Dorothy Denning Interview
By Educom Review StaffSequence: Volume 32, Number 5 Release Date: September/October 1997
Dorothy E. Denning reports on the impact of encryption and other technologies on crime and terrorism. Her research encompasses the areas of information warfare and assurance, encryption policy and technology, and information technology and society. A widely published author and frequent lecturer, she is professor of computer science, and professor and member of the Advisory Board of Communication, Culture and Technology program at Georgetown University.
Educom Review: In the report Encryption and Evolving Technologies as Tools of Organized Crime and Terrorism, you and your colleague William E. Baugh Jr. wrote: "We are at the leading edge of what could become a serious threat to law enforcement and national security, the proliferation and use of robust digital encryption technologies." How serious do you think the threat is?
DENNING: We need to first understand where the threat is today. Our rough estimate was that in 1996, law enforcement agencies encountered encrypted computer files in at least 250 criminal cases within the U.S. and 500 globally. In a few of those cases, the encryption stopped the investigation from going forward. For the most part, however, the agencies were able to decrypt the data, usually by getting the password or key from the subject or by cracking a weak system. Where they failed, they made their case through other evidence such as hard copies of encrypted documents, other paper documents, unencrypted conversations and files, witnesses, and information acquired through other surveillance technologies such as bugs. There were also several court orders for wiretaps that were frustrated because of encryption.
E.R.: But the future is a different story?
DENNING: The concern is over what will happen as strong encryption becomes commonplace with all digital communications and stored data. Right now the use of encryption isn't all that widespread, but that state of affairs is expected to change rapidly.
E.R.: And of course there are many people who think that's a very good thing.
DENNING: And it is generally a good thing. I think everybody agrees that we need encryption to protect personal, proprietary and other sensitive information. Law enforcement agencies need it. Everybody needs it. There's no dispute about that. Where the dispute comes in is whether encryption technologies should be regulated at all to allow for government access.
E.R.: Organizations such as the Electronic Frontier Foundation and the Center for Technology and Democracy take very strong positions in favor of fairly absolute privacy. What do you think of their positions on the issue?
DENNING: We have never really had absolute privacy with our records or our electronic communications - government agencies have always been able to gain access with appropriate court orders. If that were to change, then there will be a lot of evidence and intelligence that law enforcement agencies are unable to acquire. It's not obvious to me that, all things considered, a development like that would be good for society.
E.R.: So then you are not trying to give government agencies any more control or more access than they already have?
DENNING: No. In fact, getting access will be much harder than it is now.
E.R.: But is your effort a losing cause in the sense that industry-wide forces will lead inevitably toward giving higher and higher encryption capability to everybody? For example, there was a story in the Wall Street Journal about Sun's selling advanced encryption capability through a Russian supplier to overseas customers. The article says: "Sun's move illustrates how global market pressures are making it increasingly difficult for U.S. officials to control the spread of advanced encryption hardware and software. The technology, which scrambles data to protect it from computer eavesdroppers, is considered vital to the growth of electronic commerce. But export of powerful encryption products is barred under U.S. export control laws, on grounds that terrorists and others will use it to evade surveillance."
DENNING: How many people are going to trust encryption from a company with the name Elvis+ in a country which historically has not been trusted and is now permeated with organized crime? That Sun went to Russia suggests that many other countries have export controls that are as strong as those of the U.S. However, I agree it is very hard to control the spread of strong cryptography. I am not, by the way, advocating that we necessarily regulate it. In the end, it might provide futile or not worth the costs and risks. But I am advocating that we proceed cautiously on this matter and that we fully understand the options. I favor strategies that encourage industry to include some sort of key recovery capability in their systems which would also address user requirements for access.
E.R.: How do you explain the strong opposition of other people to the key escrow encryption approach favored by you and proposed by the government?
DENNING: I think most organizations have an interest in key recovery, at least with respect to stored data. The controversy is over the use of key recovery with real-time, transient communications and over who holds the keys. If the keys have to be given to a third party, this introduces some cost and risk. I expect most people would accept key recovery if the users can decide what keys are recoverable and can operate their own recovery services. The problem is that if the Mafia or some terrorist group manages its own keys, this precludes using a court-ordered wiretap, which must be done without the knowledge of the parties under investigation. However, there is no reason why a legitimate enterprise could not manage its own keys and some are doing this. The government has allowed export of strong cryptography in these cases.
E.R.: So what would your policy recommendation be?
DENNING: I don't have a particular recommendation other than that we base decisions on as much hard data as possible. We need to carefully look at all the options and all their ramifications in making our decisions. The issues are very complex and I don't have the answers.
E.R.: Do you maintain active discussions with the privacy groups?
E.R.: And how far apart do you think you are from them?
DENNING: Well, there are those who believe that wiretaps in and of themselves are a bad thing and that if encryption effectively prohibited their use, we'd all be better off. With those people, I'm very far apart, because I believe that government access to communications and stored records is valuable when done under tightly controlled conditions which protect legitimate privacy interests. There are many others who don't have such an extreme view but are simply concerned about key recovery systems being misused. I can appreciate that concern, especially if people are forced to give their keys to a third party whom they don't trust.
E.R.: So what kind of third parties might be acceptable?
DENNING: We'll have to see how that plays out in the market. Some companies are offering to provide key recovery services now, but we don't have any experience with such services. That's part of the problem. We can't say, "Well, gee, over the past 10 years there haven't been any abuses of keys, so people can be reasonably confident their information won't be compromised." Without that body of experience, people are just speculating all over the place about the bad things that will happen with key recovery. Those speculations can neither be substantiated nor refuted. Still, it's good to have those concerns expressed and discussed, because they remind us that we need to design these systems very, very carefully. We also need policies that protect users from the consequences of potential compromises.
E.R.: The proponents of extremely strong encryption, including encryption for export, are pretty well-known. Who's on the other side? The Clinton Administration?
DENNING: Everyone is a proponent of strong encryption. I don't see two sides to the debate, as there are many complex issues which are a source of disagreement. Most of the debates in Congress have centered on the issues surrounding export controls, particularly their impact on the competitiveness of U.S. business. Here one can identify several positions: those advocating no controls, those advocating strong controls, and those somewhere in between. The Clinton Administration has taken one possible middle-of-the road approach that has liberalized controls but has not lifted them entirely. This has generally involved allowing exports when there is a key recovery system. In some cases, they have not required key recovery or they have permitted the customers to manage their own keys. Industry can now export encryption with unlimited key lengths and no key recovery for banking transactions. That's a good step. It may be that the identification of areas like that - where key recovery is not needed - can help in arriving at a middle ground.
E.R.: Who are some people who have publicly expressed opinions such as yours, other than law enforcement agencies?
DENNING: Well, one very well known person is David Kahn who wrote The Codebreakers and Seizing the Enigma.
E.R.: How do you explain the continued skepticism of industry and privacy groups, since they know presumably as well as anyone how strong the potential threats are?
DENNING: Well, no, I don't think anybody really does have a good handle on how the threats will play out. But from industry's perspective, any government regulation is generally bad: it's a hassle that increases the cost of doing business. Export controls in particular make it harder to sell products internationally. They can lead to lost sales, possibly in a big way. Generally I'm against regulation. I prefer leaving things to the market as much as possible. That's why I prefer voluntary approaches to key recovery that are based on user requirements. However, leaving everything to the market is not necessarily good for society.
E.R.: And so what about the privacy groups? Do you think they are being irresponsible by insisting on absolute privacy?
DENNING: Well, ignoring those who insist on absolute privacy, I believe there are many who sincerely believe that it's simply not possible to control encryption. They oppose restrictions and controls on cryptography that they think won't do any good, yet will provide a risk to honest people. They are also worried that the administration will ask for domestic controls on cryptography. I should add that many people share these concerns, not just privacy groups.
E.R.: You seem really quite sympathetic to the views and positions of both industry and the privacy groups.
DENNING: Yes. I can appreciate their positions.
E.R.: And so you are hoping to find some sort of middle position?
DENNING: That's the challenge, but it's very hard. I see the administration as seriously wrestling with the issues and trying to come up with the best solution. They have shown a great willingness to talk to industry and privacy groups - and other governments also, because this isn't just a domestic issue, it's an international one. They have also shown a willingness to make policy changes in response to feedback.
E.R.: So what's your level of optimism that this challenge will be met and there will be some sort of middle ground that everyone will agree on?
DENNING: We'll just have to see what happens.