Re: Why did White House change its mind on crypto?
In message [EMAIL PROTECTED], Howie Goodell writes: It's (2) that's the real problem. They have this message they claim came from you, but the link to you is secret (maliced keyboards; Windows 2000 backdoors, etc.) This has nothing to do with encryption -- since the evidence is plaintext -- it's a bugging case. However unlike wiretaps, a seized plaintext is not self-authenticating, unless you signed it with a private key the jury believes the Government didn't steal (hard to believe; how do we know they didn't watch you type your password and then fake the signature?) So if I were on a jury, why should I believe them? I'm not a lawyer, but... It's always possible to challenge the authenticity of evidence. The government may not have to explain how they got it (though as I noted, I think there's a good chance for a constitutional challenge here), but that won't stop a clever defense attorney from casting doubt on it -- say, by pointing out that Mark Furhman helped with the cryptanalysis --Steve Bellovin
Re: Why did White House change its mind on crypto?
In message [EMAIL PROTECTED], Adam Shostack write s: | I suspect his security experts realized that export controls were | ineffective in keeping crypto out of the hands of bad guys and that | the DOD was suffering because the commercial products on which it | depends lack strong security. To pick a nit, strong crypto will not solve a large number of the security problems we possess today. It will make a class of attacks harder, but not the easiest class, which is to exploit flaws in software and configuration to bypass controls. You're both right. First, it's quite correct that crypto won't solve most problems. Last year, I analyzed all of the CERT advisories that had ever been issued. 85% described problems that cryptography can't solve. To give just one example, 9 out of 13 advisories last year concerned buffer overflows -- and 2 of the remaining 4 described problems in crypto modules. That said, the problems that are solvable with cryptography -- sniffers, sequence number guessing, etc. -- are very important ones. DoD machines -- and, perhaps more importantly, vital private-sector computers -- use off-the-shelf hardware and software. (Remember the battle cruiser run by NT?) To the extent that these machines are vulnerable because of the lack of crypto, national security suffers. There are lots of folks in the Pentagon who understand this. One last point -- there is no one "government" view. The government is composed of many individuals and many agencies; they each have their own agendas. Sure, the SIGINT folks and the FBI want weak crypto, because it makes their jobs easier. Other folks are more concerned with, say, keeping J. Random Terrorist from getting to the power grid (see Operation Eligible Receiver for details). For that matter, there are people in the government who want American companies and non-DoD government agencies to be able to keep data secret from the prying eyes of pick-your-least-favorite-foreign- government. --Steve Bellovin
RE: Why did White House change its mind on crypto?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of P.J. Ponder Sent: Friday, September 17, 1999 16:22 To: Greg Broiles Cc: [EMAIL PROTECTED] Subject: Re: Why did White House change its mind on crypto? Would the courts allow the prosecution to admit evidence without recognizing the right of cross examination of witnesses or examination of evidence and its provenance? I helped defend a case in law school (as a clerk; I couldn't practice yet) that involved a wiretap, and the FBI and US Attorney's Office had to give us copies of the tapes, and the phone records, and everything. That was twenty years ago, but I don't think things have changed that much. Then again, I have never been involved with a case where secret government information gathering was an issue bearing on a significant piece of evidence. Your argument is straight to the point. Since you are unfamiliar with the operations of the current FISA court, you obviously can't be blamed for not being aware of the fact that there is an US court in operation today that conducts its proceedings quite differently from the way proceedings were conducted back when you were in law school. Under existing FISA court rules, the defense is not afforded the opportunity to cross examine prosecution witnesses about evidence presented by the prosecution deemed sensitive for national security reasons. The current CESA proposal simply is an attempt to extend this well-established practice to other courts of law. I am afraid that "things" have changed vastly more in the last 20 years than you may be aware of. Just a hunch, --Lucky
Re: Why did White House change its mind on crypto?
Your argument is straight to the point. Since you are unfamiliar with the operations of the current FISA court, you obviously can't be blamed for not being aware of the fact that there is an US court in operation today that conducts its proceedings quite differently from the way proceedings were conducted back when you were in law school. Under existing FISA court rules, the defense is not afforded the opportunity to cross examine prosecution witnesses about evidence presented by the prosecution deemed sensitive for national security reasons. The current CESA proposal simply is an attempt to extend this well-established practice to other courts of law. I am afraid that "things" have changed vastly more in the last 20 years than you may be aware of. Just a hunch, --Lucky There is a very important distinction, however. The FISA court does not have the power to convict people of crimes (or issue civil judgements), only to issue FISA orders. Even evidence obtained under FISA can be discovered and examined if it is to be used in a criminal or civil proceeding. I think it is possible to argue that even if the FISA rules are considered constitutional, any law or rule that extends a "national security" exemption from the right for the defense to examine or question relevent evidence used against in a crimial trial clearly violates procedural due process. Of course, I'm not a lawyer, and I'm often surprised about what the courts are willing to allow these days. -matt
Re: Why did White House change its mind on crypto?
bram [EMAIL PROTECTED] writes: I don't believe the courts will allow the government to present evidence without giving the defense a chance to contest the means used to obtain it. The same could be said about the movie rating system, child pornography, and crypto export laws. Just because something is clearly unconstitutional doesn't mean courts won't go along with it. The movie rating system is not a government system. Child pornography falls under obscenity, which is a line of decisions I don't agree with, but I wouldn't say they are "clearly unconstitutional". So far, the courts have generally ruled against crypto export laws when given the chance. The courts work very, very slowly, unfortunately. IMHO, this legislation is more like the CDA in its blatant unconstitutionality, and I would hope the courts would respond similarly, by enjoining enforcement until the SC could strike it down. It's scary that the White House would try to pass such legislation, but I don't fear it being enforced. "I can't say that because it would violate national security" was an oft-repeated refrain in the Iran-Contra affair. Like it or not, the 'national security' excuse has quite a bit of history to it and it's very naive to think it will just go away. I believe that was the defendants making that claim, not the prosecution. There's a world of difference. Marc
Re: Why did White House change its mind on crypto?
Hi -- It seems to me this breaks into two parts: 1. The LEA got your encryption key. 2. They got plaintext some other way. If it's (1), they can offer to prove their case by decrypting the seized cyphertext which they somehow tie to the defendant. Of course, he can opt to keep his key secret (from others) by not contesting the point. Evidence should be admissible without legislation; the point is that the cyphertext is tied to you, and if they find any key that decrypts it to an incriminating message, the chance that's not the real message is vanishingly small (obviously I'm not talking OTPs.) How they got the key is another story; perhaps they want more protection against the "fruit of the poisonous tree" doctrine, but the question is now much smaller: they can't possibly be framing you; they just have to convince the judge their methods of retrieving the key were legal. It's (2) that's the real problem. They have this message they claim came from you, but the link to you is secret (maliced keyboards; Windows 2000 backdoors, etc.) This has nothing to do with encryption -- since the evidence is plaintext -- it's a bugging case. However unlike wiretaps, a seized plaintext is not self-authenticating, unless you signed it with a private key the jury believes the Government didn't steal (hard to believe; how do we know they didn't watch you type your password and then fake the signature?) So if I were on a jury, why should I believe them? Anyone with legal expertise care to comment on this situation? Howie Goodell Ben Laurie wrote: Declan McCullagh wrote: Another answer might lie in a little-noticed section of the legislation the White House has sent to Congress. It says that during civil cases or criminal prosecutions, the Feds can use decrypted evidence in court without revealing how they descrambled it. If you can not reveal how you descramble it, doesn't that mean you can't be asked to show that it actually corresponds to the ciphertext? Scary! Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi -- Howie Goodell Senior Software Engineer HCI Research Group 28 Lucille Avenue FEI Company - Micrion Computer Science Salem, NH 03079-2054 1 Corp Wy Centennial Park Univ. Massachusetts (603) 898-8407Peabody, MA 01960-7990 1 University Avenue (810) 222-2042 fax(978) 538-6680 -6699 fax Lowell, MA 01854 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] End-User Programming: http://www.cs.uml.edu/~hgoodell/EndUser "You have zero privacy anyway. Get over it." (Sun CEO) Scott McNealy
Re: Why did White House change its mind on crypto?
Declan McCullagh wrote: Another answer might lie in a little-noticed section of the legislation the White House has sent to Congress. It says that during civil cases or criminal prosecutions, the Feds can use decrypted evidence in court without revealing how they descrambled it. If you can not reveal how you descramble it, doesn't that mean you can't be asked to show that it actually corresponds to the ciphertext? Scary! Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi
Re: Why did White House change its mind on crypto?
Ben Laurie writes: Declan McCullagh wrote: Another answer might lie in a little-noticed section of the legislation the White House has sent to Congress. It says that during civil cases or criminal prosecutions, the Feds can use decrypted evidence in court without revealing how they descrambled it. If you can not reveal how you descramble it, doesn't that mean you can't be asked to show that it actually corresponds to the ciphertext? Scary! I agree it's scary. What's the difference between that, and being stopped on a dark road at 2AM by a state trooper? I was, and it was scary, because he kept asking me if I had any guns, and he wanted to see what was inside the foil candy wrapper on my dashboard (more foil), but obviously he expected that it was hash. But what if he handed back some hash wrapped in foil? What would I have done? At that point, I've got drugs, and he knows it, and he could arrest me. What's the difference between that, and someone claiming that a certain piece of text decrypts to a sinister message? Seems to me like the best defense against that is mass-market crypto. Because if the TLA claims that something decrypts to something, and I can use the mass-market crypto to have it decrypt to something else, the TLA has a credibility problem. Or is this not why you're scared? -- -russ nelson [EMAIL PROTECTED] http://russnelson.com Crynwr sells support for free software | PGPok | Government schools are so 521 Pleasant Valley Rd. | +1 315 268 1925 voice | bad that any rank amateur Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | can outdo them. Homeschool!
Re: Why did White House change its mind on crypto?
Jeffrey Altman writes: : I agree it's scary. What's the difference between that, and being : stopped on a dark road at 2AM by a state trooper? I was, and it was : scary, because he kept asking me if I had any guns, and he wanted to : see what was inside the foil candy wrapper on my dashboard (more : foil), but obviously he expected that it was hash. But what if he : handed back some hash wrapped in foil? What would I have done? At : that point, I've got drugs, and he knows it, and he could arrest me. : What's the difference between that, and someone claiming that a : certain piece of text decrypts to a sinister message? : : Seems to me like the best defense against that is mass-market crypto. : Because if the TLA claims that something decrypts to something, and I : can use the mass-market crypto to have it decrypt to something else, : the TLA has a credibility problem. : : Or is this not why you're scared? : : There are two problems with the ability to produce evidence without : specifying how you got it. If the Feds have a large amount of : encrypted data. Maybe months of information and they were unable : to decrypt it they could just make something and submit it to the : court. : : If I decide that I want to challenge the evidence I am going to : have to decrypt the message as provided by the court and document : how I did it. Now I may have successfully challenged the submitted : evidence but I have now been compelled to hand over my key which : the government can now use to read the rest of the encrypted : data. It's far more scary than that. What makes you think that the file that they decrypt was encrypted in the first place? -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH EMAIL: [EMAIL PROTECTED]URL: http://samsara.law.cwru.edu NOTE: [EMAIL PROTECTED] no longer exists
Re: Why did White House change its mind on crypto?
On Fri, Sep 17, 1999 at 11:05:37AM -0400, Russell Nelson wrote: What's the difference between that, and someone claiming that a certain piece of text decrypts to a sinister message? Seems to me like the best defense against that is mass-market crypto. Because if the TLA claims that something decrypts to something, and I can use the mass-market crypto to have it decrypt to something else, the TLA has a credibility problem. Or is this not why you're scared? What scares me is the possibility that there won't even be an argument about whether or not a particular clump of ciphertext decodes to a particular bit of plaintext because I don't think it'll be possible to cross-examine prosecution witnesses about the way that they came into possession of what's purported to be plaintext. They won't need to say how they came into possession of the plaintext, because that would reveal their methods - if you know what ciphertext they used (especially if you're seeing it as an email message (perhaps with Received lines intact), or as the output of tcpdump) you probably know how it was intercepted, and that's something they want to keep secret. The scenario I'm concerned about is a simple swearing/credibility contest - the prosecution witness asserts that the defendant was the author of a particular (plaintext) communication which is either a crime, or admits to committing a crime. The defense can now choose between offering no response, or having the defendant deny authoring the communication (under oath, waiving their right against self-incrimination, including related to collateral matters). The defense won't have a meaningful opporunity to question the technical correctness nor the constitutional/legal appropriateness of the access to the text, because it's not possible to meaningfully explore those issues without revealing the government's methods. It's difficult to imagine that the Clinton administration, in light of recent weeks' revelation about misconduct, hidden information, and perjury which occurred regarding the conduct of federal law enforcement officers at Waco, is proposing new legislation which limits instead of expanding access to information about law enforcement techniques and behavior. It's likely that a number of criminal convictions were obtained against the survivors of the burned church building because of the information which was hidden from the defense and the jury by prosecutors and law enforcement agencies. That information is now coming to light as a consequence of a later, civil suit regarding the burning .. but would we ever have learned it if a statute prohibiting disclosure of law enforcement methods were in effect? The current CESA draft only applies to law enforcement methods used to gain access to electronic information - but if the public swallows that bitter pill, we should expect it to spread to a general prohibition about questioning the tactics of the government in all venues. -- Greg Broiles [EMAIL PROTECTED]
Re: Why did White House change its mind on crypto?
On Fri, Sep 17, 1999 at 11:05:37AM -0400, Russell Nelson wrote: What's the difference between that, and someone claiming that a certain piece of text decrypts to a sinister message? What's the difference between this and claiming that a certain drop of blood has DNA characteristics that match a particular person? In the O.J. Simpson trial, the government took over a month to explain to the jury the similarities between the blood collected from the crime scene and the defendent; and the defense lawyers rebutted the evidence by claiming that it may have been contaminated or planted by the police. Since my only legal education was from watching that trial, it seems to me that only a jury can decide whether a particular message was written by a particular individual and that it is the government's responsibility to provide evidence "beyond a resaonable doubt" to that effect. I don't see how the government can take this responsibility away from the jury. Martin Minow [EMAIL PROTECTED]
Re: Why did White House change its mind on crypto?
Our company works with the FBI a lot. We provide the software they actually use to recover passwords. The majority of software out there uses access-denial: the encryption / ofuscation doesn't depend on the password. But to be acceptable in court, you have to prove that you didn't change a single bit of evidence. That's why all our software recovers passwords instead of simply removing the protection. If the law passes, we'll probably end up providing them with trojan horses stuff. Basically, they're going to be glorified keyboard sniffers, because the courts (no matter what the law says--they get to interpret the law) aren't going to accept that a message wasn't faked unless the prosecutor can prove that it is the decryption of a ciphertext. To do that, all they need is a password that works, so that's what they'll focus on capturing. -- Mike Stay Programmer / Crypto guy AccessData Corp. mailto:[EMAIL PROTECTED]
Re: Why did White House change its mind on crypto?
I think we should take Deputy Secretary of Defense John Hambre at his word (from the White House briefing): "MR. HAMRE: ... The national security establishment -- the Department of Defense, the intelligence community -- strongly supports this strategy. Indeed, we created the first draft of the strategy and presented it to our colleagues in the interagency process. We in the Defense Department did it because I think we feel the problem more intensively than does anyone else in the United States. We are the largest-single entity that operates in cyberspace. No one is as large as we are. We are just as vulnerable in cyberspace as is anybody, and we strongly need the sorts of protections that come with strong encryption and a key infrastructure that we're calling for in this strategy." I suspect his security experts realized that export controls were ineffective in keeping crypto out of the hands of bad guys and that the DOD was suffering because the commercial products on which it depends lack strong security. Arnold Reinhold
Re: Why did White House change its mind on crypto?
On Fri, 17 Sep 1999, Greg Broiles wrote: . . . . What scares me is the possibility that there won't even be an argument about whether or not a particular clump of ciphertext decodes to a particular bit of plaintext because I don't think it'll be possible to cross-examine prosecution witnesses about the way that they came into possession of what's purported to be plaintext. They won't need to say how they came into possession of the plaintext, because that would reveal their methods . . . . Would the courts allow the prosecution to admit evidence without recognizing the right of cross examination of witnesses or examination of evidence and its provenance? I helped defend a case in law school (as a clerk; I couldn't practice yet) that involved a wiretap, and the FBI and US Attorney's Office had to give us copies of the tapes, and the phone records, and everything. That was twenty years ago, but I don't think things have changed that much. Then again, I have never been involved with a case where secret government information gathering was an issue bearing on a significant piece of evidence. I'd be interested to hear from anyone that has seen how courts would react in similar situations - where the prosecution attempts to introduce evidence but 'can't say' where it came from or how they happened to have it