Today's Encryption Bypass May Avert Later Restrictions.MOST detectives aren't real fond of secrets. They keep a few of their own, of course. But professional crime solvers spend most of their time trying to discover the exact things that criminals don't want them to find. So you can imagine what these folks think of encryption The reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the ciphertext) as a mechanism for protecting its confidentiality, integrity and sometimes its authenticity. Encryption uses an encryption algorithm and one or more encryption keys. . The idea that people can use software to scramble their e-mail and other computer files and stop them from being read without their permission is enough to send guys like "NYPD NYPD New York City Police Department (since 1845; New York City, NY, USA) NYPD New York Play Development Blue's" Andy Sipowicz Andy Sipowicz was a fictional character on the popular ABC television series NYPD Blue. He was played for the entire run of the show by Dennis Franz. Sipowicz is a New York City police detective working in a fictionalized 15th Precinct placed on the lower east side back to the bottle. Actually, real-life detectives from the FBI and other law enforcement agencies A law enforcement agency (LEA) is a term used to describe any agency which enforces the law. This may be a local or state police, federal agencies such as the Federal Bureau of Investigation (FBI) or the Drug Enforcement Administration (DEA). have run straight to Congress, asking for new laws New Laws: see Las Casas, Bartolomé de. to restrict the use of encryption. It's only a matter of time, they've said, until terrorists and organized crime figures start using crypto See cryptography. to frustrate the authorities who might intercept their communications. It seems that time has arrived. Federal prosecutors in Philadelphia say the son of a former mob boss was using PGP (Pretty Good Privacy) A data encryption program from PGP Corporation, Palo Alto, CA (www.pgp.com). Published as freeware in 1991 and widely used around the world for encrypting e-mail messages and securing files, PGP is available for commercial use and as freeware for , the Net's most popular encryption program, to hide evidence of a gambling and loan-sharking operation. If they're right, he probably isn't the only wise guy who's grown wise to the potential uses of data-scrambling technology. But the case against Nicodemo S. Scarfo doesn't prove the need to restrict encryption, which plays a critical role in protecting privacy online. In fact, it proves just the opposite - that police can work around strong crypto when the need arises. Federal agents seized a computer from Scarfo's business in January 1999 but were unable to access possible evidence stored in an encrypted file, the Philadelphia Inquirer Philadelphia Inquirer Morning newspaper, long one of the most influential dailies in the eastern U.S. Founded in 1847 as the Pennsylvania Inquirer, it took its present name c. 1860. It was a strong supporter of the Union in the American Civil War. reported. So when they sought another search warrant a few months later, they also secured a court order allowing them to install a new kind of surveillance device on his computer. This device - the feds won't say if it was software, hardware or both - recorded the keys pressed on the computer's keyboard. That allowed detectives to figure out the password to decrypt To convert secretly coded data (encrypted data) back into its original form. Contrast with encrypt. See plaintext and cryptography. Scarfo's files as though they were sitting over his shoulder when he typed it. Encryption experts see the incident as a case study in the vulnerability, of even strong data-scrambling programs. The program that Scarfo used is called PGP, which stands for Pretty Good Privacy. Slightly paranoid Net users frequently employ PGP to protect their email, and the program generally lives up to its name. Anyone who intercepts a PGP-encrypted message en route to its recipient won't be able to read it without the password. But there are many ways of discovering passwords, including rummaging through someone's trash or installing a program on their computer that tricks them into revealing it. "Instead of building a defensive wall, we're planting a huge stake in the ground and hoping the attacker will only take the path that runs into the stake," wrote Bruce Schneier, a well-respected crypto guru who runs Counterpane Internet Security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. Inc. "A smart attacker will simply go around the stake." Such vulnerabilities are actually beneficial for those who would make legitimate use of encryption. As long as police have a shot at working around a criminal's use of strong data-scrambling technology, there's no reason to stop the rest of us from using it to sign online contracts, send secure messages and store critical files out of a hacker's reach. Privacy advocates complain that the key-tracing device installed on Scarfo's computer is too invasive. His defense attorney also is expected to argue that current laws don't authorize such methods. It's possible they'll succeed, since the judge who authorized the device relied on laws designed for listening devices. In the long run, though, it would make sense for Congress or the courts to make sure that police have the power to install encryption workarounds in circumstances similar to those that authorize traditional "bugs." The process is invasive, to be sure, but there's no particular reason our computer files should be considered more sacrosanct sac·ro·sanct adj. Regarded as sacred and inviolable. [Latin sacr  s than our spoken words. Besides, it's a reasonable price to avoid further restrictions on a technology that is becoming more useful every day. We should all have the right to keep our secrets safe, even on the Net. And unless we give police a reasonable chance to sniff out a few of them, Congress may feel compelled to leave us with none at all. |
|
||||||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion