Encryption crackdown looms

The terrorist attacks in the US this week have prompted calls for all encryption software to have 'backdoors' for government interception

The horror of Tuesday's coordinated attacks on the commercial and military centres of America has prompted the US Congress to call for a global ban on "uncrackable" encryption products.

Speaking in the US Senate on Thursday, Senator Judd Gregg proposed tighter restrictions on software that scrambles electronic data, and often hinders a government's ability to obtain valuable criminal intelligence.

"This is something that we need international cooperation on and we need to have movement in order to get the information that allows us to anticipate and prevent what occurred in New York and in Washington," said Gregg, according to a report obtained by wired.com.

Reports this week have suggested that the FBI believes sophisticated encryption techniques were used to coordinate the terrorist attacks on the World Trade Center and the Pentagon.

Gregg is now proposing that US government officials should have access to decryption tools when the case is deemed to be a matter of national security. He said that the developers of encryption products "have as much at risk as we have at risk as a nation, and they should understand that as a matter of citizenship, they have an obligation" to produce government decryption products. In order to safeguard the privacy of innocent citizens, the interception of encrypted communications would only take place with "court oversight".

The terrorist attacks on Tuesday represented one of the biggest intelligence failures in history. In a floor speech on Wednesday, Gregg admitted that the privacy of US citizens will be called into question, as governments around the world review their policies on the monitoring and tracking of individuals.

"We have electronic intelligence of immense capability. It needs to be improved, especially in the area of encryption," Gregg said. "We have to, as a nation, recognise that this is, for all intents and purposes, a war, and that it is going to take soldiers, and that some of those soldiers are going to have to participate in counterintelligence activities that are covert and personal, something from which we have shied away as a society."

Similar principles were used to defend the Clipper chip initiative developed by the National Security Agency (NSA) in 1994 for the National Institute of Standards and Technology (NIST). This encryption chip used the Skipjack algorithm, which could be decrypted using a process that required two separate keys. The US government proposal attempted to escrow these keys separately with the NIST and the Department of Treasury, on the basis that they could be combined under a court order to decrypt a transmission -- but the plan was unsuccessful.

The UK government proposed a similar key escrow scheme in the late '90s, but this was dropped following vigorous opposition. Some of the concepts are contained in a watered-down fashion in the Regulation of Investigatory Powers Act (RIPA). This winter the government is expected to enforce the final stages of RIPA, which will grant law enforcement authorities the power to demand decryption keys from the place where data is encrypted.

But security experts fear that measures such as RIPA could lead to a dangerous reliance on the gathering of electronic intelligence. "I wonder how far additional bits of technology are going to help -- there has been too much reliance on people having magic boxes, and sitting back in London or wherever, being able to voice their predictions of what might happen. Many old-fashioned intelligence agencies such as M16 are going to complain about resource cuts, and claim that they now need more people on the streets," said Peter Sommer, encryption expert based at the London School of Economics.

The US encryption proposals will be strongly opposed by cyberliberty advocates. Some privacy groups are meeting at the University of Maryland in Baltimore on Friday evening to discuss ways of promoting the civil liberty argument. "We have to urge our fellow citizens not to give up their basic civil rights, especially not the right to engage in private conversations over distance and share ideas in private that others might not agree with," said Rob Carlson at the Data Vectoring Society who is organising the meeting.

See the Surveillance News Section for the latest headlines.

See the Net Crime News Section for the latest on hacking, fraud, viruses and related issues.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.