Skip to main content

EFFector - Volume 11, Issue 11 - Senate Passes 3 Internet Censorship Bills

             EFFector       Vol. 11, No. 11       July 23, 1998
                               editor@eff.org
   A Publication of the Electronic Frontier Foundation     ISSN 1062-9424
                                      
  IN THE 139th ISSUE OF EFFECTOR
  
     * SENATE PASSES 3 INTERNET CENSORSHIP BILLS
     * EFF DES CRACKER MACHINE BRINGS HONESTY TO CRYPTO-POLICY DEBATE
     * EFF & OTHER GROUPS WARN CONGRESS OF DANGERS IN NEW FBI WIRETAP
       WISHLIST
     * ADMINISTRIVIA
       
   See http://www.eff.org for more information on EFF activities &
   alerts!
     _________________________________________________________________
   
   
   
  FOR IMMEDIATE RELEASE
  
    July 21, 1998
    
    CONTACT:
    
   Electronic Frontier Foundation, +1 415 436 9333, ask@eff.org
   
   Laste minute update: In addition to the McCain & Coats Internet
   censorship bills, a piece of legislation to ban most forms of online
   gambling Web sites also passed as an amendment to the appropriations
   bill below (which was passed in full by the Senate, July 22, 1998).
   There is presently no action alert issued regarding these bills, but
   one will be forthcoming shortly, when action on the House side is
   clear and we know where to direct our activism. Check
   http://www.eff.org/blueribbon.html periodically for updates.
   
                  ELECTRONIC FRONTIER FOUNDATION REACTS TO
              SENATE PASSAGE OF TWO INTERNET CENSORSHIP BILLS
                                      
                       Statement of Barry Steinhardt
              President of the Electronic Frontier Foundation
                                      
   This afternoon the Senate passed two draconian bills that would
   ultimately prevent access to a wide array of content on the Internet.
   The two bills were passed as amendments to an appropriations bill for
   the Commerce, Justice and State Department. They were brought up
   without any notice to those members of the Senate who opposed them and
   without any opportunity for meaningful debate. In effect, free speech
   on the Internet was the victim of an ambush.
   
   The initial amendment offered by Senators John McCain (R-AZ) and Patty
   Murray (D-WA) would require schools and libraries that receive federal
   funds for Internet connections to install filtering software to block
   "inappropriate" material. The second, "the CDA II" bill sponsored by
   Senator Dan Coats (R-IN) would enact a wide ranging ban on Web posting
   of material deemed "harmful to minors."
   
   The two bills represent a real and present danger to free speech on
   the Internet. The McCain/Murray amendment will force libraries and
   schools to use all-too-frequently crude and overbroad filters that
   block out a wide array of non-"harmful" speech -- everything from the
   Quaker home page to the American Association of University Women has
   been blocked by these programs.
   
   Indeed, you can no more create a computer program to block out one
   community's view of "indecency" or "obscenity" than you can devise a
   filtering program to block out misguided proposals by members of
   Congress. Both may be desirable, but neither are possible.
   
   At first glance, the Coats' CDA II bill appears to be a relatively
   benign provision that purportedly applies only to commercial
   pornographers who market to minors. But it is a Trojan horse. Beneath
   the veneer, it covers any Web site that has a commercial component and
   which has material that some community will consider "harmful to
   minors", even if that is not the material for sale. This ranges from
   the electronic bookseller Amazon.com to EFF's site, which sells books
   and T-Shirts.
                    ___________________________________
   
   The Electronic Frontier Foundation is one of the leading civil
   liberties organizations devoted to ensuring that the Internet remains
   the world's first truly global vehicle for free speech, and that the
   privacy and security of all on-line communication is preserved.
   Founded in 1990 as a nonprofit, public interest organization, EFF is
   based in San Francisco, California. EFF maintains an extensive archive
   of information on encryption policy, privacy, and free speech at
   http://www.eff.org.
   
   
       EFF DES CRACKER MACHINE BRINGS HONESTY TO CRYPTO-POLICY DEBATE
                                      
        ELECTRONIC FRONTIER FOUNDATION PROVES THAT DES IS NOT SECURE
                                      
    CONTACT:
    
   Electronic Frontier Foundation, +1 415 436 9333, ask@eff.org
   
   SAN FRANCISCO, CA -- The Electronic Frontier Foundation (EFF) today
   raised the level of honesty in crypto politics by revealing that the
   Data Encryption Standard (DES) is insecure. The U.S. government has
   long pressed industry to limit encryption to DES (and even weaker
   forms), without revealing how easy it is to crack. Continued adherence
   to this policy would put critical infrastructures at risk; society
   should choose a different course.
   
   To prove the insecurity of DES, EFF built the first unclassified
   hardware for cracking messages encoded with it. On Wednesday of this
   week the EFF DES Cracker, which was built for less than $250,000,
   easily won RSA Laboratory's "DES Challenge II" contest and a $10,000
   cash prize. It took the machine less than 3 days to complete the
   challenge, shattering the previous record of 39 days set by a massive
   network of tens of thousands of computers. The research results are
   fully documented in a book published this week by EFF and O'Reilly and
   Associates, entitled "Cracking DES: Secrets of Encryption Research,
   Wiretap Politics, and Chip Design."
   
   "Producing a workable policy for encryption has proven a very hard
   political challenge. We believe that it will only be possible to craft
   good policies if all the players are honest with one another and the
   public," said John Gilmore, EFF co-founder and project leader. "When
   the government won't reveal relevant facts, the private sector must
   independently conduct the research and publish the results so that we
   can all see the social trade-offs involved in policy choices."
   
   The nonprofit foundation designed and built the EFF DES Cracker to
   counter the claim made by U.S. government officials that governments
   cannot decrypt information when protected by DES, or that it would
   take multimillion-dollar networks of computers months to decrypt one
   message. "The government has used that claim to justify policies of
   weak encryption and 'key recovery,' which erode privacy and security
   in the digital age," said EFF Executive Director Barry Steinhardt. It
   is now time for an honest and fully informed debate, which we believe
   will lead to a reversal of these policies."
   
   "EFF has proved what has been argued by scientists for twenty years,
   that DES can be cracked quickly and inexpensively," said Gilmore. "Now
   that the public knows, it will not be fooled into buying products that
   promise real privacy but only deliver DES. This will prevent
   manufacturers from buckling under government pressure to 'dumb down'
   their products, since such products will no longer sell." Steinhardt
   added, "If a small nonprofit can crack DES, your competitors can too.
   Five years from now some teenager may well build a DES Cracker as her
   high school science fair project."
   
   The Data Encryption Standard, adopted as a federal standard in 1977 to
   protect unclassified communications and data, was designed by IBM and
   modified by the National Security Agency. It uses 56-bit keys, meaning
   a user must employ precisely the right combination of 56 1s and 0s to
   decode information correctly. DES accounted for more than $125 million
   annually in software and hardware sales, according to a 1993 article
   in "Federal Computer Week." Trusted Information Systems reported last
   December that DES can be found in 281 foreign and 466 domestic
   encryption products, which accounts for between a third and half of
   the market.
   
   A DES cracker is a machine that can read information encrypted with
   DES by finding the key that was used to encrypt that data. DES
   crackers have been researched by scientists and speculated about in
   the popular literature on cryptography since the 1970s. The design of
   the EFF DES Cracker consists of an ordinary personal computer
   connected to a large array of custom chips. It took EFF less than one
   year to build and cost less than $250,000.
   
   This week marks the first public test of the EFF DES Cracker, which
   won the latest DES-cracking speed competition sponsored by RSA
   Laboratories ( http://www.rsa.com/rsalabs/ ). Two previous RSA
   challenges proved that massive collections of computers coordinated
   over the Internet could successfully crack DES. Beginning Monday
   morning, the EFF DES Cracker began searching for the correct answer to
   this latest challenge, the RSA DES Challenge II-2. In less than 3 days
   of searching, the EFF DES Cracker found the correct key. "We searched
   more than 88 billion keys every second, for 56 hours, before we found
   the right 56-bit key to decrypt the answer to the RSA challenge, which
   was 'It's time for those 128-, 192-, and 256-bit keys,'" said Gilmore.
   
   Many of the world's top cryptographers agree that the EFF DES Cracker
   represents a fundamental breakthrough in how we evaluate computer
   security and the public policies that control its use. "With the
   advent of the EFF DES Cracker machine, the game changes forever," said
   Whitfield Diffie, Distinguished Engineer at Sun Microsystems and famed
   co-inventor of public key cryptography. "Vast Internet collaborations
   cannot be concealed and so they cannot be used to attack real, secret
   messages. The EFF DES Cracker shows that it is easy to build search
   engines that can."
   
   "The news is not that a DES cracker can be built; we've known that for
   years," said Bruce Schneier, the President of Counterpane Systems.
   "The news is that it can be built cheaply using off-the-shelf
   technology and minimal engineering, even though the department of
   Justice and the FBI have been denying that this was possible." Matt
   Blaze, a cryptographer at AT&T Labs, agreed: "Today's announcement is
   significant because it unambiguously demonstrates that DES is
   vulnerable, even to attackers with relatively modest resources. The
   existence of the EFF DES Cracker proves that the threat of "brute
   force" DES key search is a reality. Although the cryptographic
   community has understood for years that DES keys are much too small,
   DES-based systems are still being designed and used today. Today's
   announcement should dissuade anyone from using DES."
   
   EFF and O'Reilly and Associates have published a book about the EFF
   DES Cracker, "Cracking DES: Secrets of Encryption Research, Wiretap
   Politics, and Chip Design." The book contains the complete design
   details for the EFF DES Cracker chips, boards, and software. This
   provides other researchers with the necessary data to fully reproduce,
   validate, and/or improve on EFF's research, an important step in the
   scientific method. The book is only available on paper because U.S.
   export controls on encryption potentially make it a crime to publish
   such information on the Internet.
   
   EFF has prepared a background document on the EFF DES Cracker, which
   includes the foreword by Whitfield Diffie to "Cracking DES." (See
   http://www.eff.org/descracker/ ). The book can be ordered for
   worldwide delivery from O'Reilly & Associates via the Web
   ( http://www.ora.com/catalog/crackdes ), or phone (1 800 998 9938, or
   +1 707 829 0515.)
     _________________________________________________________________
   
   The Electronic Frontier Foundation is one of the leading civil
   liberties organizations devoted to ensuring that the Internet remains
   the world's first truly global vehicle for free speech, and that the
   privacy and security of all on-line communication is preserved.
   Founded in 1990 as a nonprofit, public interest organization, EFF is
   based in San Francisco, California. EFF maintains an extensive archive
   of information on encryption policy, privacy, and free speech at the
   EFF Web site ( http://www.eff.org ).
   
     _________________________________________________________________
   
   
   
    EFF & OTHER GROUPS WARN CONGRESS OF DANGERS IN NEW FBI WIRETAP WISHLIST
                                       
   July 17, 1998
   
   The Honorable Ted Stevens
   Chairman
   Committee on Appropriations
   United States Senate
   Washington, D.C. 20510
   
   Dear Mr. Chairman:
   
   We are writing to urge you to reject any efforts by the Federal Bureau
   of Investigation to use the appropriations process to expand its
   electronic surveillance powers through amendments to the
   Communications Assistance for Law Enforcement Act (CALEA). Four years
   ago, FBI Director Freeh hailed CALEA as achieving "a delicate but
   critical balance between public safety and privacy and constitutional
   rights." Director Freeh praised CALEA:
   
     "I think we have reached a remarkable compromise and achievement in
     preserving that tool [wiretapping] as it has existed since 1968 and
     yet balancing all the technology and privacy concerns which are so
     precious to all of us."
     
   - FBI Director Louis Freeh, Congressional testimony, August 1994.
   
   But ever since the law was enacted, the FBI has tried to use it not
   merely to preserve its surveillance capabilities as Congress intended,
   but to expand them, demanding that companies build expensive new
   surveillance features. Using the checks and balances in the law, the
   undersigned privacy groups have asked the FCC to reject the FBI's
   demands.
   
   We understand that the FBI is now asking Congress for major revisions
   of the 1994 law, to mandate the FBI's requests for expanded
   surveillance capabilities and strike from the Act key provisions
   intended to ensure a balance between privacy and law enforcement. We
   understand that the FBI has asked that there be attached to the CJS
   appropriations bill an amendment that would:
     * Codify the FBI's entire list of enhanced surveillance capabilities
       -- For over a year, industry and privacy groups have opposed the
       FBI's efforts to use CALEA to expand government surveillance
       capabilities. The FBI's proposed expansions are now being
       challenged before the FCC. The FBI amendment would terminate the
       FCC proceeding by ordering the Commission to adopt without
       revision the entire FBI wish list, including the capabilities to
       track wireless phone users without meeting constitutional
       standards and to continue monitoring all parties to a conference
       call after the suspect has dropped off the call.
     * Eliminate public accountability - The proposed amendment states
       that the FCC shall enact the FBI wish list immediately and
       "without notice and comment." This means that privacy groups would
       have no right to have their concerns heard. When Congress set up
       the CALEA process, it required the FCC to protect privacy and
       minimize cost. The FBI amendment would render those considerations
       irrelevant.
     * Require carriers to disclose "the exact physical location" of
       wireless phone users without any court approval - In 1994, FBI
       Director Freeh testified that CALEA "does not include any
       information which might disclose the general location of a mobile
       [phone]... There is no intent whatsoever...tto acquire anything
       that could properly be called 'tracking' information." Now the FBI
       is seeking "exact" physical location, going beyond even the cell
       site information industry has offered to provide law enforcement
       in its CALEA plan now under challenge on privacy grounds at the
       FCC.
       Furthermore, the FBI amendment, in a provision that purports to
       address privacy concerns, requires carriers to provide tracking
       information on any wireless phone user for up to two days without
       a court order, upon the mere request of any police officer. This
       is less protection than current law.
     * Establish a bogus standard for access to location information - In
       what the FBI will undoubtedly characterize as a concession to
       privacy, the amendment would require wireless carriers to provide
       location information whenever presented with a court order "based
       upon a finding that there is probable cause to believe that the
       location information is relevant to a legitimate law enforcement
       objective." This is actually weaker than current law, which
       requires at least that the information be relevant and material to
       an ongoing investigation. "Legitimate law enforcement objective"
       doesn't even require that police have an ongoing case. The use of
       the words "probable cause" do not make this provision acceptable.
       The issue is "probable cause" to believe what?
     * Write "reasonableness" out of the statute - In 1994, Director
       Freeh testified that CALEA "reflects reasonableness in every
       provision." The statute specifically said that carriers could be
       required to modify their systems for law enforcement purposes only
       if the changes were "reasonably achievable." Now the FBI amendment
       would amend the Act to state that compliance with the FBI's wish
       list is "deemed reasonably achievable." To "deem" something means
       that we pretend it is so even when it isn't. This amendment
       deprives the FCC of jurisdiction to assess the feasibility and
       cost of CALEA compliance.
     * Packet networks - In another provision that will be characterized
       as a concession to privacy, the amendment states that carriers "to
       the extent possible" shall separate call-identifying information
       from content when transmitted as packet-mode data. Privacy groups
       have asked the FCC to determine how and when this can be done. By
       depriving the Commission of authority over implementation of
       CALEA, the FBI amendment may be precluding privacy groups and
       others from having any input in deciding how surveillance is to be
       conducted in the packet networks that represent the future of
       telephony.
       
   In short, the FBI is trying to rewrite CALEA to get what it failed to
   get from Congress four years ago, and what it has failed to get since
   from industry and through the FCC. The FBI's efforts are under
   challenge at the FCC and in the courts. The FBI's proposed amendment
   is an effort to cut off those challenges.
   
   It is appropriate for Congress at this time to extend the CALEA
   compliance and "grandfather" dates, in order to allow resolution of
   the substantive issues pending before the FCC. It would be
   inappropriate for Congress to grant FBI the authority that it was
   denied four years ago after a lengthy hearing and negotiation process.
   
   The FBI may try to characterize its proposal as a compromise. It is
   not. The granting of a one-time extension to industry and the
   purported concessions to privacy do not come close to justifying a
   fundamental rewriting of CALEA, which is what the FBI amendment would
   do.
   
   We would be happy to meet with you or your staff to discuss our
   concerns more fully.
   
   Sincerely,
   
   Laura W. Murphy
   American Civil Liberties Union
   
   James P. Lucier, Jr.
   Americans for Tax Reform
   
   Jerry Berman
   Center for Democracy and Technology
   
   Barry Steinhardt
   Electronic Frontier Foundation
   
   Marc Rotenberg
   Electronic Privacy Information Center
   
   Lisa S. Dean
   Free Congress Foundation
   
   Cc: The Honorable Robert C. Byrd
       The Honorable Judd Gregg
       The Honorable Ernest F. Hollings
       The Honorable Patrick J. Leahy
   

     _________________________________________________________________
   
ADMINISTRIVIA

   EFFector is published by:
   
   The Electronic Frontier Foundation
   1550 Bryant St., Suite 725
   San Francisco CA 94103 USA
   +1 415 436 9333 (voice)
   +1 415 436 9993 (fax)
   
   Editor: Stanton McCandlish, Program Director/Webmaster (mech@eff.org)
   
   Membership & donations: membership@eff.org
   Legal services: ssteele@eff.org
   General EFF, legal, policy or online resources queries: ask@eff.org
   
   Reproduction of this publication in electronic media is encouraged.
   Signed articles do not necessarily represent the views of EFF. To
   reproduce signed articles individually, please contact the authors for
   their express permission. Press releases and EFF announcements may be
   reproduced individually at will.
   
   To subscribe to EFFector via email, send message body of:
   subscribe effector-online
   to listserv@eff.org, which will add you to a subscription list for
   EFFector. To unsubscribe, send a similar message body, like so:
   unsubscribe effector-online
   
   Please tell ask@eff.org to manually remove you from the list if this
   does not work for some reason.
   
   Back issues are available at:
   http://www.eff.org/pub/EFF/Newsletters/EFFector
   
   To get the latest issue, send any message to
   effector-reflector@eff.org (or er@eff.org), and it will be mailed to
   you automagically. You can also get:
   http://www.eff.org/pub/EFF/Newsletters/EFFector/current.html
   
JavaScript license information