<< . .

. 3
( : 3)




The future problem for the governments and security services will be that quantum
cryptography can provide absolutely secure transmission of data with no degrees.
There is no way to mitigate the level of security to allow provisos for people with a
valid legal reason to access the data. Article 12 of the Declaration of Human Rights is
increasingly being used as a justification for unfettered civilian access to strong
cryptography, however the use in the article of the word “arbitrary” can be taken to
mean that citizens may communicate privately only if it does not interfere with law
enforcement.




12
United Nations Universal Declaration of Human Rights, Article 12,
http://www.un.org/Overview/rights.html


22
Key escrow, the legal requirement that all private citizens wishing to use digital
encryption must register a copy of their encryption key with a trusted third party, has
been vigorously contested by civil liberties groups in all countries where it has been
proposed, most notably in the UK in the three years before the passing of the RIP Bill
in 2000. The rejection of escrow and acceptance of the bill can be seen as a
reasonable compromise, preserving privacy for users unless there is an explicitly court
sanctioned warrant.

Echelon is the codename for a system which captures and keyword checks digital
communications across the globe and is monitored by the five participant countries,
the United States, the United Kingdom, Canada, Australia and New Zealand. Some
sources claim up to 90% of Internet traffic is passed through Echelon13, although
claims are impossible to verify as all countries except Australia and New Zealand
refuse to even acknowledge its existence. It is the indiscriminate gathering of
information which most concerns civil libertarians, arguing that everyone™s privacy is
more important than any perceived reduction in crime. Successful implementation of
a global network secured by quantum cryptography would quickly invalidate Echelon
if we are to believe that terrorists and organised crime syndicates are the early
adopters of cryptographic technology. Any eavesdropping techniques attempted by
the security services would only allow them to damage the traffic, without
discovering its contents. A report on Echelon published in 1988 found that:

“Whilst there is much information gathered about potential terrorists, there is
a lot of economic intelligence, notably intensive monitoring of all the countries
participating in the GATT [General Agreement on Tariffs and Trade]
negotiations”14.

The release of the report sparked French protests that the US was using the system for
industrial espionage. This is an echo of previously correct allegations that the
American government was misusing telephone wire-taps in the Sixties to gather
information which could be used to discredit perceived enemies, such as Martin
Luther King Jr, whose civil rights campaign was regarded as a national security issue.




13
The Government Is Reading Your E-Mail “ Greg Lindsay, Time Digital Daily, June 24, 1999
14
Somebody's Listening, Duncan Campbell “ New Statesman, 12 August 1988

23
It is the opinion of many of the cryptography pioneers such as Rivest and
Zimmerman, the idea of restricting a technology simply because it has the potential
for criminal misuse is no argument at all. Rivest drew the parallel between
cryptography and a pair of gloves, which could be used legitimately, or could be used
to avoid leaving fingerprints at a crime scene. Dr Brian Gladman, Crypto Policy Co-
ordinator at the UK organisation Cyber-Rights and Cyber-Liberties, has stated:

“I don't think there is any middle ground - we must sweep away all restrictions
on crypto and, if we need to do so, introduce laws that control the bad uses of
this technology. It is not illegal to own a kitchen knife but it is illegal to use
one for murder. This is the only logical way forward.”15

There are a variety of techniques which intelligence gathering organisations employ
which no degree of encryption can prevent. The tempest16 attack entails monitoring
the variation between faint electromagnetic impulses which are emitted by keyboard
cables when different keys are struck. The cable acts as an aerial and can broadcast
this information outside the building where the computer is based. This can allow the
capturing of an entire message in plaintext before any encryption is applied. In the
US it is required to obtain a government license before fitting electro-magnetic
shielding in a building, which suggests that this method is regularly used by
intelligence agencies.

Trojans and backdoors are another type of tool for bypassing encryption. It is
possible to develop a software daemon which, when unwittingly installed by a user,
will listen for private key usage and then send the key together with passphrase to a
designated Internet address17. There have been a number of high profile criminal
cases recently involving FBI keystroke logging techniques, most notably that of loan
shark Nicodemo S. Scarfo Jr who pleaded guilty in a New Jersey court to a charge of
illegal gambling18 in March 2002. Keystroke loggers are invisible processes running
on a machine which make a note of every key pressed and can relay this information
back to a server or email account. Defence attorneys in this particular case attempted
to invalidate the evidence as unconstitutional; the prosecution in return invoked the
Classified Information Protection Act 2001, which successfully defended the system
as being essential to national security.




15
Cryptology: Law Enforcement & National Security vs. Privacy, Security & The Future of Commerce
“ Nick Ellsmore, 1999, http://cryptome.org/crypto97-ne.htm
16
An abbreviation for Transient Electromagnetic Pulse Emanation Standard
17
The Caligula Word macro virus, found in the wild in 1998, captured private PGP keys and attempted
to upload them to the author™s FTP site
(http://www.symantec.com/avcenter/venc/data/w97m.cali.a.html)
18
Mobster Nailed By FBI Keystroke Logger Pleads Guilty “ George A. Chidi Jr, IDG News Service,
http://www.idg.net/idgns/2002/03/01/MobsterNailedByFBIKeystrokeLogger.shtml

24
It can be inferred that the tempest and keystroke logging approaches are, from the
evidence available, widely utilised by at least the American intelligence services as a
way around strong encryption. If this is indeed the case, the introduction of
unbreakable quantum cryptography may not make as great an impact on the
effectiveness of law enforcement as has been suggested by White House and FBI
officials. The ideal balance between privacy and protection could still be realised,
confidentiality for those who want it, with legal recourse to prevent abuse.




25
Conclusion

What has so far, in the history of cryptography, been a battle between the code-
makers and the code-breakers looks set to become a conflict between civil libertarians
and government agencies. A public and practical implementation of quantum
cryptography would render multi-billion dollar departments of security agencies
redundant. Existing or future legislation on key escrow or mandatory key disclosure
would be completely ineffective. The only way in which these agencies could
continue to harvest information regarded as essential to national security would be to
limit civilian access to the new technology in the same way that crypto-software™s
export key lengths were restricted. The previous approach to controls was flawed
because it was on entirely software based encryption mechanisms, requiring only an
unauthorised software release by Phil Zimmerman to destroy all restrictions.
Quantum cryptography, however, requires a relatively complex array of hardware to
operate, or at least out of the reach of the average home user. Bennett and Smolin
needed Pockels cells to set the polarity of the sender™s photons, a calcite Wollaston
prism to split the received beam and photomultiplier tubes to sense the individual
received photons19 (see Appendix III for a full diagram of the apparatus).

The most likely implementation of quantum cryptography which resolves the
hardware issue will be on a local exchange level, similar to the current telephone
network. The consumers of hardware encryption solutions at the current time are
restricted to governments are large corporations where speed is of great importance.
The vast majority of home users are unlikely to be persuaded of the benefits of total
quantum security offset against the cost of the required optical hardware. If the
quantum encryption itself is performed at a local exchange, this gives security
agencies the opportunity to place taps to record information before it is unbreakably
encrypted.

The real threat to criminal enquiries at the moment seems to stem from an increasing
adoption of conventional digital encryption methods by organised crime and terrorist
groups. Law enforcement officers warn of increasingly technologically aware
criminals, and the fact that often a prosecution™s success can hang on the outcome of
file decryption attempts. In this environment, where 1024-bit RSA encryption can put
a stop to a trial, it is difficult to see how the introduction of quantum cryptography
could aid criminals. The change will happen when, and if, quantum computers
become reality and destroy the security of all currently existing conventional ciphers.
The most structured and well funded organised crime and terrorist groups will in all
probability have both the resources and the technology to make use of satellite or
cable-based quantum cryptosystems. The private citizen, on the other hand, is
unlikely to have the means to achieve this and is in danger of being left behind in the
race for absolute security.




19
Experimental Quantum Cryptography “ C. H. Bennett, F. Bessette, G. Brassard, L. Salvail and J.
Smolin, Journal of Cryptology, vol. 5, no. 1, 1992, pp. 3 “ 28

26
Impermeable encryption will, first and foremost, be a major boon for the world™s
militaries and corporations. E-commerce companies were a powerful lobbying force
in favour of the relaxation of crypto export controls, due to the increase in security for
Internet shopping, which was seen as leading to greater consumer confidence and
higher revenues. Businesses also store vast quantities of confidential and ˜mission
critical™ data which must be held and transmitted without the possibility of
eavesdropping by malicious hackers or spies working for their rivals. The civil
libertarians have a powerful ally in big business, and in the current absence of a clear
danger posed by universal access to strong encryption, coupled with pressure from the
commercial sector for liberalisation of restraints, Western governments in the future
are likely to be more liberal in their crypto legislation.

FBI Director, Louis Freeh, described key escrow as balancing “fundamental societal
concerns involving privacy, information security, electronic commerce, public safety,
and national security”. Mandatory key escrow is certainly a possibility for the future
of conventional cryptography, the civil libertarian argument that this is the equivalent
to giving the government keys to our houses overlooks the fact that law enforcement
already has the right, if in possession of a warrant, to enter and search any private
house. This may strike the right balance for conventional cryptosystems at the present
time, however adapting it to the quantum model may prove problematic. Quantum
communications cannot be invisibly intercepted, so any prior key knowledge would
be of no use to anyone. In the future the two opposing camps across the crypto divide
are liable to become even more polarised as quantum computers render conventional
ciphers useless, and the choice we are left with offers quantum cryptography and
absolute security, or none at all.

Only time will tell how cryptography will evolve in the future, the catalyst for
development will be practical quantum computers which currently still lie in the realm
of science fiction. The public may become more sympathetic to law enforcement and
allow stringent laws limiting or prohibiting the use of unbreakable cryptography, or
the reverse may occur leading to universal access to strong crypto and forcing law
enforcement agencies back to more conventional and personal surveillance
techniques. For the first time in the four thousand year history of the science of
cryptography absolute security has been achieved, but is this state too dangerous for a
modern society to tolerate?




27
Bibliography

The books and articles listed below have been used as general background research
for the project. Where more specific information has been used in the text, the source
has been credited using a footnote.


Brief History of Cryptography

Cryptography Timeline “ Carl Ellison
http://world.std.com/˜cme/html/timeline.html

The Codebreakers “ David Kahn
Simon and Schuster, 1997, ISBN 0-68483-130-9

The Code Book “ Simon Singh
Fourth Estate, 1999, ISBN 1-85702-879-1

Cryptographic Timeline “ Thinkquest.org
http://library.thinkquest.org/28005/flashed/timemachine/timeline.shtml

The Zimmerman Telegram “ Thinkquest.org
http://library.thinkquest.org/28005/flashed/timemachine/courseofhistory/zimmerman.
shtml



The Development of Quantum Theory

Alice in Quantumland: An Allegory of Quantum Physics “ Robert Gilmore
Copernicus Books, 1995, ISBN 0-38791-495-1

Quantum Mechanics History “ J. J. O™Conner & E. F. Robertson
http://www-groups.dcs.st-
and.ac.uk/˜history/HistTopics/The_Quantum_age_begins.html

Quantum Theory and Wave/Particle Duality “ John K. N. Murphy
http://www.hotquanta.com/wpd.html

Introducing Quantum Theory “ J. P. McEvoy & Oscar Zarate
Icon Books, 1999, ISBN 1-84046-057-1

The Centre for Quantum Computation
http://www.qubit.org

David Deutsch™s Homepage
http://www.qubit.org/people/david/David.html



28
The Advent of Quantum Cryptography

Quantum Cryptography: Quantum Key Distribution and Coin Tossing “ C. H.
Bennett and G. Brassard
Proceedings of IEEE International Conference on Computers, Systems and Signal
Processing, Bangalore, India, December 1984, pp. 175 - 179

Crypto Set For a Quantum Leap “ Niall McKay
Wired Magazine, 5th April 1999
http://www.wired.com/news/print/0,1294,18936,00.html

Experimental Quantum Cryptography “ C. H. Bennett, F. Bessette, G. Brassard, L.
Salvail and J. Smolin
Journal of Cryptology, vol. 5, no. 1, 1992, pp. 3 - 28

Quantum Cryptography “ C. H. Bennett, G. Brassard and A. K. Ekert
Scientific American, July 1992



Absolute Security and the Wider Social Issues

The Debate Over Cryptography and Scientific Freedom “ Alexander Fowler
Professional Ethics Report, Volume X, Number 4, Autumn 1997

The Walsh Report (Australian Government Policy on Encryption)
http://www.efa.org.au/Issues/Crypto/Walsh/

Encryption, Organized Crime and Terrorism “ Dorothy E. Denning, 1997

The Wassenaar Arrangement
http://www.wassenaar.org




29
30

<< . .

. 3
( : 3)