[e-privacy] (fwd) FBI can't crack PGP - There are no "backdoors"

[starwars]

-- forwarded message --
Message-ID: <I1UND7JY38525.1808796296 at reece.net.au>
From: Thrasher Remailer <thrasher at reece.net.au>
Newsgroups: alt.privacy,alt.security.pgp,alt.privacy.anon-server
Subject: FBI can't crack PGP - There are no "backdoors"
Date: 21 Jun 2005 20:20:28 -0000
Lines: 147

http://www.pcworld.com/resource/printable/article/0,aid,110841,00.asp

PGP Encryption Proves Powerful

If the police and FBI can't crack the code, is the technology too
strong?

Philip Willan, IDG News Service Monday, May 26, 2003

ROME -- Italian police have seized at least two Psion personal
digital assistants from members of the Red Brigades terrorist
organization. But the major investigative breakthrough they were
hoping for as a result of the information contained on the devices
has failed to materialize--thwarted by encryption software used by
the left-wing revolutionaries.

Failure to crack the code, despite the reported assistance of U.S.
Federal Bureau of Investigation computer experts, puts a spotlight on
the controversy over the wide availability of powerful encryption
tools.

The Psion devices were seized on March 2 after a shootout on a train
traveling between Rome and Florence, Italian media and sources close
to the investigation said. The devices, believed to number two or
three, were seized from Nadia Desdemona Lioce and her Red Brigades
comrade Mario Galesi, who was killed in the shootout. An Italian
police officer was also killed. At least one of the devices contains
information protected by encryption software and has been sent for
analysis to the FBI facility in Quantico, Virginia, news reports and
sources said.

The FBI declined to comment on ongoing investigations, and Italian
authorities would not reveal details about the information or
equipment seized during the shootout. Pretty Good Privacy

The software separating the investigators from a potentially
invaluable mine of information about the shadowy terrorist group,
which destabilized Italy during the 1970s and 1980s and revived its
practice of political assassination four years ago after a decade of
quiescence, was PGP (Pretty Good Privacy), the Rome daily La
Repubblica reported. So far the system has defied all efforts to
penetrate it, the paper said.

Palm-top devices can only run PGP if they use the Palm OS or Windows
CE operating systems, said Phil Zimmermann, who developed the
encryption software in the early 1990s. Psion uses its own operating
system known as Epoc, but it might still be possible to use PGP as a
third party add-on, a spokesperson for the British company said.

There is no way that the investigators will succeed in breaking the
code with the collaboration of the current manufacturers of PGP, the
Palo Alto, California-based PGP, Zimmermann said in a telephone
interview.

"Does PGP have a back door? The answer is no, it does not," he said.
"If the device is running PGP it will not be possible to break it
with cryptanalysis alone."

Investigators would need to employ alternative techniques, such as
looking at the unused area of memory to see if it contained remnants
of plain text that existed before encryption, Zimmermann said.
Privacy vs. Security

The investigators' failure to penetrate the PDA's encryption provides
a good example of what is at stake in the privacy-versus-security
debate, which has been given a whole new dimension by the September
11 terrorist attacks in the U.S.

Zimmermann remains convinced that the advantages of PGP, which was
originally developed as a human rights project to protect individuals
against oppressive governments, outweigh the disadvantages.

"I'm sorry that cryptology is such a problematic technology, but
there is nothing we can do that will give this technology to everyone
without also giving it to the criminals," he said. "PGP is used by
every human rights organization in the world. It's something that's
used for good. It saves lives."

Nazi Germany and Stalin's Soviet Union are examples of governments
that had killed far more people than all the world's criminals and
terrorists combined, Zimmermann said. It was probably technically
impossible, Zimmermann said, to develop a system with a back door
without running the risk that the key could fall into the hands of a
Saddam Hussein or a Slobodan Milosevic, the former heads of Iraq and
Yugoslavia, respectively.

"A lot of cryptographers wracked their brains in the 1990s trying to
devise strategies that would make everyone happy and we just couldn't
come up with a scheme for doing it," he said.

"I recognize we are having more problems with terrorists now than we
did a decade ago. Nonetheless the march of surveillance technology is
giving ever increasing power to governments. We need to have some
ability for people to try to hide their private lives and get out of
the way of the video cameras," he said. More Good Than Harm?

Even in the wake of September 11, Zimmermann retains the view that
strong cryptography does more good for a democracy than harm. His
personal website, PhilZimmerman.com, contains letters of appreciation
from human rights organizations that have been able to defy intrusion
by oppressive governments in Guatemala and Eastern Europe thanks to
PGP. One letter describes how the software helped to protect an
Albanian Muslim woman who faced an attack by Islamic extremists
because she had converted to Christianity.

Zimmermann said he had received a letter from a Kosovar man living in
Scandinavia describing how the software had helped the Kosovo
Liberation Army (KLA) in its struggle against the Serbs. On one
occasion, he said, PGP-encrypted communications had helped to
coordinate the evacuation of 8,000 civilians trapped by the Serbs in
a Kosovo valley. "That could have turned into another mass grave,"
Zimmermann said.

Italian investigators have been particularly frustrated by their
failure to break into the captured Psions because so little is known
about the new generation of Red Brigades. Their predecessors left a
swathe of blood behind them, assassinating politicians, businessmen,
and security officials and terrorizing the population by
"knee-capping," or shooting in the legs, perceived opponents. Since
re-emerging from the shadows in 1999 they have shot dead two
university professors who advised the government on labor law reform.
Cracking the Code

Zimmermann is not optimistic about the investigators' chances of
success. "The very best encryption available today is out of reach of
the very best cryptanalytic methods that are known in the academic
world, and it's likely to continue that way," he said.

Sources close to the investigation have suggested that they may even
have to turn to talented hackers for help in breaking into the seized
devices. One of the magistrates coordinating the inquiry laughed at
mention of the idea. "I can't say anything about that," he said.

The technical difficulty in breaking PGP was described by an expert
witness at a trial in the U.S. District Court in Tacoma, Washington,
in April 1999. Steven Russelle, a detective with the Portland Police
Bureau, was asked to explain what he meant when he said it was not
"computationally feasible" to crack the code. "It means that in terms
of today's technology and the speed of today's computers, you can't
put enough computers together to crack a message of the kind that
we've discussed in any sort of reasonable length of time," he told
the court.

Russelle was asked whether he was talking about a couple of years or
longer. "We're talking about millions of years," he replied.


-- end of forwarded message --