Inaccurate study quoting, Re: anti-crypto rhetoric (Ellison,

Peter Sommer hcorn at cix.co.uk
Sun, 5 Apr 1998 8:26 +0100 (BST) 

Dorothy:

Thank you for the clarification about your sources for your study.  I am
not unsympathetic to the problem;  I am always pleased when I have the
opportunity to talk to people "behind the veil" and not only for reasons
of self-importance - I think some of them need to be exposed to the
perspectives of those of us who operate in the open world.

But there is always a difficulty:  ultimately what they tell you is often
unverifiable.  They could be telling the truth,  they could be telling
what they believe to be true but is the result of misdiagnosis or
misinformation, or they could be bending the truth in the never-ending
battle to create a policy climate favourable to them and the government
budgets they need to survive.

In particular I don't think one should under-estimate the extent to which
the spooks can get things wrong;  quite apart from the well-known history
of "intelligence mistakes" I have my own experiences in the occasional
instruction as an expert in criminal proceedings to draw on.  If I compar=
e
 the claims of Jim Christy and others in the matter of the Rome Labs
hackers with what I saw as evidence in the resulting UK cases, for
example,  or compare the certainty with which commentators state that
Vladimir Levin was able to hack into Citibank without inside help with th=
e
actual evidence tendered in London for his extradition ......  Both these
cases of course feature high in the ever-expanding,  ever-shriller
"information warfare" agenda.

And all of this is why so many of us are asking for the specifics of the
need for LAK.

Here is the UK the total open budget for monitoring serious crime - the
annual budget of the National Criminal Intelligence Service is only =A330=
m.
Its remit includes narcotics trafficking,  money laundering (it receives
and collates the reports of unusual transactions),  organised crime
including the Turkish, Russian, Italian and other mafias as well as our
own local heroes,  paedophilia,  extortion and soccer hooliganism. That's
under a $1 for every inhabitant of the UK.  What puzzles me is this:  if
on the one hand the problems of organised crime are so small to rate such
a low budget,  why,  on the other, are we being asked to accept such an
instrusive policy in relation to crypto?  Is there really a case-book of
instances which, if revealed,  would persuade us to accept the intrusion
as a necessary price for freedom?

As one of the many cliches in Private Eye has it:  I think we should be
told.

The issue of what happens when digital evidence is seized in the
ordinary way (that is,  through regular warrant) and turns out to be
encrypted should be distinct from LA requests to have LAK for intelligenc=
e
fishing expeditions.   As you say,  all your cases seem to refer to the
former situation.  I have no difficulty in accepting the existence of
encrypted files and disks and the problems they create for law
enforcement.   Interestingly enough, the "old" DTI TTP proposals
specifically excluded many of the devices / technologies that are used fo=
r
file and disk encryption.    The alternative legal route here is to allow
/ extend the ability of the court to issue orders for decryption keys to
be released (under certain conditions) or to allow adverse comment to be
made if someone refuses to do so.  (This takes us into the tricky area of
the right against self-incrimination etc, of course).   The absence of
discussion of these matters is quite surprising.



rgds


Peter


=20


|---->   Peter Sommer   ------------------------------------------->|
|---->   hcorn@cix.co.uk   P.M.Sommer@lse.ac.uk  ------------------>|
|---->   Academic URL:  http://csrc.lse.ac.uk/csrc/pmscv.htm  ----->|
|---->   Commercial URL:  http://www.virtualcity.co.uk  ----------->|
=20