Crypto panel: FBI is No. 1 enemy

SAN FRANCISCO--Opponents of the federal government's attempts to limit the use of strong encryption made it clear who they blame the most: FBI director Louis Freeh.

The opponents, speaking here on the "Washington Update" panel which ended the day's proceedings at the RSA Data Security conference, mixed their complaints against the FBI and other foes of widespread encryption with a good dose of humor to please the highly partisan audience.

"In Washington, the men in black have arrived, and what looked like growing support for lifting [encryption] export controls is now threatened," said Jerry Berman, executive director of the Center for Democracy and Technology, a Washington, D.C.-based rights advocacy group.

Berman was referring to the opening skit in which D.C. lawyer Bruce Heiman mocked the FBI--which he dubbed the "FIB"--by donning a suit and sunglasses in a parody of the hit movie "Men In Black" and trying to brainwash the audience into forgetting all criticism of the government's crypto policy.

Last year saw a high-profile fight both in Congress and in courts around the country over the role of software encryption as digital communication becomes the norm. Law enforcement agencies want to limit the spread of strong encryption, arguing it will let criminals communicate and store information without fear of detection. Proponents of freely available encryption argue that the technology is necessary to ensure personal and commercial privacy, and that current government regulations put American software companies such as RSA Data Security at a competitive disadvantage when their foreign competitors can sell strong crypto.

The lone government representative on the panel, Bruce McConnell of the White House's Office of Management and Budget, answered pointed questions with good humor.

McConnell's brief presentation focused on the pilot projects his department is conducting to determine what types of encryption schemes the federal government, a major user of encrypted software and communications, should purchase. All schemes will certainly adopt "key recovery," a technology that allows the retrieval of a user's private decryption code, or "key," in case the user forgets it, loses it, or if the user's employer--or a law enforcement agent--wants to access the user's encrypted information. Whatever the government decides to use could have strong bearing on encryption development in general. A report on the pilot projects should be released in April, McConnell said.

When asked where the Clinton administration's encryption policy stands, McConnell demurred.

"We're still trying to get the legislative strategy together," he said. The administration is seeking to strike a balance between the liberalization of crypto regulations proposed by bills such as the SAFE Act and the domestic control of encryption proposed by the Senate's Secure Public Networks bill, McConnell said.

The White House took its lumps from the other panelists, but the main vitriol was reserved for the FBI's Freeh, who personally lobbied on Capitol Hill this summer when it seemed that the liberal SAFE Act and its Senate counterpart, the Pro-Code bill, were gaining momentum. Freeh told a Congressional panel that his agency was seeking access not only to electronically stored and transmitted data overseas but within the United States as well, a position that the White House disavowed at the time.

"We've heard the FBI's shot across the bow," the CDT's Berman said. "Unless we fight door-to-door in Congress this year we'll have domestic encryption controls."

Another privacy-rights advocate, Electronic Privacy Information Center director Marc Rotenberg used a list of "10 signs of good encryption legislation" to get his point across. Item number five: "Louis Freeh is steamed."

University of Massachusetts computer science professor Susan Landau expanded the criticism of the FBI to include the bureau's recent calls for greater wiretapping powers under the Digital Telephony Act.

A different viewpoint came from Georgetown University computer science professor Dorothy Denning, who argued that encryption regulations enacted this decade have increasingly relaxed export controls without imposing any domestic strictures. But she acknowledged that of the many crypto-related bills pending in Congress, some could reverse those trends.

RSA president and CEO Jim Bidzos moderated the panel.