Inaccurate study quoting, Re: anti-crypto rhetoric (Ellison,

[Brian Gladman]

Some comments below on Dorothy's and related postings.

From: Dorothy Denning <denning@cs.georgetown.edu>
To: ukcrypto@maillist.ox.ac.uk <ukcrypto@maillist.ox.ac.uk>
Date: 03 April 1998 14:59
Subject: Re: Inaccurate study quoting, Re: anti-crypto rhetoric (Ellison,

>This is the most relevant part of our report regarding the number of
>computer forensics cases involving encryption.  We made no estimate
>for the number of wiretaps involving encryption.
>
>Regards,
>Dorothy
>--------------
>
>
>The FBI's Computer Analysis Response Team (CART) forensics lab reported
>that encryption was encountered in 2% of 350 submissions to the
>headquarters component in 1994 and 5-6% of 500 submissions (25-30 cases)
>in 1996.  This represents a quadrupling of cases from 1994 to 1996,
>which averages out to an annual doubling or growth rate of 100%.  A
>submission could be anything ranging from a single floppy disk to
>several boxes of disks or complete systems.  CART also estimated that
>about 5-6% of the 1,500 cases handled in the field involved encryption,
>the largest categories being child pornography and computer crime cases.
>This corresponds to about 75-90 cases.  It does not include cases
>handled by other federal law enforcement agencies, including the Drug
>Enforcement Administration (DEA), Treasury (Secret Service, Customs, and
>IRS), or state and local law enforcement agencies.  It also excludes
>national security cases (foreign intelligence, counter-intelligence, and
>defense cases) and cases involving intercepts of encrypted telephone
>communications.  In his March 19 testimony before the Senate Committee
>on Commerce, Science, and Transportation, FBI Director Louis Freeh
>reported that the number of requests for decryption assistance
>pertaining to communications interceptions had risen steadily over the
>past several years [Freeh 97].
>
<material deleted>

Thanks to Dorothy for posting this.

I have not looked at this work recently but when I went through it soon
after it was first published I was struck by the fact that nearly all of the
cases were about the encryption of stored data. There seemed very little
evidence that I could see that justified key escrow since this is a
technique oriented to support intercept access rather than access to stored
data.

If this is a correct interpretation of the findings, it suggests that the
real need of law enforcement authorities is to be able to obtain access to
encrypted data under 'search warrant' style procedures rather than via
communications intercept.  In the UK the former command widespread support
whereas the latter attract considerable public hostility and concern about
misuse.  It would hence seem that affirming the right of law enforcement
authorities to secure access to encrypted data under search warrant style
procedures would be an effective way forward and one that would command
widespread public support.   If the rumours are right, however, this is not
'what
we are about to receive' from the current UK government!

Turning to the response (reproduced below) by Robert Perillo to the original
posting by Carl Ellison to Comp-Risks it is again surprising that the cases
he quotes from Dorothy's work are all (or nearly all?) file encryption
examples.  Again, therefore, if there is a problem (and I remain unconvinced
of this) the reaction of the authorities in pushing Key Escrow/Key Recovery
seems very misdirected.


         Brian Gladman

-------------------------------

The statement made by Carl Ellison <cme@cybercash.com>, 06 Mar 1998
(RISKS-19.62), "How come Dorothy Denning didn't find any significant use of
crypto by criminals in her survey of law enforcement officers?", is
inaccurate.  The Denning-Baugh report, referenced below, did find
significant use of encryption by criminals, 500 current cases worldwide,
over 20 cases were presented in detail, and they estimate that the number is
growing at annual rate of 50-100% (some cases from the report are listed
below).  In more than one of the cases, the encrypted information could not
be deciphered by law enforcement.

The report does make clear that encryption could pose problems for law
enforcement in the future.  "Our findings suggest that the total number of
criminal cases involving encryption worldwide is at least 500, with an
annual growth rate of 50 to 100 percent."  And "Quite a few people are
technically sophisticated."

Instead, the study's main conclusion was that it was unable to find any
current incident where the use of cryptography significantly hindered an
investigation or prosecution.  "Most of the investigators we talked to did
not find that encryption was obstructing a large number of investigations.
When encryption has been encountered, investigators have usually been able
to get the keys from the subject, crack the codes, or use other evidence,"
states the report.

The statements that criminals have not used Crypto AG or CyLink encrypting
telephones are also incorrect.  The Denning-Baugh report did not even
address this topic.  But, evidence was presented in the late 1980's that
possible foreign Terrorist organizations and Drug Cartels were using Crypto
AG Voice Ciphering products.  According to an ex-employee's legal filings,
and "tell-all" book, Crypto AG was requested to insert flaws and weaknesses
into their equipment that could be falling into criminal hands.

An interesting observation about the report is that when encryption is
encountered by law enforcement, they are unprepared to deal with it and
forced to use in-house computer forensic specialists (with little training
in cryptography), consultants, academics, and/or private companies to attack
the problem.  While the U.S. Government spends at least $7 to $10 billion
per year on "code breaking" at Military-Defense and Intelligence
organizations, under current law ("posse comitatus" on up) it is illegal for
these resources to be used for domestic law enforcement.  We could change
these laws, and increase funding to these agencies to handle their new
mission? We could create similar agencies inside domestic law enforcement at
equivalent cost? Therefore, the requests by law enforcement, to promote and
have access to corporate and local Key Recovery systems, can be seen as a
low-cost solution to the problem and an effort to save money for the
U.S. taxpayer.

The cases examined include:

* "The Japanese death cult, Aum Shinrikyo, which used encryption to store
records on its computers.  Authorities were able to decrypt the files in
1995
after finding the decryption key on a floppy disk.  And found evidence of
plans to launch attacks in the U.S. and Japan."

* The New York subway bomber, Edward Leary, who had created his own
encryption system to scramble files on his computer.  According to the
report, after Manhattan police "failed to break the encryption, the files
were sent to outside encryption experts.  These experts also failed.
Eventually, the encryption was broken by a federal agency.  The files
contained child pornography and personal information which was not
particularly useful to the case."

* "A police department in Maryland encountered an encrypted file in a drug
case.  Allegations were raised that the subject had been involved in
document counterfeiting, and file names were consistent with formal
documents.  Efforts to decrypt the files failed, however, so the conviction
was on the drug charges only."

* "The head of a California gambling ring kept his records in a commercial
accounting program encrypted with a code word.  The maker of the program
refused to help law enforcement break the code, but access to the files was
gained by exploiting a weakness in the computer system.  This yielded four
years of bookmaking records which resulted in a guilty plea on criminal
charges and payment of back taxes."

* The espionage case against former CIA employee Aldrich Ames, who was
directed by his Soviet handlers to encrypt computer file information that
was passed to them, "and was eventually convicted of espionage against the
U.S., was aided because the investigator handling the case was able to
decrypt Ames's files using AccessData Corp. software (an automatic
de-encryption program)."

References :

* National Strategy Information Center, Dorothy Denning and
   William Baugh, "Encryption and Evolving Technologies as Tools
   of Organized Crime and Terrorism," July, 1997.

* The Washington Post - WashTech, Elizabeth Corcoran, "Around
   the Beltway, Encryption: Who will Hold the Key? Two Bills
   Reflect the Split over Restrictions", Aug-04-1997.

* Mercury News, Simson Garfinkel, "Denning unable to confirm FBI
   Assertions; alters her position", 31-Jul-1997.

Robert Perillo, CCP, CNE     Richmond, VA     perillo@dockmaster.ncsc.mil
Staff Computer Scientist                      perillo@gibraltar.ncsc.mil