It is with great concern that I write to you today. I have enclosed a copy of the GAO report GAO/AIMD-96-84 Defense Information Security. This report is a clear indication of the state of computer security within the Fe deral government and the U.S. in general. There is one reason why our defenses are so poor and it is because the only solution to our problem is also one which is opposed by law enforcement and President Clinton. Encryption. There are real reasons why law enforcement fears general use of encryption to protect our computers. It is because it renders conventional wire-tapping obsolete. For this reason we are presently in the situation where encryption products from abroad are making all wire taps impos sible. At the same time we will continue to suffer more successful hacks here in the U.S.
First and foremost the ultimate concern of terrorist use of encryption has put software into the same category as nuclear weapons. However, encryption requires a PC and simple math not fissionable materials. My software product is based on PUBLIC DOMAIN material, is known world wide, and is unbreakable in both theory as well as practice. Therefore, encryption is available to anyone with a PC and the time to develop it. The number of nations and terrorists already using sophisticated encryption grows d aily with or without U.S. products. The number of useful intercepts by billion dollar systems are already dropping to near zero. This data is already admitted by the N.S.A. and was presented in the House sub-committee report on Intelligence. The F.B.I. will continue to complain of scrambling devices and software for the next ten years until there are no more intercepts.
Even if encryption is banned here in the U.S. the end of wire-tapping is only a matter of time. Instead of devoting time and effort to draconian laws with questionable effectiveness we should be developing the tactics, equipment and software to catch cri minals in the twenty first century. Right now we are stuck in J. Edgar Hoover's 1930s. Unmanned vehicles, miniature - remote controlled robots, laser listeners, satellites and sniffer virus software are only a few of the technologies that we should be i nvesting in. In fact, if we want to know what Hezbollah is planning then we must invest in the human assets who can penetrate terrorist gangs and tell us. Our current reliance upon "national technical" means (ie... wire taps) has been both unsuccessful and expensive.
We must act swiftly to develop the technology that can be used against criminals and terrorists to protect the public. Encryption fits the bill. In fact, if encryption is not used to protect our national computers then a nuclear or chemical terrorist at tack will have started with the hacking of a U.S. computer to obtain the design. It is obvious from the GAO report that the odds are in my favor when I say that the source of that design would be a U.S. agency or contractor. I cannot help but become al armed when the GAO admits that the military is the best at stopping hackers when it is estimated that they suffered some 260,000 incidents in 1995 alone. This means that information security at the F.B.I., N.S.A., C.I.A. and I.R.S. is worse. This is not from my report but a report from within the U.S. government. I would not be surprised to see the entire U.S. government be shut down by a hacking incident in the near future. I have been predicting a Digital Pearl Harbor and the current course of event s ensures that my prediction is a safe bet.
My encryption software is currently operational in several hospitals in the New York, New Jersey and Pennsylvania area at a cost of only pennies per computer. These institutions have a pressing need to secure the vital information on each patient as well as the medical science information that could be perverted into horrible weapons. The elimination of hacking of medical information could save your life, the life of a relative or even thousands of lives in a single stroke. It also prevents the law sui ts and legal problems that follow. In short, encryption saves lives and money. Encryption can often make the difference between a profitable hospital, providing health services to inner-city and poor neighborhoods, or a vacant building, crumbling with d ecay. The situation is no different for any business, government or institution. Such technology must be applied at once or we will face a rash of computer attacks that will cost many businesses, many jobs and many lives.
Right now there are little if any requirements to secure the software and information that controls much of our world. There are no F.A.A. regulations on flight control software. There are no regulations covering the software that controls our electrica l or industrial infrastructure. In fact, the accounting records of your cable bill are more secure, by law, than the flight control software in modern airliners. It is also a fact that the password is the leading edge of technology employed by the milit ary. Password technology has been obsolete since 1942 when British analysts broke the math required to obtain them. The continued dependence upon 50 year old technology to protect our nation is suicidal. The GAO report is very clear on this issue. One cannot protect a million dollar computer with no software, and a part time, trainee, doing security. Overall, the Federal government is poorly equipped, poorly led, and poorly trained to deal with these threats. This poor performance comes from the top down.
Recent events, such as the F.B.I. files incident, and the GAO report, render Federal arguments for ESCROWED keys from questionable to ridiculous. It is very clear that my PC here is far more secure than the computers of the military and the F.B.I. I and my clients can use the Internet with total security, with little fear of hackers. The same cannot be said of any Federal agency. To propose that I turn over my keys to the same folks who have brought us to this point is asking for disaster. This idea, although temping to law enforcement, is not a political compromise but a security compromise. If you do not believe this logic then I would suggest you ask the opinions of the 700 whose F.B.I. files ended up at the White house or the informants who prov ided data in those files.
WATERGATE. I must point out that political data is by far the most sought after by hackers. Encryption can be used to protect us from the illegal use of wire taps that brought us Watergate. It can protect the political information of candidates as well as protect the computers that tabulate our votes. Without it we are vulnerable to a hack that will make Watergate look like an minor political event. In fact, President Clinton has used encryption to scramble his Whitewater testimony for political priv acy reasons. What right does the power elite have to cite their political privacy while attempting to deny it to us? Simply, if the President can do it without an escrow key then why can't I? To suggest that his privacy is any more important than yours or mine is simply wrong. Our democracy is threatened by the same technology used by law enforcement, wire tapping, because it has been shown to be abused. Our democratic way of life is at grave risk without the ability to secure political information. What candidate will be safe from the prying eyes of a political F.B.I. unless he also encrypts his information? Encryption can save our democracy, and ensure the privacy of every citizen. Escrow keys will only provide yet one more access point for crim inal activity, including political criminals. Only a fool would trust the other candidate/party with his keys.
No national security will be protected if I give up my property to an escrow agent. That has been proven wrong time and again. If anything, I would elect to work in the open rather than turn over data that will end up anywhere the politics and money tak es it. Please note - this is no different than any multi-national company. They are not going to simply give up the keys to their computers no matter what legal reassurances you give or write. They just will get stolen or abused anyway. Events have pr oven that statement to be a truth. No CEO who wishes to keep his job will sign onto this silly proposal. The idea of escrowed keys is both foolish and dangerous. It is by definition unsecured.
On a cold night in April, 1775, Paul Revere began a ride into history, sent on his way by a coded signal from a church tower. A secret message which would change history. Those who oppose encryption are standing in the path of history, standing in the p ath of Paul Revere. What did codes and ciphers mean to the founding fathers? Weren't they ignorant of such advanced technology? Revere brought the Minutemen, and led the first battles for freedom on U.S. soil. Revere saved John Adams, and John Hancock . Adams would later become President, and both men signed the Declaration of Independence. Jefferson and Franklin used ciphers for both business and governmental affairs. They knew the success or failure of our revolution once depended on a coded messa ge. The concept of free, encrypted, communications is embodied by the legendary ride of Paul Revere.
Even our current President has enjoyed the right of encryption when he protected his personal privacy by scrambling his recent Whitewater testimony. He used the same techniques that, today, we seek for all citizens by supporting the Pro-Code legislation submitted by Senator Burns. I urge all members of Congress and the President to put Pro-Code into law. We too seek that right. The right to protect ourselves, our papers, files, documents, communications, and computer records that represent the sum of our electronic lives. With this act we can equip ourselves to defend democracy today and keep our liberty tomorrow. We can protect personal privacy and our national security by granting the power of Paul Revere to each and every citizen.
"One if by land. Two if by sea."
Encryption 1775 - Paul Revere