FBI wants domestic crypto keys
After months on the fence, FBI director Louis Freeh makes it clear that controlling domestic use of encryption software is a greater priority than limiting its export.
"Law enforcement is more concerned about the significant and growing threat to public safety and effective law enforcement that would be caused by the proliferation and use within the United States of a communications infrastructure that supports strong encryption products but cannot support timely law enforcement decryption," Freeh told the Senate Judiciary Committee yesterday.
The director's comments yesterday underline the conflict within the administration on encryption policy and the influence the security agencies have on that policy. Other voices in the administration, including Vice President Al Gore and an early draft of the White House's e-commerce white paper, have long insisted that domestic use would remain unregulated.
In the hearing convened by committee chairman Orrin Hatch (R-Utah), Freeh also expressed concern that pending Senate legislation doesn't go far enough in giving law enforcement access to encrypted electronic data within U.S. borders.
"These legislative proposals still do not contain adequate assurances that the impact on public safety and effective law enforcement of the widespread availability of encryption will be addressed," he told the committee.
Freeh was referring specifically to Senate bill 909, which mandates domestic key recovery--a technology that gives access to a user's private keys--for all encryption products purchased with federal money and for all federally funded electronic networks. Security officials like Freeh argue that inaccessible encryption will let criminals communicate on the Internet without fear of being caught.
The bill, sponsored by Sens. Bob Kerrey (D-Nebraska) and John McCain (R-Arizona), would also require key recovery for anyone within the United States using a government-approved digital certificate. Digital certificates are ID tags that verify the sender of a communication or transaction as well as the integrity of the data within.
"Registration and the use of registered agents and [digital certificate] authorities are entirely voluntary," Kerrey told the committee yesterday.
Because digital certificates are considered necessary to spur Net-based commerce, critics of the McCain-Kerrey bill argue that a federal "stamp of approval" program for certificates creates an environment of mistrust for those who choose not to participate in the program. Such an environment is bad for business, critics say, and will make the federal program and the use of key recovery a de facto standard.
The bill has already been approved by the Senate Commerce Committee, and Judiciary might take it up for debate soon. The bill has not yet been referred to the committee, however, and no further hearings have been scheduled, according to the committee press secretary Jeanne Lopatto.
Opponents of McCain-Kerrey are already taking unprecedented steps to state their case. The Electronic Frontier Foundation, an online rights organization, has gone beyond its usual Net-based advocacy to create a 60-second radio spot. The commercial urges listeners to contact McCain and complain about the bill.
"We feel that if this bill passes it will have an extreme impact to privacy for the American public in the next 100 years, and the majority of people walking down the street will never know what even happened," EFF executive director Lori Fena told CNET's NEWS.COM. "We're preaching to the choir already on the Net; it's more effective to reach people in their cars."
The radio ad is airing this week during rush-hour drive times in San Francisco, New York, and Washington, D.C. The organization will gauge the volume of response to the ad before buying more air time, but Fena is encouraged by the response so far. The nonprofit group has spent "in the low thousands of dollars" on the advertisements, Fena added.