IP: a different opinion more on : Louis Freeh -- encryption

[Dave Farber <farber () cis upenn edu>]

From: John Pescatore <John.Pescatore () entrust com>
To: "'farber () cis upenn edu'" <farber () cis upenn edu>

Hi, Dave - I've got to make an unpopular comment on this never-ending
debate:

I've had an odd career. I went to work for NSA right out of college and
after a few years transferred to the US Secret Service where I was involved
in surveillances in counterfeiting investigations. For the past 15 years
I've worked in private industry, building secure systems and working for
commercial vendors of firewalls and Public Key Encryption technology. I've
seen the four corners of the encryption debate: business need for
cryptography, vendors desire to sell crypto, the intelligence community need
to eavesdrop, and the importance of wiretaps and wireless surveillance to
domestic law enforcement.

While I believe export controls on crypto don't work and should be gradually
abolished (faster than is currently happening) for folks like Jim Warren I
have a simple question: should Radio Shack be allowed to sell scanners that
can receive on the cellular phone frequencies? After all, the Electronics
Communications Privacy Act only prevents innocent and law abiding citizens
from snooping on their neighbors - vile terrorists, dope smugglers and
motivated stalkers can easily snip a diode or two and listen in to
everything.

Most criminals are only capable using technology they can buy at the local
radio or computer store - popular fiction not withstanding, there aren't a
lot of Dr. Nos out there with large laboratories full of technology that the
DoD would envy. Export controls don't work but we as a society have decided
we do want law enforcement to be able to put away criminals before they
commit crimes. Some of the proposed legislation (like SAFE) is probably
going in the right direction. Demonizing Louis Freeh is fun but - as with
most low hanging fruit - not terribly productive.

Even more important to the privacy debate is why we are focusing on
cryptography and almost totally ignoring how backward the United States is
in protecting citizens' data rights.

At a symposium at George Washington University I asked Marc Rotenberg of
EPIC why all the various privacy organizations were so focused on crypto,
which in reality is mainly a business issue , and almost completely ignoring
data privacy, which protects citizens and controls business use of personal
data. His only answer was that the government's effort to push the Clipper
key escrow approach had galvanized privacy advocates and they hadn't moved
on since the demise of Clipper. It is time to move on.

John Pescatore
johnp () entrust com



-----Original Message-----
From: Dave Farber [mailto:farber () cis upenn edu]
Sent: Tuesday, February 09, 1999 7:30 PM
To: ip-sub-1 () majordomo pobox com
Subject: IP: more on : Louis Freeh -- encryption ... ASK HIM THE DAMN
QUESTION!


Personal comment -- right on!!!

Date: Tue, 9 Feb 1999 15:36:01 -0800
To: farber () cis upenn edu
From: Jim Warren <jwarren () well com>

At 2:10 AM -0800 2/9/99, Dave Farber wrote:
...
> This is from Freeh's prepared statement:
>
> Terrorists, both abroad and at home, are using technology to protect their
> operations from being discovered and thwart the efforts of law enforcement
to
> detect, prevent, and investigate such acts. Convicted spy Aldrich Ames was
> told by his Russian handlers to encrypt his computer files. International
drug
> traffickers also are using  encryption to avoid detection ...

1.  Geee.  This may be the first time Freeh forgot to also include kiddie
porn in his horrifying opening paragraph.  I guess his polling showed that
terrorists and asnd turncoat CIA agents are more frightening to
Congress-critters.

2.  Why is it that NO one EVER asks Freeh why he pretends that these vile
terrorists, spies, dope smugglers (excluding those who fund U.S. covert
ops), etc. -- would suddenly stop using secure crypto, readily available
worldwide, if the U.S. outlawed it?  Geez ... talk about a "spin doctor"!!!

3.  The ONLY people and companies who will be "controlled" by statutory
prohibitions against uncrackable crypto are the INNOCENT ones, the
LAW-ABIDING citizens and businesses that would discard robust protection
for their personal privacy and corporate security if Freeh gets to have his
way with us.

--jim; jwarren () well com
Jim Warren, Contributing Editor & columnist, MicroTimes Magazine
Also GovAccess list-owner/editor