PROTECTION AGAINST RANDOM ROGUE INFORMATION WARFARE

The growing availability of powerful encryption has, in effect, rewritten the rule book for creating, storing, and transmitting computer data.^[iv] People everywhere rightly regard confidentiality as essential for conducting business and protecting against random rogue information warfare and personal privacy.^[v] But governments worldwide have been sent into a spin, for fear secret encryption keys will add to the weapons of terrorists and other criminals. Some nations have even attempted to control the technology by constructing a maze of regulations and laws aimed at blocking its import, export, and/or use. Such bans have largely failed, however.

In recent years, the war over encryption has moved beyond controlling the technology itself. Now, some governments are granting law enforcement agencies new powers and funding the development of new tools to get at computerized data, encrypted or otherwise. Rising to that challenge, privacy proponents are striking back with new techniques for hiding data and preserving anonymity in electronic communications.

Confess up!

One legal tactic being used by states is to require owners of encrypted files to decrypt them when asked to by authorities. So far, only Singapore and Malaysia have enacted such laws, with Britain and India about to follow suit.

In Britain, two recent bills would give law enforcement officers the authority to compel individuals to decrypt an encrypted file in their possession under pain of a two-year jail term. Further, anyone given such a command would have to keep the giving of the notice, its contents, and the things done in pursuance of it secret-on penalty of a six-year jail term. The bills broadly define encryption, even including what some consider to be mere data protocol.

Straightforward though it seems, the approach is technically flawed. After all, a suspect may truly be unable to decrypt an encrypted file. He or she may have forgotten or lost the key. Or, if public-key encryption was used, the sender of a file will have the key used to encrypt the file, but rarely, if ever, the decryption key, which remains the exclusive property of the intended recipient. If symmetric key encryption was used, and the sender's hard disk crashes, the key will likely be wiped out along with all the other stored data. This flaw in the legislation was demonstrated by a British group, which mailed an ostensibly incriminating document to a government official and then destroyed the decryption key, making it impossible for that official to decode the file, even if 'compelled.'

Moreover, according to the latest version of the Cyberspace Electronic Security Act (CESA), police would be at liberty to present a text in court and claim it was the decrypted version of an encrypted file, without revealing to the defendant exactly how they arrived at the plain text. This means that the defendant can have a hard time defending himself, and makes it a lot easier for the police to fabricate evidence. The ability to receive a fair trial could be at stake.

Escrowed Encryption

Another controversial scheme for letting law enforcement in on encrypted data is known as escrowed encryption. Here, a third party is appointed by the state to keep a copy of the decryption keys (in escrow, as it were) for the state to use to decrypt any file sent to or by any user. In other words, encrypted files would be protected-except from the state.

Needless to say, many people abhor the mere idea. Even if a sound case could be made for revealing the decryption key to government personnel, what is to prevent them from reusing that key in the future, to look at other documents by the same user? Furthermore, drug traffickers, terrorists, and others of most concern to law enforcement are the least likely to use encryption that is openly advertised as readable by the government.

Then, too, given the transnational nature of the Internet, a global key-escrow system would need to be established. Sovereign states, with their own interests to protect, would object to such a system; this, in fact, happened with the escrow scheme known as the 'Clipper Chip,' which was heavily promoted by the U.S. government but largely dismissed by other states. The logistics of who keeps the escrowed keys, who has authority to demand their release, under what conditions, and so on, becomes unwieldy when vast numbers of encryption keys, states, and legal systems are involved. In view of such concerns, official support for escrowed encryption has all but died in the United States and elsewhere.

Global Surveillance

The ineffectiveness of legal constraints on encryption appears to have persuaded many governments to change direction. They are instead seeking to capitalize on the unencrypted nature of most digital traffic and to derive information by monitoring that traffic. Even encrypted messages tend to leave unencrypted who is communicating with whom and when.

Officially, most states deny the existence of electronic surveillance networks. But extensive claims of their existence persist. Echelon and FIDNet are two such alleged intelligence-gathering efforts that have been frequently described in the mainstream press and debated in official hearings by government legislatures.

Echelon is, according to the Washington, D.C.-based Federation of American Scientists, a global network that searches through millions of interceptions for preprogrammed keywords on fax, telex, and e-mail messages.

The same sort of public inquiries have been made about the Federal Intrusion Detection Network (FIDNet) that the U.S. National Security Council has proposed creating. It would monitor traffic on both government and commercial networks, with the stated goal of safeguarding the critical U.S. information infrastructure. Although the House Appropriations Committee did away with funding for it last summer, FIDNet supporters continue to push the program, arguing that it would not intrude on individuals' communications. Meanwhile, a number of civil rights groups, including the Electronic Privacy Information Center (EPIC), in Washington, D.C., and the American Civil Liberties Union, based in New York City, have challenged FIDNet's constitutionality. The plan demonstrates that privacy concerns are being swept under the carpet.

Computer Forensics

As society relies increasingly on computers, the amount of crime perpetrated with the machines has risen in kind. To law enforcement's delight, electronic records have proved to be a fertile ground for detectives. Indeed, in their present shape, computers, the Internet, and e-mail are the most surveillance-friendly media ever devised.

This development has given rise to an entirely new industry: computer forensics. Its purpose is not only to find out what files are stored in a computer, but also to recover files that were created with, stored in, sent by, received from, or merely seen by that computer in the past, even if such files were subsequently 'deleted' by the user.

The ability to resurrect electronic paper trails from supposedly deleted files stems, in large part, from the features built into many computer programs. For example, the delete command in most software does not delete. It merely marks the space that such a file occupied in a disk as being available in the future to be overwritten.

Also, many Windows applications save temporary versions of a file being worked on, just in case the computer crashes. Even if a user were to deliberately overwrite the original file, the temporary version still lurks in some part of the disk, often with an unrecognizable name and occasionally even invisible from the conventional directory.

Electronic paper trails are also left behind by the fast save function, which saves the latest version of a word-processing document as the original plus the sequence of changes made to it. A recipient of the electronic end result can see how the document evolved over time-not the kind of information most people care to share.

Internet-related applications, like many other software programs, do a lot of internal housekeeping that involves writing information onto the hard disk. For example, the popular Web browser Netscape Navigator creates a file called netscape.hst, which gives a chronological listing of almost everything its user has done with the browser since it was installed.

Simply surfing the Web pushes other data into computer memory, in the guise of 'cookies' and as documents 'cached' on one's disk. Web sites visited can also learn the visitor's Internet service provider, Web browser, and a lot more. A remote Web site could even gain full access to a visitor's hard disk, depending on how aggressive that remote site elects to be and how extensive the protective measures taken by the visitor are.

Software tools now make it fairly straightforward to get a computer to cough up information that its owner may not realize is there. Not to be outdone, computer programmers have developed numerous tools that can defeat most computer forensics tools. Although such counter-forensics programs will remove most traces of sensitive data from a computer, it is extremely difficult to remove all traces that may have been left behind. In the absence of a thorough schooling in the esoteric details of computers, the odds favor the competent computer forensics investigator.

Also favoring the forensics expert are new laws legalizing the accessing of computers by law enforcement agencies. In December 1999 for example, the Australian Parliament passed a bill giving the Australian Security Organization the power to obtain warrants to access computers and telecommunications services, and, if necessary, to delete or alter other data in the target computer and conceal the fact that anything had been done under the warrant. As of February 2000, the Dutch authorities are now permitted to use bugging devices in computers to retrieve text.

Countermeasures

The various legal roadblocks and technical wizardry contrived by governments and law enforcement to block encryption's spread have, of course, curbed neither the need for the technology nor the ingenuity of privacy-loving programmers. As a result, a number of countermeasures have been engineered to augment or replace encryption. Among them are anonymizers, which conceal the identity of the person sending or receiving information, and steganography, which hides the information itself.

The need for anonymity in a democratic society has long been recognized, to shield whistleblowers and political dissenters from retaliation, to protect the records of medical patients, and so on. Less dramatic situations also justify anonymity, such as placing a personal ad or seeking employment through the Internet without jeopardizing one's current job. To be sure, anonymity can be exploited by sociopaths seeking to avoid accountability for their actions. But, in general, it serves a useful social function.

Anonymous and pseudonymous remailers are computers that are accessible through the Internet that launder the true identity of an e-mail sender. Most are operated at no cost to the user. A pseudonymous remailer replaces the sender's e-mail address with a false one and forwards the message to the intended recipient. The recipient can reply to the sender's pseudonymous address, which, in turn, forwards the response to the sender's true address.

Anonymous remailers come in three flavors: cypherpunk, mixmaster, and Web-based. Cypherpunk remailers strip away the message header, which describes where the message came from and how it got there, before forwarding the message to the recipient. Conceivably, someone with physical access to such a remailer's phone lines could correlate the incoming and outgoing traffic and make inferences.

Mixmaster remailers avoid that problem by using stronger encryption and tricks for frustrating traffic analysis, such as padding messages to disguise their true length. But even mixmasters can be compromised. For example, through a concerted effort, it would be possible to detect a correlation between Mr. A sending an encrypted message through a remailer, and Ms. B receiving a message at some variable time afterwards.

Web-based anonymizers range from sites offering conventional anonymizer services, to others where the connection between the user's computer and the anonymizer is itself encrypted with up to 128-bit encryption. The job is done using the standard Secure Socket Layer (SSL) encryption, built into all Web browsers of recent vintage.

For extra privacy, a message may be routed through a series of remailers. Two popular remailer software packages, Private Idaho and Jack B. Nymble, enable the sender to do this automatically.

The Onion Router project (see the site at http://www.onion-router.net) of the Naval Research Laboratory in Washington, D.C., offers another way to string together remailers. What's more, it allows anonymized and multiply encrypted Web browsing in real time.

Onion routing is a two-stage process. The initiator instructs router W (in this case, a proxy server at the firewall of a secure site) to create an onion, which consists of public-key-encrypted layers of instructions. Router X peels off the first layer of the onion, which indicates the next step in the path and supplies a symmetric decrypting key for use when the actual message comes through later.

The onion then goes to Routers Y and Z, depositing keys at each stop. Once the connection is established, the encrypted message is sent through and successively decrypted, arriving at the recipient as plaintext. To respond, the recipient sends the message to Router Z, which encrypts the text, onion-style, and sends it back through the already established path.

Hiding Data

The microdot used by German spies during World War II to transmit strategic information is an example of steganography, used to hide data in plain view. The microdot consisted of a greatly reduced photograph of a page of text, which was pasted over a period in an otherwise innocuous document. A more modern application is the digital watermark, for identifying official copies of copyrighted images and recordings. Unlike encryption, which hides the content of a message in an obvious manner, steganography hides the mere existence of anything hidden. The commercially available computer-based steganography programs popular today rely on three techniques:

1. Merging the information to be hidden into a 'cover' sound file by changing the least significant bit of each digitized sample of the file. The resulting file sounds the same to the human ear and is the same length as the original file.

2. Merging the information to be hidden into a cover image file by changing the least significant bit of the digitized value of the brightness of each pixel. Typical images use 256 levels of brightness, with 8 bits per pixel for black-and-white images and 8 bits for each of the three primary colors (red, green, and blue) per pixel for color images. A lot of data can lurk in a 1024-by-768-pixel image.

3. Hiding data in the areas of a computer floppy disk or hard drive that are normally not accessed. A computer disk is divided into clusters, each of which holds from 512 bytes to over 32,000 bytes. When a file is saved, it uses a portion of one or more clusters; because DOS and Windows store only one file per cluster, the space left over between the end of a file and the end of the cluster (called the slack) is available to hide data in. This scheme is extremely easy to detect, however.

The most commonly used commercial steganography software tools are Hide and Seek, Steganos, StegoDos, White Noise Storm, S-Tools for Windows, Jpeg-Jsteg, and Stealth. For Unix computers, there is SFS (Steganographic File System).

Steganography does have some weaknesses. For one thing, sending or storing many seemingly harmless images or sound files can in itself raise a red flag, unless the sender's normal routine as, say, a musician or photographer warrants such conduct. And although image and sound files hiding information may seem natural to the eye or ear, the difference may still be detectable by techniques devised to spot such aberrations.

Interestingly, the extent to which hidden information can be detected is related to the popularity of the steganography software used. Law enforcement agencies treat steganography much like a computer virus: Once a program hits the market in a big way, tools are developed to detect it. The more extensive the program's use, the more resources are devoted to detecting its footprint.

The Future of Encryption

Encryption today is as strong as it is because there is no need for it to be any stronger. Of course, the underlying mathematical assumptions might be challenged by a breakthrough, such as a solution to factoring large numbers into their prime-number components. Meanwhile, an encryption method can be strengthened by merely adding bits to the encryption key.

Nevertheless, several schemes under development may eventually find use for electronic communication and storage: elliptic curve encryption; voice encryption (already freely available and used worldwide over the Internet); quantum cryptography; and DNA cryptography.

Few microprocessors have been specially designed to run encryption software. Most personal computers can accommodate the hardware and software requirements of modern encryption, but most hand-held devices, such as 3Com's Palm Pilot, cannot. For these devices, a new class of algorithms, known as elliptic curve encryption, is claimed to provide encryption strength equal to that of the standard algorithms in use today, while using a smaller key and arithmetic that is easier on microprocessors and that needs much less memory. Being a new type of encryption, its security has yet to withstand the concerted scrutiny of experts.

Voice encryption is a response to the increasing flow of audio traffic over the World Wide Web, which has led, among other things, to the merging of strong encryption with Internet telephony. Given appropriate software, anyone today can carry on fully encrypted conversations with any other user connected to the Internet.

Perhaps the most advanced such software is SpeakFreely, which is available worldwide free of charge (see http://www.speakfreely.org). Some mainstream voice-over-the-Internet services do not offer encryption, though. Instead, they route the data through the company's servers, thereby opening up a security weakness.

Quantum cryptography is not in itself an encryption algorithm. Rather, it is a means for creating and securing the distribution of private keys. Based on the Heisenberg uncertainty principle, the idea is that communicating photons cannot be diverted from the intended recipient to the unsought-for interceptor without creating an irreversible change in the quantum states of the system.

The precepts of quantum cryptography date from the early 1970s, and research has been ongoing for the last decade at universities such as Johns Hopkins University, in Baltimore, Maryland, and the University of Geneva in Switzerland; at U.S. national laboratories such as Los Alamos; and in the corporate sector, at British Telecom and elsewhere.

In DNA cryptography, each letter of the alphabet is converted into a different combination of the four bases that make up human deoxyribonucleic acid (DNA). A piece of DNA spelling out the message to be encrypted is then synthesized, and the strand is slipped into a normal fragment of human DNA of similar length. The end result is dried out on paper and cut into small dots. As only one DNA strand in about 30 billion will contain the message, the detection of even the existence of the encrypted message is most unlikely.

Shifting Attitudes

If, as seems likely, encryption and related products will continue to develop for personal and commercial uses, countries will have to rethink their policies toward the technology. In what may be a sign of things to come, the German government announced in May 1999, that it would fund the development and free distribution of open-source encryption software that the government itself will be unable to break (see http://www.gnupg.org). The Federal Ministry of Economics and Technology released a report stating that Germany considers the application of secure encryption to be a crucial requirement for citizens' privacy, the development of e-commerce, and the protection of business secrets.

Also in 1999, French Prime Minister Lionel Jospin announced a similar shift, saying that his country would scrap any key escrow plans in favor of free use of cryptography. In both cases, the motivation seems to have been the realization that protecting data from foreign parties outweighs any law enforcement concerns, and that the use of strong encryption furthers, rather than hinders, national security.

Independently, the Canadian government announced in October 1999 that it would not seek to regulate the domestic use of encryption. The significance of such trends is clear: The global reach of the Internet has made it extremely easy for encryption software to travel between countries, with or without controls, and

if one or more major countries elects not to enforce controls, the technology will spread even more easily. Society's transformation into a computer-based economy makes protecting corporate and personal information not only desirable but also necessary.

How then does one balance privacy and confidentiality with security? Governments are undoubtedly obligated to protect their citizens from terrorism and out-and-out criminality. A partial solution may be to criminalize the use of encryption only in the commission of generally recognized serious crimes and to encourage its use elsewhere.

Attempting to control encryption, however, has proved to be an ineffective means of preventing crime and may actually hurt vital national interests. Similarly, the granting of new policing powers to law enforcement agencies will do less to protect a country's critical infrastructure than building better security technology. And if greater security is truly what governments are after, then much can be done with the tools already in hand: Encrypting all important data and communications makes their illegal retrieval and interception useless to the thief.

^[iv]John R. Vacca, The Essential Guide to Storage Area Networks, Prentice Hall, 2002.

^[v]John R. Vacca, Net Privacy: A Guide to Developing & Implementing an Ironclad ebusiness Privacy Plan, McGraw-Hill, 2001.