October 14, 2002 12:39 PM PDT
Former FBI chief takes on encryption
In dozens of hearings and public speeches, the FBI director would urge Congress to limit encryption products, such as Web browsers and e-mail scrambling utilities, that did not include backdoors for government surveillance.
Freeh didn't succeed. In fact, the Clinton administration veered in the opposite direction and eventually permitted, with few restrictions, the overseas shipments of data-scrambling products.
But Freeh, who left the FBI in June 2001, hasn't given up. During an appearance before the Senate Intelligence committee last week, he warned that the political reality after the Sept. 11 terrorist attacks means that it's time to reconsider what to do with encryption.
"Robust and commercially available encryption products are proliferating, and no legal means has been provided to law enforcement to deal with this problem, as was recently done by Parliament in the United Kingdom," Freeh said in his testimony. "Terrorists, drug traffickers and criminals have been able to exploit this huge vulnerability in our public safety matrix."
According to a law called the Regulation of Investigatory Powers Act, U.K. government agencies can demand encryption keys relating to intercepted data communications that are scrambled. Anyone not complying with the request faces a prison sentence of up to two years.
Freeh acknowledged last week that he has been campaigning "about this problem for many years" and said that the International Association of Chiefs of Police, the 50 state attorneys general, and the National Association of District Attorneys have pointed to the proliferation of encryption as the most critical technology issue facing law enforcement. Encrypted computer files found in Manila belonging to Ramzi Yousef, the mastermind behind the 1993 World Trade Center bombing, proved that terrorists are using this technology, Freeh said.
In September 1997, the FBI persuaded one committee in the House of Representatives to work toward making a federal crime of manufacturing, selling or importing unapproved encryption devices, including hardware and software such as Web browsers, Pretty Good Privacy (PGP), and the SSH utility. That bill never made it to the House floor.
Freeh's evident passion about what was an obscure debate to most politicians prompted Sen. Judd Gregg, R-N.H., to ask him in 1999: "Have you given up on encryption?"
Replied Freeh: "I have not given up on encryption." In his statement at the time, he said that "law enforcement remains in unanimous agreement that the continued widespread availability and increasing use of strong, non-recoverable encryption products will soon nullify our effective use of court-authorized electronic surveillance."
In May 2002, according to a report by the Canadian Broadcasting Corp., Freeh said that companies such as Microsoft must be legally obligated to hand over the keys needed to decipher encrypted messages. Freeh, according to the CBC, said that doing so could prevent al-Qaida terrorists from talking via the Internet.
Soon after the Sept. 11 attacks, Gregg said he would introduce legislation to limit the availability of encryption without backdoors for government spying. After encountering widespread criticism, however, Gregg chose not to introduce the proposal.