Digital Fortress

August 26, 2004 · Richard Posner

…is the name of a 1998 novel by Dan Brown, the author of The Da Vinci Code. Digital Fortress is a cyberthriller about the National Security Agency (NSA), which monitors and intercepts electronic communications worldwide. In the book as in real life, the agency is concerned with encryption technologies that can prevent it from decoding the communications that it intercepts.(One of the triumphs of modern technology is the unbreakable code; it used to be that even the cleverest codes could, with enough time and effort, be decoded.) The agency would like all such technologies to contain a “backdoor” that would enable it and only it to decode all intercepted messages.

The book has a number of unrealistic features (I very much doubt, for example, that the NSA employs hit men), but it flags a genuine problem, which is that privacy is an equivocal good. This statement will shock many people, for whom “privacy,” like “liberty” and “justice,” signifies an unallowed good. In fact all that “privacy” means, in the case of communications at any rate, is concealment, which obviously can serve bad as well as good purposes; few civil libertarians are so doctrinaire as to deny that there are some situations in which wiretapping of phone conversations is legitimate. So what if telephone or other electronic communications are so effectively encrypted that wiretapping (or wireless tapping) is impossible? It would be another example, analytically symmetrical with that of the use of encryption to protect (and extend) copyright protection, of technology upsetting a balance deliberately struck by the law, in this case between freedom and safety. Hence the case for the back door. The problem is how to control the back door. In the case of conventional, nonencrypted phone conversations, the government has to obtain a warrant to wiretap. But the (unspoken) assumption is that evidence of criminal activity can usually be obtained without wiretapping, then used as the basis for applying to a judicial officer for a warrant to obtain further conclusive evidence. But in the case of foreign intelligence surveillance, the assumption is that winnowing an enormous mass of unfiltered communications may be the only way of obtaining evidence of some terrorist or other enemy threat, and if so then it would be dangerous to forbid the NSA to read intercepted communications without a warrant. But if the NSA has unlimited authority to read communications, then no communications are really private.

My inclination–it is only that; I am not an expert in these matters–would be to let the NSA have its back door. I think that people who worry a lot about invasions of communicative privacy sometimes overlook the fact that communications are never really private. There is always the possibility that the person at the other end of the communication, the person you trust not to disclose the contents of the communication to anyone else, will betray you, or that he will make a copy of the communication and it will come into the hands of someone who wishes you ill. In the case of email, we all know by now that an email message is likely to sit, forever, on several servers and terminals. So communicative privacy is inherently qualified, imperfect, incomplete; and the question is whether knowledge that your communications may be decoded, scanned, and perhaps stored, by the NSA, is going to inhibit you, or inflict psychological distress; and the answer to both questions probably is no.

I don’t doubt that there potential dangers from allowing government surveillance. Think now of the NSA’s interceptions being filed under the names of the participants in the intercepted communication and placed in a database along with other information about each individual, including for example his commuting patterns gleaned from the E-Z Pass database. Eventually there would be an incredibly detailed dossier on every person in the U.S. The value of such dossiers for preventing terrorism and detecting crime would be immense; but so would be the potential political and psychological consequences if every person knew that the government was in effect tracking his every move.

24 comments · Leave a comment · Permalink
Tagged: no tags
Categorized: Uncategorized

raoul

�National Security Agency (NSA), which monitors and intercepts electronic communications worldwide.�

The big question is: How much of that work is farmed out to private corporations like Dyncorp. or its new parent company Computer Sciences Corp.?

�I very much doubt, for example, that the NSA employs hit men�

Not much doubt that Dyncorp. and Computer Sciences Corp. most definitely hire hitman.

�My inclination . . . would be to let the NSA have its back door�

Bad idea. It�s not even the government that will be checking up on this information. The work is being farmed out and privatized.

According to DynCorp, the US Government is its biggest client, accounting for more than 95% of its revenues. DynCorp is a “top 25″ government contractor, which posted $2.3 billion in revenues in 2002, according to Business Week. After it gobbled up GTE Information Services LLC in 1999, DynCorp has become one of the nation’s largest Federal contractors for IT, or Information Technology, services. Along with Lockheed Martin, SAIC, AMS, and others, DynCorp contracts with federal government agencies to “manage” federal databases.

Dyncorp’s clients include the Drug Enforcement Agency, the Department of Defense, Department of State, Department of Justice, Internal Revenue Service, Securities and Exchange Commission, FBI, CIA, and HUD.

DynCorp personnel, contracted to the U.N. police who served in Bosnia, were accused of buying and selling prostitutes, including girls as young as 12 years old. When several DynCorp employees were also accused of videotaping the rape of one of the women, employee Kathy Bolkovac blew the whistle on the alleged sex ring and was immediately dismissed from the company. It is DynCorp employees who are the security force for the new Afghan president, Hamid Karzai. Former CIA Director James Woolsey is a primary stockholder.
Anonymous

I haven’t seen proof of how extensive collection of such information (on all citizens) would actually help prevent terrorism or crime.

In fact, the effort involved in compiling and then analyzing so much data might actually decrease the effort being spent productively in other areas to negate any possible benefits from that data.

… and this is without even considering the massive potential for abuse by employees with access to this data and the problems with securing such a valuable source of information.
Tom Holsinger

Not to mention that the trapdoors would be used by unauthorized persons.

Science-fiction writers such as Jerry Pournelle, Neal Stephenson and John Barnes have done considerable thinking about these matters.
Anonymous

“My inclination–it is only that; I am not an expert in these matters–would be to let the NSA have its back door.”

The problem with back doors is that they are a deliberate security hole, and once they are in place, there is no way to control who uses them and why. If the NSA were given its back door, you can guarantee that black hats all over the world would put much effort into figuring how it works and how to abuse it.

And since encryption is content-neutral, the only way to ensure that any arbitrary communication is tappable is to make all encryption have a back door. For example, the encryption used to protect, say, bank transactions could also be used to encrypt terrorist plots. But if you back door that encryption in the name of “combatting terrorism”, you have just weakened the whole banking system, making it easier for those same terrorists to attack it.

In short, weakening encryption for the “good” guys also weakens it against the bad guys, and makes about as much sense as locking your car but leaving the window open just in case you lose your keys.
Anonymous

The point of the second amendment is that the states – and by extension their citizens – should have the means to effectively wage war against the federal government. Secure communications is an integral part of warfare. After all, cryptography is classified as ‘munition.’ Compromising the citizens’ right to strong crypto would be against the spirit of the second amendment, if not its letter as well.
Anonymous 2

Like Amitai Etzioni in his book The Limits of Privacy, you
have a reasoned take on the issue. Like Etzioni, however, you
overestimate the competence and goodwill of the government.

As a practical matter there are three factors that mitigate the
importance of encryption. First, the use of encryption (especially in
email) is so rare that it is effectively a red flag for the NSA or law
enforcement agencies. Second, traffic analysis (which does not require
access to the contents of communications) is often very effective.
Third, communications encryption is predicated on the assumption that
the channel is not secure — but in a world unsecure consumer products
like Microsoft Windows, it’s the endpoints that are the weakest links in
the security chain.
Catherine

Envelopes are easily torn open and telephones, historically at least, easily tapped. That these methods of communication are �inherently qualified, imperfect, incomplete� did not prevent the Supreme Court from concluding the Fourth Amendment protects letters and telephone calls. Why should it be any more relevant that an �email message is likely to sit, forever, on several servers and terminals�? To conclude otherwise would be �another example . . . of technology upsetting a balance deliberately struck by the law.�
Cranky Observer

The argument that citizens have or should have no privacy in the face of a government “need” to intercept communications seems to me to be a version of Scott McNealy’s “You have no privacy. Get over it” theory.

The problem I have is that this argument is a one-way trap door. As a citizen, I would very much like to know where Mr. (citizen) Richard Cheney and certain employees of Enron and Halliburon were on the days when certain issues were being discussed. And I believe that I have every right to that information. But Mr. Cheney for some strange reason refuses to give up his privacy concerning that situation.

Similarly, the Supreme Court conducts its deliberations behind a veil of secrecy, and swears its employees to a code of silence. Why? If it is so useful for government to know what citizens are doing, why shouldn’t citizens know what their employees are doing, including the transcripts of discussions and preliminary versions of their work?

But but but you will respond, giving serious and well-though-out arguments why it is necessary for the Supreme Court to have privacy. Exactly.

Cranky
John S.

“My inclination–it is only that; I am not an expert in these matters–would be to let the NSA have its back door.”

My thought on this is as follows: Who is going to “let” the NSA have its back door? Are we saying use encryption algorithms with secret holes in them? Or use secure algorithms that will only be readable with one of two keys: the secret key held between the two parties or some kind of special back door key?

The only way I can think of to “let” them have the back door is to control the encryption algorithms used. That’s just not gonna happen, is it? I mean, lets assume something like AES is not yet breakable by NSA. This is an openly known algorithm –many programmers could implement this encryption algorithm without much effort. Would it be illegal for me to write my own algorithms like this without back doors? If yes, that would be enough to convince me not to do it. But people planning far worse things will not care about breaking this law if they are planning on breaking many more.

Bad guys doing bad things will use their own encryption without backdoors if this is the way it would work. Only people without anything serious to hide would be “backdoor-able” and the core problem would remain — bad people using encryption that is not breakable by our intelligence agencies.
http://www.brucemoldovan.com bruce

We went through this debate back in the 90′s with the “clipper chip.”

“There is always the possibility that the person at the other end of the communication, the person you trust not to disclose the contents of the communication to anyone else, will betray you, or that he will make a copy of the communication and it will come into the hands of someone who wishes you ill.”

Yes, but that’s an upfront transaction cost, known to all parties, of any given private communication. They can evaluate those risks based on their knowledge of the individual and other such factors. Making a bad decision to tell a sqealer something private is completely different from always knowing someone other than the person you are talking to could possibly be listening in without your knowledge. And if you create a backdoor to encryption, it’s only a matter of time before the secret gets out. So not only could the government be decrypting your conversations (presumably with a warrant) but other people who know the backdoor trick will be too (most certainly without a warrant).

Yes, the government could be tapping your phone or bugging your living room, but they have to get a warrant to do that, and for that they need probable cause. Give the government a backdoor to encryption and it will only take a few months before Rehnquist, Thomas, and Scalia make the oh so brilliant determination that the very fact something is encrypted gives the government probable cause to suspect the communication is about criminal activity (“Why else would someone encrypt their conversation?”). That’s the big problem.

That, and the fact that people will invoke terrorism and kiddie porn (and how the sole purpose of our society is to protect ‘the precious children’ from both) to justify backdoors and all other degradations of individual privacy. That doesn’t make it right.

And what about open source encryption? How are you going to mandate a backdoor exist? Are we going to go back to calling unapproved encryption “munitions”? Are we going to make it a federal crime to encrypt your data without a backdoor?

Frankly I’m surprised by Judge Posner’s opinion on this. Pragmatic and economic analyses certainly weigh against backdoors.
http://www.corante.com/importance/ Ernest Miller

I don’t think that many people would be all that shocked that privacy is an equivocal good. Rather than “liberty” or “justice,” I think people would be more likely to compare “privacy” as a good to an equivocal good like “free speech.” Yes, we all recognize that “free speech” is valued, but we recognize there are certain limits to free speech.
Mojo

Here’s the government’s bible on intelligence agency dealings with US persons:
http://www.dod.mil/atsdio/documents/5240.html
Note that this prohibits use of contractors to get around these restrictions (Procedure 15 includes them under the definition of “employee” and Procedure 14 binds all employees to comply with this and other regulations implementing EO12333.) That means that raoul’s concerns are pretty unrealistic. Government agencies gain nothing under the law by contracting out questionable activities. I’m not saying it never happens (look at CACI in Iraq for example) but it’s every bit as subject to review by oversight bodies and every bit as illegal while expanding the numbers of people (potential leakers) involved and reducing govenmental control over these potential squealers.

BTW, much has been made of the fact that CACI’s contract was let by DoI vice DoD, possibly leaving a legal loophole for it’s employees, but why is nobody pursuing the fact that DoI is not legally authorized to engage in Intelligence activities and, therefore, the person who let the contract (to conduct interrogation which is clearly an intelligence function) violated the law and should be prosecuted?
Mojo

Catherine makes a clear and concise case for protecting electronic communications and Anonymous 2 makes the point that unbreakable encryption doesn’t prevent loss of privacy anyway. E-mail should be protected just as telephone calls are; with the same provisions for warrants where necessary. With reasonable restrictions, giving the government a second key is no more of a privacy risk than allowing them to own wiretapping gear.
IMHO, the only effective protection from abusive governmental monitoring is clear rules, strictly enforced, with effective oversight to identify and stop abuses. At this point the weakest of these three factors (all could use work) is the oversight portion. Congress is simply not doing an effective job in this area. Unfortunately, what I’ve seen of the mood post-9/11 is to cut oversight and regulation back even further in the name of “efficiency”. Hopefully the intelligence failures in the runup to Iraq and things like the Abu Ghraib scandal and Copper Green will counter that trend.
Rob Myers

�My inclination–it is only that; I am not an expert in these matters–would be to let the NSA have its back door.�

Which is sweet, but terrorists will simply take to using encryption layers on top of the back-doored protocols. Or switch to carrier pidgeons.

The problem is that terrorists don’t obey the law. That’s one of their defining charecteristics. If it’s illegal to communicate without the NSA being able listen in, terrorists are not going to lose any sleep over using techniques that defeat the legally imposed back-door in the technology.

Which means that the only people the NSA will be able to spy on are ordinary law-abiding citizens. Useful for repressing dissent, useless for counter-terrorism.
http://scalefree.net Tim Keller

Am I on the right blog? I feel like I fell through a timewarp back to 1994 & into the middle of a battle^H^H^H^H^H^Hdiscussion with David Sternlight. Where’s the nearest WAIS server?

I don�t think that many people would be all that shocked that privacy is an equivocal good. Rather than �liberty� or �justice,� I think people would be more likely to compare �privacy� as a good to an equivocal good like �free speech.� Yes, we all recognize that �free speech� is valued, but we recognize there are certain limits to free speech.

I think we’re all looking at it backwards. We’ve become so reflexively jealous of our right to privacy, nobody can see the possibility that there might be an upside to giving up some of it. We’re entering a new age where banding together, sharing information & exercising collective intellligence is needed to overcome the challenges ahead of us. We need to learn news ways of taking down the walls that separate us, not new ways to build more walls.

Scott McNealy is right, we should get over it. Technology has advanced, the genie is out of the bottle & we’ll never again have that privacy we crave. But we shouldn’t simply cede the power to the government & corporations & get nothing in return. Whether we call it the Second Superpower, Emergent Democracy, Smart Mobs, Transparent Society, the Creative Commons or Self Organization, we need to work on harnessing the power of collective activity as a counterbalancing force to the ever-increasing power of government & corporations. Cause if we don’t, we’re screwed.

Tim
—
The Self Organization Project
“we’ve got math on our side”
Anonymous

Back doors are a bad idea, like many people said. Discovering them is all too easy. Once that happens everything except the terrorists will be vulnerable. The best thing is to tap the computers with a keystroke logger or something. It is much easier to do than breaking encryption, because the people have to type and read the info. It is less practical though becuase you need access to the system, not just the communications.

Otherwise there is also Steganography( Data hiding). So what happens when data is hidden and then encrypted? In this scenario it is a serous hurdle to find out where there is encryption. Lets say you send a message as a low bandwith movie(Divx, Xvid, even Windows media). How hard would it be to analyze for what is encoding artifacts as opposed to hidden data?

There is also the mostly anonymizing Freenet, which also makes it hard to find out who sent stuff and from where.

I think that security organizations should still rely primarily on old-fashioned detective work first. Analyzing all the internet traffic is impossible.
Catherine

Mojo references the argument that �encryption doesn�t prevent loss of privacy anyway� because the act of communication requires the revelation of thoughts and ideas to at least one other person.

This conception of privacy as total secrecy seems wrong. One can confess one�s deepest, darkest fears to one�s therapist while still considering these facts private as to the rest of the world. The law is sensitive to this issue, for instance limiting when spouses can be forced to testify against each other. The price we willingly pay is the frustration of some number of criminal prosecutions.
Catherine

The Judge suggests that to determine whether the NSA should be permitted analyze and archive an �enormous mass of unfiltered communications� without any judicial supervision, we should balance whether this �may be the only way of obtaining evidence of some terrorist or other enemy threat,� against whether this sort of mass surveillance will inhibit communication and cause psychological distress.

Another factor worth scrutinizing is the probability that terrorism will be successfully deterred through this approach. It is worth considering the low percentage of emails related to terrorist events (i.e. needle in a haystack), the strong incentive of terrorists to innovate and break the law to disguise their activities, and the potential ineffectiveness of a United States ban on impenetrable encryption in the absence of similar bans in other countries.
Andrew Leifer

“I think that people who worry a lot about invasions of communicative privacy sometimes overlook the fact that communications are never really private.” -Judge Posner

Why is this relavent? Citizens have a right to not be searched without a warrent, even though their house may never really be private (e.g., satellite photos, nosy neighbors, etc). The same applies to the right to privacy, which has been a right since Warren and Brandeis spelled it out in 1890:

“The Right to Privacy” by Warren and Brandeis Harvard Law Review Vol. IV December 15, 1890 No. 5

“Political, social, and economic changes entail the recognition of new rights, and the common law, in its eternal youth, grows to meet the new demands of society. [...] Gradually the scope of these legal rights broadened; and now the right to life has come to mean the right to enjoy life, — the right to be let alone; the right to liberty secures the exercise of extensive civil privileges; and the term “property” has grown to comprise every form of possession — intangible, as well as tangible.”
[....]
“Recent inventions and business methods call attention to the next step which must be taken for the protection of the person, and for securing to the individual what Judge Cooley calls the right “to be let alone”"
MichaelD

Why are we always trying to create Superman? Or, in this case a super-NSA – some sort of force for good that has the edge over the forces of evil allowing everybody to sleep better. Despite George Bush’s assertion, good and evil don’t exist as absolutes and I’m amazed that a judge, the one profession facing this fact every hour, is taking such a position.

Justice is a process that relies on ordinary people with ordinary skills and powers because we have already discovered that people with extra-ordinary skills or super-powers don’t actually use them the way we desire. Even people whose heart is generally in the right place, the vast majority of people in the world, end up screwing up by having too much power.

This is even more true of policing and the intelligence services. James Bond, licenced to kill, makes good cinema – not good government policy. Look at the mess the CIA got into when it tried to dictate who deserved to live thirty years or so ago.

Unchecked senates don’t make better laws. Bigger guns don’t make better cops. Encryption trapdoors won’t make better government agents.
Mojo

Catherine; actually it was the Judge, not me, who referenced the idea that “the act of communication requires the revelation of thoughts and ideas to at least one other person”. I actually agree with you on that matter and think Bruce knocked it out of the park earlier. I was referring to Anonymous 2′s comments about encryption not preventing loss of privacy anyway due to things like flagging, traffic analysis and, most importantly, end-point intrusion. Basically that means that “they” can note that you’re using “unbreakable” encryption which flags you as unusual, they review your communication patterns to see if you meet a threat profile and, if you do, they then go directly into your computer and/or those with which you’re communicating and look at the unencrypted messages at the end-points. IMHO, since there is no technological means of guaranteeing privacy, we need to put more emphasis on using law and oversight to restrict governmental intrusion.
anonymous

end-point spying is very easy to foil with a little intelligence. If you’re using
unbreakable encryption to send the message. simply store the message
in the same encryption on disk. Only read the message when disconnected
from any network, on a separate machine and then securely delete the
cleartext file from that machine’s hard disk, or never write the clear text to
disk (locked memory pages) Same thing when composing the message,
use a dedicated non-connected off-site, hidden machine to compose
message. Transfer it encrypted to the sending machine by floppy or usb mem stick
and send it or send it from the public library.
Joe

The government already collected such information inside the US (maybe illegally) through agreements with the UK and Australian governments. The so-called ESCHELON network and international agreements. Did it prove effective in the past? Not really. Has the FBI, when using such powers (under Hoover), used them inappropriately? Yes. My conclusion: while the government has legitimate interests in protecting us, unchecked secret survellence of its citizens should not be allowed or tolerated as it will ultimately be used for purposes other than protection.

And there are several technical issues with backdoor requirements. Here’s three: This essentially means the government will determine which types of encryption will be allowed – -do we trust government to tell us which technologies are better. A backdoor which can be used by the government can be used by other governments or individuals — they can get the backdoor key from the manufacturer or from someone inside the government — this is like putting all of the nation’s eggs in a single basket with a known hole. Licensing terms on some products do not allow restricting users from making modifications (the GPL for example). There can be no effective Free Software implementations of backdoored encryption technologies.

Please, before ever making a decision on such issues think about the ways such powers have been abused in the past and what new ways they can be abused in the future.
Bill Snyder

You might think this is silly..but..Digital Fortress, Chapter 35, page 149 (paperback book) How did Rocio know his name was Becker?