July 21, 1998

ENCRYPTION FOR THE RICH DOES NOT RELIEVE POLICY PROBLEMS

by Andy Oram
American Reporter Correspondent

CAMBRIDGE, MASS.—A feature in a network routing device usually makes news in just a small segment of the trade press. But on July 13 an unusually wide range of technical publications reported a new standard for secure data transmission. It would have been more to the point to declare the bankruptcy of the U.S. government’s policy on encryption and data security—because that’s all that the new standard shows.

Computer companies are becoming desperate over government restrictions on encryption. All their major customers want strong encryption products to protect their financial, sales, and personnel information. Businesses are holding back on the deployment of computers and networks until such products become available. And as the manufacturers tend their stunted markets, they worry daily that some country without the outdated restrictions will snap up business that American companies are ready to serve.

For decades, the export of encryption has been restricted by the U.S. Commerce Department as if it were a weapon. While evidence points to the use of encrypted email by the group that caused an explosion in the World Trade Center and other criminal elements, encryption is a much more general technology—one that can protect your credit card number or personal message as you send it over the Internet.

Citing fear of encryption’s domestic use, law enforcement and the Clinton administration have been pushing various forms of “key recovery” systems for the past five years. Let us get keys when we need them, says the government, and we’ll let you export industrial-strength encryption.

In this uncomfortable regulatory environment, the new security feature was announced by Cisco Systems, the leading vendor of network routers, and supported by 12 other companies. Its principle is simple: encryption is performed in the router instead of by the end user.

In a typical business using this router, a user at a PC would compose an electronic mail message and send it through a hub system to the router, where each packet is encrypted. The router at the other end, in another office of the same business (or perhaps a partner company) would decrypt the data and pass it on. The message would travel between end-user and router in plain text (that is, a form anybody on the network could read) but since each router would be on a local area network along with the end users, the danger of malicious interception would be tiny.

Most encryption up to now has been done by users. They may invoke a stand-alone program like Pretty Good Privacy, press a button to use encryption built into the application (as is now done by many email programs and Web browsers), or use a high-level protocol that encrypts the data before passing it to the lower “network” layer where the router operates.

So the new router feature encrypts each packet at the network layer instead of at the application layer. Conveniently, a new standard called IPSec provides the protocols and headers for encryption at this layer. However, I don’t believe the designers of IPSec planned on it being used for router encryption; they explicitly call for encryption in the computer where the user logs in, or by individual users. (They recognize that people have a right to send messages that are not read by bosses and coworkers.)

The new system makes plain text available to employers, as well as to law enforcement agencies with proper warrants. Upon receiving a legal wiretap request, the system administrator on a router can type a few commands that duplicate the data stream from the suspected criminal. In addition to encrypting it and sending it on, the router sends each plain text packet to the law enforcement officers. They, presumably, are happy to receive thousands of randomly ordered packets and reassemble them to get the evidence they are looking for.

With that proviso, Cisco and its partners will now make data privacy available to anyone who can afford two or three thousand dollars for a router. While they explicitly call it a business-to-business solution (a view confirmed to me by a Cisco spokesperson) the reason it’s getting press is the hint that it may provide a way out for a government whose encryption policy is looking more and more absurd.

The Cisco White Paper suggests that the feature could be installed at an Internet service provider (which uses routers to transmit its customers’ data). Average home users would thus depend on the service provider to protect their data, and would have to accept that law enforcement agents could get access to it.

Wired’s online site quotes an FBI spokesperson giving tentative support to the idea. I sense that the FBI did not have time to evaluate the proposal before commenting, though. A cursory look at the proposal shows it to be half-baked at best.

First, the chance of finding criminal activity on the network of one of the corporations buying these new routers is minimal. Someone who is planning to blow up a skyscraper or ship several kilos of cocaine is unlikely to discuss his scheme from a PC at a Fortune 500 company.

The kinds of crime that might be caught on a corporate network are white-color offenses like bribery or money-laundering. But remember that the system administrator who must help trap the suspect is working in the same place as the suspect. A crooked business manager will make sure to enlist the connivance of his or her system administrator before using the network to carry out the crime.

Internet service providers are an even less likely locus for crime-fighting. Busy providing 24-hour-a-day service, and stripped to a minimal staff, a service provider is never going to want to take on the effort and responsibility of tapping into users’ traffic.

Nor would users trust them. Phone lines are insecure; cable modems even less so. Internet service providers are not known for high-grade security. Anyone with a competing business or nosy neighbor nearby is going to demand end-to-end encryption.

The central problem with any key-recovery proposal is that alternatives already exist. For instance, Web browsers automatically use the Secure Sockets Layer (SSL) protocol to protect selected transactions. The protocol works end-to-end and creates a secret communication agreement that lasts only for the length of the session. Any clever drug dealer could put a form up on a Web site and let clients securely enter the data for buying and delivering the goods.

Similarly, every Microsoft user can dial into a central computer server using Point-to-Point Tunneling Protocol. Unix users have had the Secure Shell for even longer. It might have been possible to choke off the development of secure end-to-end protocols several years ago, but no longer.

And all these protocols are generalized: they can use any form of encryption the two end-users choose—any form that a government will allow them to get their hands on.

I have no beef with Cisco or any other company trying to give business customers what they want. But as a political contribution, the standard is purely a distraction from the task of making encryption free.

Recently, several members of the Clinton Administration have dropped hints that they realize the failure of both export controls and key recovery as valid encryption policies. This admission, like the evidence that clean-needle programs prevent the spread of AIDS, has yet to morph into actual policy changes.

After a period of retreat, governments are trying harder than ever to bottle up encryption. The British Labour government, for instance, has resurrected a 1997 key-recovery proposal from the Department of Trade and Industry that the Labour Party originally opposed during the election that brought it to power.

France, which has an extremely restrictive key-recovery law, has issued orders on its implementation; as an earlier article of mine points out, reading the orders make it clear how hard it would be to get the law to work. And the Australian government not only restricts exports but is trying to persuade other countries to further tighten controls in an international export treaty called the Wassenaar Arrangement.

But the cracks in the policy front are widening. If the router proposal is the best scheme that governments can offer, they’re in big trouble.

On July 18, Reuters publicized that the Americans for Computer Privacy coalition—heavily supported by high-tech businesses—will start a public campaign against encryption controls. Electronic Frontiers Australia has just launched a campaign to liberalize laws in that country.

Both groups will be bolstered by an announcement by the American group Electronic Frontier Foundation that a system costing $250,000 can quickly break the type of encryption currently permitted by each country for export.

It is an incredible testament to the genius of cryptographers that every desktop has the technical ability to encrypt data in a form that would take thousands of years to break. We must make use of this gift in a world of ever greater encroachments on privacy. And governments should be helping us, by such activities as legislating the legality of digital signatures and setting standards for their management—not hinder us by restricting the use of basic mathematical algorithms like encryption.


Editor, O’Reilly Media
Author’s home page
Other articles in chronological order
Index to other articles