FBI buy may be bid to influence market
The FBI is negotiating with AT&T to purchase a security product that soon will have keyrecovery abilities sources said. Some observers consider the move an attempt to boost the market for encryption products that would make it easier for law enforcement agencies to access suspects' protected data.
The FBI is negotiating with AT&T to purchase a security product that soon will have key-recovery abilities sources said. Some observers consider the move an attempt to boost the market for encryption products that would make it easier for law enforcement agencies to access suspects' protected data.
Agencies such as the FBI are extremely concerned that modern public-/private-key encryption techniques - in which the public key is available to everyone but the private key is kept secret to the user - would make it virtually impossible for them to get to wrongdoers' encrypted information.
The key-recovery mechanism is aimed broadly at allowing users whose private keys somehow have been lost to find them again. But it also would allow the FBI and other agencies through a court order to require users of key-encryption products that include the mechanism to give up the private keys.
Without such a mechanism and without the compliance of the private-key owner law enforcement agencies cannot get to the private key.
Under that scenario FBI officials met with AT&T officials in early November to discuss purchasing the company's SecretAgent product to encrypt and digitally sign data. SecretAgent also will have key-recovery ability by the first quarter of 1997 according to Tom Venn president of Information Security Corp. which licensed SecretAgent to AT&T.
Previously the Clinton administration supported a plan in which the government would have kept a record of all private encryption keys for law enforcement purposes and would have mandated the type of encryption software to be used. However that met with an uproar from industry and privacy groups and is unlikely to be adopted.
Key recovery therefore has been endorsed heartily by federal agencies as a way to circumvent such protests. Although a few federal agencies have been participating in a pilot project to test key-recovery applications this move by the FBI would be the first commercial purchase by a federal agency.
Venn said the FBI's interest in the product is "very strong." He and Bill Franklin business development manager for AT&T Government Markets said they could not for competitive reasons detail the FBI's potential use of the product. The FBI did not return calls.
The move comes one month after the administration announced an initiative that would lift export controls of encryption products for companies that commit to develop and sell products that support key recovery. An industry source who asked not to be named said the FBI purchase may be designed to show support for the key-recovery mechanism or to create a market for the technology.
"The FBI has a requirement to protect sensitive data " he said. "They're also trying to create a market for cryptography that falls within policy bounds."
SecretAgent provides encryption and digital signature capabilities across various operating system environments. It secures and authenticates files and electronic mail on an enterprise level and supports other cryptographic devices such as the National Security Agency's Fortezza card.
Law enforcement agencies have battled fiercely for the inclusion of a key-recovery mechanism in federal encryption policy. Justice Department officials for example have argued publicly that their work would be impeded if they had no way to decode encrypted data during criminal investigations.
In a May 20 letter to Sen. Arlen Specter (R-Pa.) chairman of the Senate Judiciary Subcommittee on Terrorism Technology and Government Information Jamie Gorelick deputy attorney general wrote: "Evidence (and the fruits) of crimes will increasingly be found in stored computer data which can be searched and seized pursuant to court-authorized warrants. But if unbreakable encryption proliferates these critical law enforcement tools could be nullified."
Jim Settle president of Settle Services in Technology and formerly in charge of the FBI's National Computer Crime Squad said FBI officials never cared who held the key to decode encrypted data only that a method of decoding be available for them to collect information after obtaining a court order.
NEXT STORY: Industry faults rule on pricing, audits