Encryption regulation in the wake of September 11, 2001: must we protect national security at the expense of the economy?
| Author | Voors, Matthew Parker |
-
INTRODUCTION II. HISTORY OF ENCRYPTION A. What Is Encryption? B. Background on Encryption C. Recent Encryption Advancements D. Use of Encryption by Business and the Service Industry E. Use of Encryption by Terrorist Organizations III. ENCRYPTION REGULATION OVER THE LAST DECADE A. The Struggle Between National Security and an Evolving Global Economy B. Regulation of Encryption Through Export Restrictions C. Attempts to Regulate Encryption Domestically IV. THE EFFECT OF ENCRYPTION REGULATIONS: WOULD REGULATIONS STOP TERRORISM OR HURT THE ECONOMY? V. LEADING THE WAY WITH ITS MAGIC LANTERN: DOES NEW TECHNOLOGY DEVELOPED BY THE FEDERAL BUREAU OF INVESTIGATION SOLVE THE ENCRYPTION PROBLEM? A. What Is Magic Lantern and How Does It Work? B. Magic Lantern Works: Case in Point C. What Are the Implications of Magic Lantern? D. Magic Lantern: Shining a Light on a New Solution VI. CONCLUSION I. INTRODUCTION
"This is our greatest fear, that, one day, a terrorist attack will succeed because law enforcement could not gain immediate access to the plaintext of an encrypted message...." (1) The Federal Bureau of Investigation ("FBI") identified Zacarias Moussaoui as a possible "last-minute" substitute and likely the twentieth hijacker in the September 11 atrocity. (2) After training at one of Osama bin Laden's terrorist camps in Afghanistan, Moussaoui moved to London a year before the attack. Ramzi Bin al-Shibh, an al Qaeda member, flew to London immediately before Moussaoui left for his mission. (3) Al-Shibh, who roomed in Germany with Mohamed Atta, the mastermind of the September 11 attacks, tried to obtain an American visa four times between May and October but was denied each time. (4) Needing a replacement, al-Shibh is thought to have briefed his close friend, Moussaoui, of the situation. Moussaoui is believed to have then traveled to the United States in al-Shibh's place. (5) Once in the United States, Moussaoui deposited $32,000 in cash into a new bank account and began taking flying lessons in Norman, Oklahoma. (6) Later, Moussaoui received $14,000 from al-Shibh who also had wired money to Marwan al-Shehhi, (7) Atta's nephew and the terrorist who piloted United Airlines Flight 175 into the South Tower of the World Trade Center. (8)
Given all this, it was not until Moussaoui moved to Minneapolis, Minnesota, that warning bells started to ring. Moussaoui enrolled at the Pan Am International Flight Academy in Minneapolis to be trained in flying the bigger jumbo jets, (9) specifically 747s. (10) While training on simulators at the flight school, he informed his instructors that "[h]e wanted to concentrate only on the midair turns, not the takeoffs and landings." (11) The flight school notified the FBI about this suspicious behavior, and that agency later arrested Moussaoui for remaining in the United States on an expired visa. (12)
Although the FBI ,arrested Moussaoui, who otherwise might have been a pilot in the September 11 attacks, authorities failed to detect the other terrorists. The U.S. authorities failed to discover Mohamed Atta, Waleed al-Shehri, Wail al-Shehri, Abdulaziz al-Omari, and Satam al-Suqami, who flew American Airlines Flight 11 into the North Tower of the World Trade Center. (13) Similarly, they failed to detect Ahmed al-Ghamdi, Marwan al-Shehhi, Fayez Ahmed, Mohald al-Shehri, and Hamza al-Ghamdi, who hijacked and aimed United Airlines Flight 175 into the South Tower of the World Trade Center. (14) Authorities never discovered terrorists Khalid al-Mihdhar, Nawaq al-Hamzi, Hani Hanjour, Salem al-Hamzi, and Majed Moqed, who directed American Airlines Flight 77 into the Pentagon, (15) or Saeed al-Ghamdi, Ziad al-Jarrah, Ahmed al-Nami, and Ahmed al-Haznawi, who commandeered United Airlines Flight 93 that crashed in Pennsylvania, but allegedly attempted to hit the White House. (16)
In the wake of the September 11 attacks, many Americans are asking the same question: How could U.S. authorities and intelligence agencies fail to detect the September 11 plot? With the exception of a few of the terrorists, they were young and needed direction. (17) They needed money to carry out their missions and, most importantly, they needed intelligence to help plan and coordinate that fateful day. Where were the communications between the leaders in Afghanistan and the terrorists here in the United States? Where were the communications that would have signaled the intelligence agencies that an attack on the United States was imminent? Even now, a year and a half after the attack, the question of how the terrorists communicated remains a mystery. (18)
Newspapers and magazines quickly pointed the finger, but many could not conclude who was to blame. (19) They have, however, noticed one common thread that runs through many of the FBI reports from both before and after the terrorist attacks on September 11--the Internet played a key role in planning the terrorist attacks. (20)
This Note argues that although privacy and economic concerns have ruled the encryption debate during the past decade, the move toward increased privacy on the Internet and relaxed encryption regulation, designed to promote electronic commerce ("e-commerce"), comes at the expense of national security and the protection of Americans' safety. Part II of this Note provides background on encryption. In particular, Part II explains encryption and details its use throughout history. Additionally, Part II examines how businesses use encryption to secure their communications and financial transactions on the Internet. This Section also observes that this technology is employed by terrorist organizations to accomplish the same goal: to send private communications. Part III details the history of encryption regulation during the last decade and addresses why the government has relaxed its stance even though encryption ultimately poses such a threat. Part IV analyzes whether encryption regulation will provide the intelligence community the tools to deal with terrorists who are now technologically savvy, or whether regulation will hurt the nation's already wounded economy. Part V examines Magic Lantern, cutting-edge technology developed by the FBI that effectively incorporates the privacy benefits of encryption while still providing Americans protection in this new era of terrorism. More specifically, Part V will argue this new technology should be implemented because it balances privacy and economic concerns with national security needs. Finally, Part VI will conclude by proposing the adoption of the FBI's new technology as a way to protect privacy and economic concerns while ensuring national security.
-
HISTORY OF ENCRYPTION
"If all the personal computers in the world--260 million computers--were put to work on a single [strongly encrypted] message, it would still take an estimated 12 million times the age of the universe ... to break a single message...." (21) A. What Is Encryption?
Encryption is a technique that changes a plaintext message from its original form by replacing or rearranging the letters and numbers and converting the message into an indecipherable form using a mathematical algorithm and a key. (22) The length of the encryption key is measured in bits and determines the strength of the encryption program. (23) For example, an encryption key that is 40 bits in length yields 1 billion possible keys or combinations, a key with 56 bits has 72 trillion, and a key that measures 128 bits produces a gazillion solutions. (24)
There are two types of encryption systems: private-key and public-key. (25) Encryption systems began with private-key systems that use algorithms and a symmetric key to encrypt and decrypt messages. (26) Private-keys are less private because they run into a fundamental problem. Since "the same key is used to both encrypt and decrypt the message," the key must be e-mailed to the receiver in order for the message to be decrypted and read. (27) Private-key encryption systems offer limited security because encrypted messages can be read if a third party intercepts the key when it is transmitted from the sender to the receiver. (28) This flaw thwarted early efforts for businesses and the public to use encryption effectively and safely. (29)
The invention of public-key encryption in the mid-1970s solved the weakness of private-key systems. (30) Public-key encryption systems require two asymmetrical keys: one used by the sender to encrypt (called a public-key) and another used by the receiver to decrypt (called a private-key). (31) Although these keys are a matched set and "mathematically related," it is impossible to decrypt the message by accessing only the public-key because the private-key decrypts the message. (32) Thus, the receiver publishes his public-key so that the sender may use it to encrypt the message he wishes to send to the receiver. (33) The second key, the private-key, is held only by the receiver, who keeps it private so that only he may decrypt the message. (34) Therefore, the sender looks up the receiver's published public-key, encrypts the message utilizing the receiver's public-key, and then sends the message to the receiver. (35) The receiver then decrypts the message by using his private-key, which only he can access. (36) If the receiver wants to respond to the sender, he would complete the same process in reverse.
Once a message is encrypted, it can be read one of two ways. First, as mentioned above, the receiver can use a private-key to access and decrypt the message. The second method, a "Brute Force Attack," is far more complex and occurs when a computer program attempts to use all possible keys to crack the encryption code. (37) In layman's terms, this is the equivalent of a man holding a key ring with millions of keys, trying each key in the lock until he finds one that matches. This process devours massive amounts of computer power and takes an inordinate amount of time. (38)
-
Background on...
-
To continue reading
Request your trialCOPYRIGHT GALE, Cengage Learning. All rights reserved.
