Encryption expert revises views Authorities crack codes on their own Published: July 31, 1997 BY SIMSON GARFINKEL Special to the Mercury News Previous encryption stories on Mercury Center Dec. 20, 1996: Key questions unanswered after encryption ruling Dec. 19, 1996: Judge voids U.S. limit on export of scrambling software Dec. 6, 1996: U.S. delays encryption export regulations Nov. 19, 1996: Encryption 'scrambling' plan meets cool reception Nov. 16, 1996: Encryption battle ends peacefully Sept. 22, 1996: Locked and loaded A key academic supporter of the Clinton administration's position in the debate over controls on encryption software has found that the scrambling techniques widely used today have not shielded criminals from law enforcement authorities. As a result, she is backing off from her long-held belief that controls on strong encryption are essential to fight crime. In a study to be released today, Dorothy Denning, a Georgetown University computer science professor, reports that a survey of law enforcement officials found that they have been able to nab suspected criminals even when the suspects employed encryption to hide evidence of their wrongdoing. Encryption technology allows data to be scrambled so that it cannot be intercepted or understood by anyone other than the intended recipients. The administration -- and Denning -- have long argued that the use of strong encryption should be controlled so that terrorists, drug dealers and other criminal elements do not gain the upper hand over law enforcement. The report, to be published by the National Strategy Information Center, a Washington, D.C., think tank, is the first of its kind and includes more than 20 incidents in which law enforcement organizations encountered encrypted data. ``Most of the investigators we talked to did not find that encryption was obstructing a large number of investigations. When encryption has been encountered, investigators have usually been able to get the keys from the subject, crack the codes or use other evidence,'' the report says. The report -- whose other author is William E. Baugh Jr., vice president of defense contractor Science Applications International Corp. -- provides new, behind-the-scenes details on well-known cases. Encryption controls are at the center of a debate that pits the computer industry and civil libertarians against the Clinton administration and law enforcement organizations. Businesses argue that encryption is vital in the computerized world to protect business records and personal communications. But the Clinton administration has argued that it can be, and has been, used by organized crime, terrorists and child pornographers to hide evidence of their illegal activities. The administration has fought hard for increased controls on encryption, both domestically and abroad. But it has been unwilling to list specific cases in which it has interfered with law enforcement. Faced with the lack of evidence, Denning set out to interview law enforcement officials and comb news reports, amassing as many cases as possible in which encryption had played a role in a criminal investigation. Her report, ``Encryption and Evolving Technologies as Tools of Organized Crime and Terrorism,'' had been expected to call for increased restrictions on encryption. Instead, Denning said, she has now stepped back from her former position of advocating controls on the dissemination of strong encryption technology. ``If anything, I am in a greater state of questioning about what we should do,'' she said in an interview. ``I don't have a position about what we should do. That is why the report does not make any recommendations about policy. The only recommendation is that we think that we need to be collecting data, not just on the number of cases, but on what the outcomes of those cases are.'' The report does make clear that encryption could pose problems for law enforcement in the future. ``Our findings suggest that the total number of criminal cases involving encryption worldwide is at least 500, with an annual growth rate of 50 to 100 percent,'' it says. The cases examined include: The Japanese death cult, Aum Shinrikyo, which used encryption to store records on its computers. Authorities were able to decrypt the files in 1995 after finding the decryption key on a floppy disk. The New York subway bomber, Edward Leary, who had created his own encryption system to scramble files on his computer. According to the report, after Manhattan police ``failed to break the encryption, the files were sent to outside encryption experts. These experts also failed. Eventually, the encryption was broken by a federal agency. The files contained child pornography and personal information which was not particularly useful to the case.'' ``A police department in Maryland encountered an encrypted file in a drug case. Allegations were raised that the subject had been involved in document counterfeiting, and file names were consistent with formal documents. Efforts to decrypt the files failed, however, so the conviction was on the drug charges only.'' Many programs, such as Microsoft Word, Word Perfect and Intuit Inc.'s Quicken, include some form of weak encryption. According to the report, these systems can be broken with automatic programs in 80 to 85 percent of all cases.

| Mercury Center Home | Index | Feedback |
©1996-7 Mercury Center. The information you receive on-line from Mercury Center is protected by the copyright laws of the United States. The copyright laws prohibit any copying, redistributing, retransmitting, or repurposing of any copyright-protected material.