virus: Report: U.S. Uses Key Escrow To Steal Secrets

Traumatic Dog (waste@zor.hut.fi)
Sat, 22 May 1999 19:04:40 +0300 (EEST)

http://www.nytimes.com/techweb/TW_Report_U_S_Uses_Key_Escrow_To_Steal_Secrets.h$

Report: U.S. Uses Key Escrow To Steal Secrets

     Filed at 9:27 a.m. EDT
     

By Madeleine Acey for TechWeb, CMPnet

                                                                RESOURCES
                                                              From CMPnet
     _________________________________________________________________
                                                                         
                                                         (_) Encyclopedia
                                                      (_) Product Reviews
                                                            (_) Downloads
                                                             ____________
                                                                   Search
                                                                         
     European plans for controlling encryption software are nothing to
     do with law enforcement and everything to do with U.S. industrial
     espionage, according to a report released by the European
     Parliament on Friday.
     
     The working document for the Scientific and Technological Options
     Assessment panel said the United States has tried to persuade
     European Union countries to adopt its key escrow or key recovery
     policies -- allowing backdoor access to encryption programs --
     saying this was necessary to read messages exchanged by criminals.
     
     But the report details how the UKUSA alliance -- made up of the
     United Kingdom, United States, Canada, Australia, and New Zealand
     -- has used its secret Echelon global spying network to intercept
     confidential company communications and give them to favored
     competitors. Thomson S.A., located in Paris, and Airbus Industrie,
     based in Blagnac Cedex, France, are said to have lost contracts as
     a result of information passed to rivals.
     

"The U.S. government misled states in the EU and [Organization for
Economic Cooperation and Development] about the true intention of its policy," the report adds.
"Between 1993 and 1997 police representatives were not involved in
the NSA [National Security Agency]-led policy-making process for key recovery. Despite this, during the same period the U.S. government repeatedly presented its policy as being motivated by the stated needs of law-enforcement agencies." The document went on to detail how the agencies specifically studied Internet data. Apart from scanning all international communications lines -- using 120 satellites, microwave listening stations, and an adapted submarine -- it said they stored and analyzed Usenet discussions. "In the U.K., the Defence Evaluation and Research Agency maintains a 1-terabyte database containing the previous 90 days of Usenet messages." The "NSA employs computer 'bots' (robots) to collect data of interest," the report adds. "For example, a New York website known as JYA.COM offers extensive information on cryptography and government communications interception activities. Records of access to the site show that every morning it is visited by a bot from NSA's National Computer Security Center, which looks for new files and makes copies of any that it finds." According to a former employee, NSA had by 1995 installed "sniffer" software to collect traffic at nine major Internet exchange points. The report offered evidence that a leading U.S. Internet and telecommunications company had contracted with the NSA to develop software to capture Internet data of interest, and that deals had been struck with Microsoft, Lotus, and Netscape to alter their products for foreign use.
"There can't be any doubt any longer that there's an economic
imperative to these policies," said Simon Davies, director of Privacy International. "We have been lied to for years. But it will be up to companies like Airbus to take legal action to force a definition of national security in the context of the European Union. Then we can establish a legal framework and appeals process." Meanwhile, the Financial Times reported on Monday that the U.K. government had agreed to take key escrow "off the agenda" and had accepted industry proposals for a "largely voluntary program of co-operation with the security services". Government officials could not confirm the report. But Caspar Bowden, director of the Foundation for Information Policy Research, questioned how far any compromise would go. "Will they persist with statutory licensing [of trusted third parties]and criminal legislation on decryption warrants?" he asked. Andrew Dornan of Data Communications International contributed to this report. (c) 1999 CMP Media Inc.