Symmetric or secret key cryptography (for instance DES) has an inherent limitation, in that, a single key is used by both the sender and the receiver of the message, whereby security can be compromised by the interception of the key during the transmission process. To overcome this drawback, the concept of Public Key Cryptography (or asymmetric cryptography) was first introduced by Whitfield Diffe and Martin Hellman in 1976. Here, two keys are brought into use — the public and private key. The message is encrypted with the public and decrypted using the private key. The public key, as the name suggests, is available in a directory or public listing while the private key is stored confidentially in the owners’ possession. In 1977, a team of scientists — Ron Rivest, Adi Shamir and Leonard Adelman created RSA — the first public key cryptographic system (named after its creators). America’s worst fears came true, when Phil Zimmerman, a computer scientist, used RSA to create PGP - a public domain version of RSA (an exceptionally strong encryption program offering 128 bits) and made it available in downloadable form on the Internet. With PGP accessible online, a strong encryption program - once forbidden for public use, was suddenly within reach and that too, with a mere click of the mouse (for the latest version of PGP, one can visit www.pgpi.org). Ever since, the number of Websites offering free cryptography and steganography tools has grown at a frantic pace. Steganography - a form of cryptography (which literally means hidden writing) is fast gaining popularity between terrorist and criminal groups, where images and even sound files are distributed over the Internet with hidden documents and messages. Such abuse of encryption methodologies, is in fact, well documented by American researchers and one of the pioneering efforts was made by Dorothy Denning and William Baugh in a report titled ‘Encryption and Evolving Technologies as Tools of Organised Crime and Terrorism’, published in 1997 by the National Strategy Information Centre’s US Working Group on Organised Crime. The report had interestingly, highlighted the case of Ramsey Yousef, alleged member of the Al Qaeda network, responsible for bombing the World Trade Center in 1993 and a Manila airliner in 1995. When detained at Manila, the FBI discovered several encrypted files on his laptop, revealing information on further plans of blowing up 11 US-owned commercial airliners in the Far East. The report also included the notorious Aum Shinri Kyo cult responsible for the 1995 Sarin nerve gas attack in a Tokyo subway. The cult had apparently stored their records in databases, encrypted with RSA. The encrypted files held evidence that was crucial to the investigation, including plans of deploying weapons of mass destruction in Japan and the USA. Even in the Indian scenario, there have been reports indicative of similar patterns employed by terrorist groups. For instance, militants of the Laskar-e-Taiba group were found to have used a cyber café in North Delhi during the Red Fort attack carried out on the Republic Day last year. The Delhi police were astounded to find pornographic pictures stored on the computers and only later realised that the pictures actually contained hidden messages. Unable to curb the flow of such technologies on the Internet, sophisticated surveillance and monitoring systems like ‘Echelon’ and ‘Carnivore’ came into existence. While Echelon is a global surveillance system where the US, UK, Canada, Australia and New Zealand collectively operate an extensive network of stations that regularly intercepts e-mail, fax, telex and telephone communications around the world, Carnivore, is an electronic wire-tapping tool used by the FBI for specifically monitoring Internet traffic and is installed at the gateway of the ISP (Internet Service Provider). In recent times, Carnivore has generated considerable controversy as it is suspected of monitoring e-mail and online conversations of ordinary citizens too. However, September 11 has raised immense doubts on the credibility of such monitoring technologies. The fact that the US intelligence agencies were blissfully unaware of the attacks whose planning began more than a year back reiterates this viewpoint. Even though the thrust on surveillance technologies would continue unabated, one can expect even more stringent legislation and controls on encryption technology. Whether the extremely strong lobby of civil liberty activists allows such legislation to get through, remains to be seen. The scars of the ‘Clipper Chip’ controversy are after all only a decade old and not completely forgotten. Brainchild of the NSA the chip (with Skipjack algorithm) was designed to be built-in cell phones in a manner that the government could monitor all cell phone conversations. The public outcry, with privacy activists at the forefront never allowed the initiative to see the light of day. Post WTC, however, the scenario has changed radically and the government might seem justified in passing the Anti-terrorist Act - even if deemed as highly intrusive and draconian by privacy activists. Moreover, citizens too, fresh with images of the twin towers crumbling down, would be willing to put their privacy at stake for the sake of their security. Finally, even the most stringent legislation, backed with highly sophisticated technology may not provide a completely foolproof solution against non-state actors exploiting technology for their nefarious motives. The simple fact is that the cutting edge of technology works both ways, and that’s why the cliché - ‘technology is a double-edged sword’ becomes most relevant in the information age.
|