17 July 1998

See also DES Cracker press release

Date: Fri, 17 Jul 1998 09:13:46 -0500
To: John Young <jya@pipeline.com>
From: Alan Davidson <abd@CDT.ORG>
Subject: NYT: DES is dead; CALEA is crippled

FYI: In case you haven't seen them yet, this morning's New York Times
includes two important stories about online privacy worth posting.

"U.S. Data-Scrambling Code Cracked With Homemade Equipment" describes how a
group of California researchers led by John Gilmore and Paul Kocher have
built a DES-cracking machine for $250,000. The machine was used this week
to crack a 56-bit DES key in 56 hours, and the group expects to make plans
for the machine widely available. This is damning evidence of what we all
have been saying for years: The 40-bit and 56-bit limits imposed by U.S.
export controls will not protect security; certainly a well-financed
criminal group could easily break these codes.

"F.B.I. Seeks Access to Mobile Phone Locations" reports on the breakdown of
the privacy-law enforcement balance crafted by Congress in the CALEA
"digital telephony" law. The FBI is seeking to add language to the Justice
appropriations bill rewriting the 1994 CALEA statute and the limitations
placed on the FBI's ability to require new surveillance capabilities be
built in to the phone networks. For example, in 1994 FBI Director Freeh
testified that the FBI had no interest in getting even general cellular
phone location information; now the FBI is seeking to require telephone
companies to provide police agencies with the precise location of cellular
phone users, without even probable cause in many cases.




July 17, 1998

U.S. Data-Scrambling Code Cracked With Homemade Equipment

SAN FRANCISCO -- In a 1990s variant of a John Henry-style  competition
between man and machine, researchers using a homemade  supercomputer have
cracked the government's standard data-scrambling  code in record time --
and have done it by out-calculating a team that  had harnessed thousands of
computers, including some of the world's most  powerful.

That breakthrough, in a contest sponsored by a Silicon Valley
computer-security software company, is being hailed by critics of U.S.
export policy for data-scrambling technology as proof that a well-heeled
group of terrorists or other criminals could easily break the code used  by
many banks, financial institutions and even government agencies.

The  government has long sought to keep the most powerful scrambling, or
encryption, software out of the hands of foreign criminals or terrorists
by setting limits on the strength of such software that can be licensed
for export. Critics of that policy have argued that not only is more
powerful encryption technology already available from foreign producers,
but the government-approved version is too weak to truly protect
legitimate business users.

The code was cracked using a mere $250,000  worth of equipment.

The type of encryption that was broken, known as  DES, for Data Encryption
Standard, has traditionally been used by banks  and other financial
institutions for protecting the transmission of  funds and other
transactions requiring high security. It has also been  used in certain
instances by the U.S. military. The form of DES that was  broken uses a

56-bit key, far more secure than the 40-bit keys that the  government
allows to be exported.

Because of concerns about security,  however, many business users are
increasingly employing a more robust  form, called Triple DES, in which the
length of the digital key that  unlocks the scrambled data is only three
times as large but  exponentially more secure. Triple DES has never been

"This is  more evidence that the government's crypto policy has been
overtaken by  technology," said Marc Rotenberg, director of the Electronic
Privacy  Information Center, a privacy-rights group in Washington. "It's
about  time to end the limits on strong encryption techniques."

The winners of  the $10,000 prize -- given by the contest's sponsor, RSA
Data Security  Inc. -- were John Gilmore, a computer privacy and civil
liberties  activist, and Paul Kocher, a 25-year old cryptographer who has
gained  notoriety in recent years for clever attacks on security systems,
including those designed to protect smart cards and Internet software.

Gilmore and Kocher were able to unscramble the key to unlock and read a
single block of scrambled data in 56 hours. Their home-made machine beat  a
network of almost 20,000 computers, ranging from desktop PCs to
multimillion-dollar supercomputers working cooperatively in a scheme  known
as distributed processing.

Under almost all encryption schemes,  each message is scrambled in a
different way. Thus, breaking the key to  the contest message did not give
them access to other messages scrambled  with DES.

The government has long asserted that it would not be possible  for a
terrorist or other criminal group to design and make a computer  capable of
cracking DES.

To prove that building a supercomputer would be  within the means of many
sinister groups, Gilmore assembled his computer  for $250,000 from
thousands of customized chips capable of testing more  than 90 billion
different keys each second.

"The real news here is how  long the government has been denying that these
machines were possible,"  said Bruce Schneier, a cryptography consultant
and president of  Counterpane Systems in Minneapolis.

The effort was financed by the  Electronic Frontier Foundation, a San
Francisco-based civil liberties  and privacy organization that has sparred
with government and industry  over the impact of new technologies on
traditional civil liberties.

Gilmore, who was a co-founder of the foundation and who for years has  been
active in promoting privacy and civil liberties issues on the  Internet,
was the first employee of Sun Microsystems Inc., a computer  company
founded in 1984. In recent years he has been an outspoken  advocate for
traditional privacy rights in cyberspace, which he believes  are threatened
by the potential for government abuse of powerful new  technologies.

The computer was designed by Gilmore and Kocher, who  ultimately assembled
a team of about a dozen computer researchers to  build the machine from
more than 1,000 chips, each designed to test  millions of the mathematical
keys that can unlock a scrambled message.

The chips and the circuit boards on which they were mounted -- 27 boards
each holding 64 chips -- were installed in several old Sun computer
chassis. The boards were linked by a simple cable to a standard personal
computer that controlled the entire process.

In recent years the growing  power of personal computers and the ability to
hook inexpensive  computers together has made cracking DES far less
daunting to  organizations with limited resources.

In 1997, RSA Data Security Inc., a  Silicon Valley software company,
offered a prize to the first person or  organization that successfully
cracked a DES scrambled message. The  prize was claimed within five months
by a loosely connected group of  computers scattered around the Internet.
In early 1998, the prize was  offered again, and it was claimed in 39 days.

Gilmore named his custom  chip Deep Crack, a tongue-in-cheek allusion to
IBM's chess-playing Deep  Blue. Each Deep Crack chip is a collection of 21
special units capable  of performing a DES encryption on a character
millions of times a  second. After each unit completes a scrambling
operation it checks its  result against a table to determine if it has
found an "interesting  result" -- that is, a letter or a number that could
possibly be part of  a complete message.

On Wednesday evening, after checking billions of  keys, the computer was
able to determine that the message that had been  hidden by the RSA judges
was: "It's time for those 128-, 192-, and  256-bit keys."

To unscramble the message, it had to try  17,902,806,669,197,312 keys, or
about 25 percent of all the possible  combinations.

Copyright 1998 The New York Times Company

From http://books.nytimes.com/library/tech/98/07/biztech/articles/17tap.html

July 17, 1998

F.B.I. Seeks Access to Mobile Phone Locations

Director Louis J. Freeh of the F.B.I. has asked members of the  Senate
Appropriations Committee to append to the Justice Department
appropriations bill language that would require telephone companies to
provide police agencies with the precise location of cellular phone  users,
in some cases without a court order.

After learning last week of Freeh's meeting with committee members, civil
liberties groups and the  telecommunications industry began marshaling
opposition. Privacy  advocates say the proposal is a dangerous and
unconstitutional invasion  of privacy, and the telecommunications industry
predicts that  implementing such a law would cost billions of dollars.

On Friday,  Attorney General Janet Reno will meet with William Kennard, the
director  of the Federal Communications Commission to make the F.B.I.'s
case that  such legislation is needed if the agency is to stay current with
an  evolving technology that enables criminals to use mobile phones to
avoid  detection.

Most alarming to civil liberties advocates is a provision in  the proposed
amendment that would allow police agencies to demand the  location of a
cellular phone user without a court order in certain  "emergencies,"
defined broadly as the suspicion of a felony, the pursuit  of a fugitive or
instances in which human safety is deemed to be in  jeopardy.

The proposed amendment would also streamline the legislative  review
process, narrowing the opportunity for public comment. Under the  1994 law,
that process is now overseen by the F.C.C. Among the issues  that fall
under that review process are the limits of surveillance by  police
agencies on future data networks.

The advanced technology that  would enable the kind of tracking that the
F.B.I. is seeking is now  being deployed nationwide to permit 911 emergency
services centers to  ascertain the exact physical locations of cellular
callers. Such systems  use a triangulation scheme that measures variances
in signal strength to  calculate the location of a phone user within an
area roughly equal to  that of a football field.

But while the 911 centers would only track a  caller who had dialed for
emergency help, the technology permits phone  companies to get location
information on any cellular phone that is  turned on and operating within
the cellular network, whether or not the  user is actually making a call.

It is this information to which the  F.B.I. is demanding access.

Civil liberties scholars and cellular  telephone industry executives say
they believe that the agency has  crossed an important line and is asking
for broad new powers that  potentially raise a "Big Brother" specter.

"This is Orwellian," said Tom  Wheeler, president of the Cellular Telephone
Industry Association. "This  is about revising the Bill of Rights via a
Congressional appropriations  bill."

The proposal has also raised concerns among constitutional  scholars who
view the language of the proposed amendment as overly broad  and a
violation of the Fourth Amendment's protections against illegal  searches.

"This is very close to a dragnet search, and I'm not clear you  should be
able to do this even with a warrant," said Richard Epstein, a  professor at
the University of Chicago Law School. "I think they've gone  too far on
this one."

Privacy groups and industry executives also  criticized the proposal
because it would strip away congressionally  mandated public oversight.

"They are trying to eliminate the whole  concept of public accountability,"
said James Dempsey, a  telecommunications expert at the Center for
Democracy and Technology, a  privacy rights group based in Washington.

F.B.I. officials insist that  the agency is merely trying to keep up with
rapidly changing technology  that is confounding law-enforcement agencies
with new communications  systems.

"We attempted to balance privacy concerns with the needs of law
enforcement," said Barry Smith, a spokesman for the F.B.I. "We're just  as
concerned about protecting the Fourth Amendment as anyone else. But  when
this is needed to solve a crime, we need to get the information."

Privacy rights groups have been particularly angered because until
recently, F.B.I. officials had stated publicly that law-enforcement
agencies had no interest in precise location information.

Now, however,  the agency is saying that because changing technology has
made such  information possible, law-enforcement officials should have
access to  it.

Copyright 1998 The New York  Times Company