A former FBI director has told a gathering of security
experts that encryption might be helping criminals hide their
secrets.
The US government does not have the ability to crack some
sophisticated types of encryption, putting investigators of
terrorism threats at a disadvantage, admitted Louis Freeh, who was
speaking at the Computer Security Conference and Exhibition in
Washington DC.
In 2000, the UK passed a law allowing investigators to get
warrants requiring encryption suppliers to share their keys, but US
investigators have to rely on co-operation from vendors, which can
slow things down, he said.
"The ability to get real-time information from encrypted
channels is going to be a huge problem in terms of homeland
security and national security," said Freeh, who served as FBI
director from 1993 to 2001. "In a way, it runs a little bit counter
to the interests of corporate America in terms of protecting its
information."
Freeh did not go so far as to advocate that the US pass a law
similar to the UK encryption law, but he said an "intricate"
balance between domestic security and the rights of commerce and
free speech is still being worked out.
Judges offer strong protections to US residents to keep law
enforcement from overstepping its bounds in the pursuit of
information on suspects, Freeh said during a question-and-answer
session when an audience member asked what is being done to protect
people.
While raising questions about encryption, Freeh encouraged
private companies to protect their data and trade secrets. The
Economic Espionage Act, passed by Congress in 1996, established
ways to prosecute cases in which foreign governments use their spy
agencies to steal trade secrets from private US companies, but
companies need to assist investigators tracking down trade secret
thefts and other computer-related crimes, he said.
The latest computer crime survey, released by the FBI and the
Computer Security Institute in May, found that only about 30% of
hacking incidents are reported to the police, Freeh said.
Companies may not want to report the loss of trade secrets for a
variety of reasons, including alarming stockholders and tipping off
competitors, but such reporting is necessary to help investigators
track down criminals, he said.
"Many people believe, as I do, that homeland security begins
with economic security," he said. "If you subscribe to the notion
that economic security does reflect directly on national security,
you can't really have a successful and viable homeland security
programme unless the reporting percentile ... increases
significantly."
Freeh identified identity theft as another computer security
challenge for companies, but one of the biggest challenges is for
agents to have real-time access to data on suspects.
That kind of instant information "could be the difference
between stopping a major attack or not", Freeh said. "The
technology is as likely to come from you in the private sector as
from a government programme."
Grant Gross writes for IDG News
Service