copies of or otherwise have access to relevant cryptographic keys "in escrow" so that needs for end-user, corporate, and government exceptional access can be met; these agents are called escrow agents.
|
From page 82... ...
Additionally, in a 1992 Miami raid, which directly resulted from wiretaps, agents confiscated 15,000 pounds of cocaine and arrested 22 subjects. • The investigation of convicted spy Aldrich Ames relied heavily on wiretaps ordered under Foreign Intelligence Surveillance Act authority.
|
From page 83... ...
1Statement of James K Kallstrom, Special Agent in Charge, Special Operations Division, New York Field Division, Federal Bureau of Investigation, on "Security Issues in Computers and Communications," before the Subcommittee on Technology, Environment, and Aviation of the Committee on Science, Space, and Technology, U.S.
|
From page 84... ...
Although the potential problems of denying law enforcement access to communications has been the focus of most of the public debate, encryption of data files in a way that denies law enforcement authorities access to data files relevant to criminal activity arguably presents a much larger threat to their capabilities. 3.2.2 The Legal Framework Governing Surveillance An evolving legal framework governs the authority of government authorities to undertake surveillance of communications that take place within the United States or that involve U.S.
|
From page 85... ...
These additional requirements are specified in Title III and are enforced by criminal and civil penalties applicable to law enforcement officials or private citizens, and by a statutory exclusionary rule that violations of the central features of requirements may lead to suppression of evidence in a later trial, even if such evidence meets the relevant Fourth Amendment test. Because of the resources required, the administrative requirements for the application procedure, and the legal requirement that investigators exhaust other means of obtaining information, wiretaps are not often used.
|
From page 86... ...
In addition, the statutory exclusionary rule of Title III for oral and wire communications does not apply to electronic communications. Despite the legal framework outlined above, it is nevertheless possible that unauthorized or unlawful surveillance, whether undertaken by rogue law enforcement officials or overzealous private investigators, occurs.
|
From page 87... ...
.9 Domestic Communications Surveillance for Foreign Intelligence Purposes The statute governing interception of electronic communications for purposes of protecting national security is known as the Foreign Intelligence Surveillance Act (FISA) , which has been codified as Sections 1801 to 1811 in Title 18 of the U.S.
|
From page 88... ...
The targeted communications need not relate to any crime or be relevant as evidence in court proceedings. • In most instances, a FISA surveillance application requires a warrant based on probable cause that foreign intelligence information will be collected.10 Surveillance of a U.S.
|
From page 89... ...
Real-time decryption is often essential so that law enforcement can rapidly respond to criminal activity and, in many instances, prevent serious and life-threatening criminal acts.11 11Statement of James K Kallstrom, Special Agent in Charge, Special Operations Division, New York Field Division, Federal Bureau of Investigation, on "Security Issues in Computers and Communications," before the Subcommittee on Technology, Environment, and Aviation of the Committee on Science, Space, and Technology, U.S.
|
From page 90... ...
In some instances, the longer time scale is relevant: because Title III warrants can be issued only when "probable cause" exists that a crime has been committed, the actual criminal act is committed before the warrant is issued, and thus prevention is no longer an issue. In other instances, information obtained under a valid Title III warrant issued to investigate a specific criminal act can be used to prevent a subsequent criminal act, in which case the shorter time scale may be relevant.
|
From page 91... ...
(Appendix D contains more detail on how electronic communications are treated under Title III.) Federal law enforcement authorities believe that encryption of communications (whether voice or data)
|
From page 92... ...
For example, the Cybersnare sting operation resulted in the arrest of six individuals who allegedly stole cellular telephone numbers en masse knowing that their conversations are immune from our most valued investigative technique."15 In addition, the initial draft of the digital telephony bill called for telephone service providers to deliver the plaintext of any encrypted communications they carried, a provision that was dropped in later drafts of the bill.16 15See the Prepared Statement of Louis J Freeh, Director, Federal Bureau of Investigation, for the Federal Drug Law Enforcement Hearing before the House Judiciary Committee, Subcommittee on Crime, U.S.
|
From page 93... ...
FBI Director Freeh has noted publicly17 two instances in which encrypted files have already posed a problem for law enforcement authorities: a terrorist case in the Philippines involving a plan to blow up a U.S. airliner as well as a plan to assassinate the Pope in late 1994,18 and the "Innocent Images" child pornography case of 1995 in 17Speech of FBI Director Louis Freeh, before the International Cryptography Institute 1995 conference, Washington, D.C., September 21, 1995.
|
From page 94... ...
On the other hand, while the nature of the problem itself is the same in both instances, the ease and convenience of electronic encryption, especially if performed automatically, may increase the frequency with which encryption is encountered and/or the difficulties faced by law enforcement in cryptanalyzing the material in question without the cooperation of the criminal. Finally, the problem of exceptional access to stored encrypted information is more easily solved than the problem of exceptional access to encrypted communications.
|
From page 95... ...
and its relationship to COMINT. 22Office of the Press Secretary, The White House, "Remarks by the President to Staff of the CIA and Intelligence Community," Central Intelligence Agency, McLean, Va., July 14, 1995.
|
From page 96... ...
intelligence. SIGINT produced timely command and control intelligence and specific signal information to support electronic warfare; IMINT provided precise locating information to permit precision bombing, together with HUMINT; SIGINT and IMINT provided the field commands with an unprecedented degree of battlefield awareness.
|
From page 97... ...
intelligence is intended to provide analytical support to senior policy makers rather than field commanders. In this role, strategic or national intelligence serves foreign policy, national security, and national economic objectives.
|
From page 98... ...
For instance, if a foreign official writes about plans in a message and the United States intercepts it, or if he discusses it and we record it with a listening device, those verbatim intercepts are likely to be more reliable than second-hand reports from an agent."30 He also noted that "as we increase emphasis on securing economic intelligence, we will have to spy on the more developed countries -- our allies and friends with whom we compete economically -- but to whom we turn first for political and military assistance in a crisis. This means that rather than instinctively reaching for human, on-site spying, the United States will want to look to those impersonal technical systems, primarily satellite photography and intercepts."31 Today, the United States conducts the largest SIGINT operation in the world in support of information relevant to conventional military threats; the proliferation of weapons of mass destruction; terrorism; enforcement 28Center for Cryptologic History, National Security Agency, Introductory History of VENONA and Guide to the Translations, Fort George G
|
From page 99... ...
• In September 1988, President Ronald Reagan made the decision to disclose NSA decrypts of Iraqi military communications "to prove that, despite their denials, Iraqi armed forces had used poison gas against the Kurds."33 The information provided by SIGINT has helped to produce information on weapons proliferation, providing indications of violations of treaties or embargo requirements. SIGINT has collected information on international terrorism and foreign drug trafficking, thereby assisting in the detection of drug shipments intended for delivery to the United States.
|
From page 100... ...
Sanger, "When Spies Look Out for the Almighty Buck," New York Times, October 22, 1995, p.
|
From page 101... ...
The result is that the intelligence community gears itself to serve those decision makers who will demand the most from it, and is loath to surrender sources and/or capabilities that may prove useful to decision makers. Since the benefits of strategic intelligence are so subjective, formal cost-benefit analysis cannot be used to justify a given level of support for intelligence.
|
From page 102... ...
Both foreign policy and law enforcement authorities regard surreptitiously intercepted communications as a more reliable source than information produced through other means. Surveillance targets
|
From page 103... ...
Many parties targeted for electronic surveillance for foreign policy reasons or by law enforcement authorities lack the resources to develop their own security products, and are most likely to use what they can purchase on the commercial market. • Allocation of resources for collection.
|
From page 104... ...
Domestic law enforcement authorities are bound by constitutional protections and legislation that limit their ability to conduct electronic surveillance. National security authorities operate under far fewer legal constraints in monitoring the communications of foreign parties located outside the United States.
|
From page 105... ...
A number of corporations provided input to the committee indicating that for entirely legitimate business reasons (e.g., for resolution of a dispute between the corporation and a customer) , an employer might need to learn about the content of an employee's communications.
|
From page 106... ...
Many, though certainly not all, businesses require prospective employees to agree as a condition of employment that their communications are subject to employer monitoring under various circumstances.43 It is a generally held view among businesses that provisions for corporate exceptional access to stored data are more important than such provisions for communications.44 For individuals, the distinction is even 41For example, employees with Internet access may spend so much time on nonworkrelated Internet activities that their productivity is impaired. Concerns about such problems have led some companies to monitor the Internet activities of their employees, and spawned products that covertly monitor and record Internet use.
|
From page 107... ...
The compa ny began an investigation of this individual in cooperation with law enforcement authorities in Nation B, and in due course, legal authorization for a wiretap on this individual using company facilities was obtained. The company cooperated with these law enforcement authorities in the installation of the wiretap.
|
From page 108... ...
It is conceivable that the government, for national security purposes, might seek exceptional access to such capabilities for offensive information warfare (see Chapter 2) ; however, public policy should not promote these capabilities, because such access could well undermine public confidence in such cryptographic mechanisms.
|
From page 109... ...
These needs for exceptional access to encrypted information may arise from businesses, individuals, law enforcement, and national security, and these needs are different depending on the parties in question. Encryption that renders such information confidential threatens the ability of these third parties to obtain the necessary access.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.