http://www.nytimes.com/techweb/TW_Report_U_S_Uses_Key_Escrow_To_Steal_Secrets.h$
Report: U.S. Uses Key Escrow To Steal Secrets
Filed at 9:27 a.m. EDT
By Madeleine Acey for TechWeb, CMPnet
RESOURCES
From CMPnet
_________________________________________________________________
(_) Encyclopedia
(_) Product Reviews
(_) Downloads
____________
Search
European plans for controlling encryption software are nothing to
do with law enforcement and everything to do with U.S. industrial
espionage, according to a report released by the European
Parliament on Friday.
The working document for the Scientific and Technological Options
Assessment panel said the United States has tried to persuade
European Union countries to adopt its key escrow or key recovery
policies -- allowing backdoor access to encryption programs --
saying this was necessary to read messages exchanged by criminals.
But the report details how the UKUSA alliance -- made up of the
United Kingdom, United States, Canada, Australia, and New Zealand
-- has used its secret Echelon global spying network to intercept
confidential company communications and give them to favored
competitors. Thomson S.A., located in Paris, and Airbus Industrie,
based in Blagnac Cedex, France, are said to have lost contracts as
a result of information passed to rivals.
"The U.S. government misled states in the EU and [Organization for
Economic Cooperation and Development] about the true intention of
its policy," the report adds.
"Between 1993 and 1997 police representatives were not involved in
the NSA [National Security Agency]-led policy-making process for
key recovery. Despite this, during the same period the U.S.
government repeatedly presented its policy as being motivated by
the stated needs of law-enforcement agencies."
The document went on to detail how the agencies specifically
studied Internet data. Apart from scanning all international
communications lines -- using 120 satellites, microwave listening
stations, and an adapted submarine -- it said they stored and
analyzed Usenet discussions. "In the U.K., the Defence Evaluation
and Research Agency maintains a 1-terabyte database containing the
previous 90 days of Usenet messages."
The "NSA employs computer 'bots' (robots) to collect data of
interest," the report adds. "For example, a New York website known
as JYA.COM offers extensive information on cryptography and
government communications interception activities. Records of
access to the site show that every morning it is visited by a bot
from NSA's National Computer Security Center, which looks for new
files and makes copies of any that it finds."
According to a former employee, NSA had by 1995 installed "sniffer"
software to collect traffic at nine major Internet exchange points.
The report offered evidence that a leading U.S. Internet and
telecommunications company had contracted with the NSA to develop
software to capture Internet data of interest, and that deals had
been struck with Microsoft, Lotus, and Netscape to alter their
products for foreign use.
"There can't be any doubt any longer that there's an economic
imperative to these policies," said Simon Davies, director of
Privacy International. "We have been lied to for years. But it will
be up to companies like Airbus to take legal action to force a
definition of national security in the context of the European
Union. Then we can establish a legal framework and appeals
process."
Meanwhile, the Financial Times reported on Monday that the U.K.
government had agreed to take key escrow "off the agenda" and had
accepted industry proposals for a "largely voluntary program of
co-operation with the security services".
Government officials could not confirm the report.
But Caspar Bowden, director of the Foundation for Information
Policy Research, questioned how far any compromise would go. "Will
they persist with statutory licensing [of trusted third parties]and
criminal legislation on decryption warrants?" he asked.
Andrew Dornan of Data Communications International contributed to
this report.
(c) 1999 CMP Media Inc.