ARTS & FARCES internet

Ineffably yet mildly disturbing best describes America’s CryptoKids, the National Security Agency’s (NSA) outreach website for children. Here your kids can learn about Crypto Cat and her pals including Decipher Dog, the cryptanalyst and Rosetta Stone, the language analyst. All of the cartoon characters are trademarked, and according to BoingBoing‘s Xeni Jardin, Crypto Cat’s trademark application is dated 19 December 2005, about the same time the news surrounding the Bush administration’s warrantless wiretap program was breaking.

Kate Greene, writing for Technology Review, notes that the NSA has “gradually shed its anonymity” since 1982 when James Bamford’s The Puzzle Palace was published. But this isn’t your sister’s Nancy Drew or your brother’s Hardy Boys. Nope, CryptoKids is a transparent attempt to get your kids interested in careers related to cryptography and cryptanalysis. Greene cites a 1997 order by President Clinton compelling all government agencies to set aside space on their websites for children, but there’s something about the CryptoKids cartoon characters and their downloadable coloring books that are somehow unnerving. The NSA was somehow more palatable when it was “No Such Agency.”

It was a dark and stormy night when you returned home to find that your PGP keys no longer worked….

The U.S. government has been relentless in its attempts to keep strong cryptography out of the hands of its citizens. Using arguments including disallowing export, insisting on a back door, and demanding a key escrow system, nothing beats its latest tack: the brute force of prior restraint. Now the Department of Justice insists it needs to be able to secretly break into the homes of presumably innocent citizens in order to disable any cryptographic tools just in case they might be used to launch a terrorist attack, distribute child pornography, or hide illicit drug trade activities.

The Cyberspace Electronic Security Act, as proposed by Justice, would allow law enforcement agents to secretly enter the homes of suspected criminals for the purpose of installing “recovery devices” on their computers. Of course, the intrusion would theoretically require a subpoena. The plan to be presented to Congress for approval would allow investigators to install devices to override your encryption program. Like you wouldn’t notice that suddenly your PGP keys no longer work?

America just can’t seem to get its collective mind around the legal use of strong cryptography. Senator Conrad Burns (R-Montana) is expected to again introduce legislation that would allow U.S. businesses to sell products outside the U.S. borders that contain stronger encryption than is currently allowed.

Burns, chair of the Senate Commerce Telecommunications Subcommittee has already introduced his Promotion of Commerce Online in the Digital Era Act (Pro-Code) twice. Law enforcement and national security agencies within the government have consistently rebuffed the proposed legislation. The agencies charge that strong cryptography will give criminals the upper hand against enforcement and surveillance when they use it to secure communications.

Law enforcement agencies insist that manufacturers must provide access to encrypted material through a key-escrow—or key-recovery—system that will allow encrypted material to be decrypted on-demand during investigations. Privacy advocates counter that key-escrow systems will constrict both personal privacy and commerce. Pro-Code would specifically prohibit any sort of key-escrow or key-recovery system.

In mid-July 1998, John Gilmore and Paul Kocher used a homemade supercomputer, worth barely US$250,000, to crack the U.S. government’s encryption standard. Gilmore and Kocher cracked the Data Encryption Standard (DES) encryption algorithm in 56 hours, beating a network of almost 20,000 computers including desktop workstations to multimillion-dollar supercomputers working together.

The U.S. government has long insisted that it is impossible for terrorists or criminals to crack DES. As recently as a month earlier, Robert Litt, principal associate deputy attorney general, argued that even the FBI couldn’t crack DES. Gilmore set out to create a computer—built around a set of custom microprocessors he called “Deep-Crack”—from readily available spare parts merely to prove that it could be done. His project was sponsored by the Electronic Frontier Foundation (EFF).

“EFF has proved what has been argued by scientists for twenty years, that DES can be cracked quickly and inexpensively,” Gilmore told Wired News. “Now that the public knows, it will not be fooled into buying products that promise real privacy but only deliver DES. This will prevent manufacturers from buckling under to government pressure to ‘dumb down’ their products, since such products will no longer sell.”

On October 1, 1996, the Clinton administration offered what it called a “compromise” to the computer industry with regard to the export of cryptography. The proposed policy, released by Vice President Al Gore, offered to remove export restrictions on cryptography technology if the corporations that market the technology would agree to allow law enforcement to decrypt any encrypted material. Critics immediately began referring to the policy as Clipper 3.1.1.

It’s little surprise that this new compromise is championed by the U.S. intelligence community. Law enforcement officials wouldn’t need the actual keys used to encrypt a message, you see. Instead, officials with the proper warrant could obtain the cooperation of two “outside parties” also referred to as “trusted agents” to help decrypt the information.

IBM developed the new technology, referring to it as a “key recovery” system to differentiate it from the “key escrow” systems that drew strong opposition a few years ago. In practice, the differentiation is in name only.