On occasion, even the most hardened criminals commit acts of mercy. You've seen it in the movies: Tough guys like Aldo Rey snatching a terrified child from the path of a runaway bus or Humphrey Bogart sacrificing his freedom to save the life of a nun.
The '90s twist on this story line brings a new kind of high-tech antihero. Of course, if everyone considered Kevin Poulsen a hero, he wouldn't be passing time at the Federal Correctional Institution in Dublin, California. Still, you could argue that some of the crimes he's accused of do have a socially beneficial side to them.
In the late '80s, Poulsen, a legendary California cracker and former SRI employee, supposedly hacked his way into Pentagon, California Department of Motor Vehicles (DMV), and Pacific Bell computers where, it's claimed, he surreptitiously gathered information about FBI wiretap/sting operations and IRS criminal investigations. In the process, Poulsen also collected a bushel basket full of indictments ranging from telecommunications and computer-related fraud to espionage.
While Dublin is a pastoral setting that lends itself to retrospection, Poulsen didn't relish the prospect of several years in the slammer. Instead of going to trial, he opted for life on the owl-hoot trail.
Nearly two years later, Poulsen was picked up, leading the Feds to wonder how he supported himself while underground. Authorities now claim that Poulsen seized control of incoming telephone lines of Southern California radio stations sponsoring call-in contests, allowing him to rig the games by blocking all in-coming calls but his own. (So much for "It's not whether you win or lose, but how you play the game_.") As a "random" winner, he supposedly absconded with a Hawaiian vacation, a couple of Porsches, and thousands of dollars in cash. To claim and unload the prizes, Poulsen allegedly created aliases and phony IDs, leading to additional charges for computer fraud, money laundering, and interception of wire or electronic communications.
There's little question in my mind that pulling the plug on most radio call-in programs--if only temporarily and with admittedly questionable motives--serves the public good. If you don't think so, just listen to a few of them while stuck in traffic. Instead of being put in the pokey, Poulsen probably ought to be sentenced to FCC-sponsored community service. After summarily dealing with radio call-in programs, maybe he could turn his attention to TV talk shows.
This isn't to say such crimes aren't serious--they are. I'd be unhappy if someone grabbed--and nefariously used--confidential information about me that's stored on a DMV or Pac Bell computer. But you also have to wonder whether or not "Clipper," the government's most recent attempt to grapple with computer security, is as insidious in its own way as anything Poulsen's charged with.
The Feds seem most concerned about citizens keeping secrets from the government--exercising our right to have private conversations with each other. In particular, the FBI is worried that criminals will begin using encryption to scramble their communications, thereby thwarting wiretaps.
The government's solution is Clipper, the first in a family of an NSA-designed VLSI chips with the classified Skipjack encryption algorithm hardwired into them. (Skipjack is supposedly 16 million times more secure than DES, the current standard.) To the Feds' way of thinking, every communication device--phone, modem, and the like--would have a Skipjack-based chip designed into the circuit. All communication between, say, two modems, each with built-in Clipper chips, would then adhere to Skipjack protocol.
Individual chips would have a pair of unique numeric keys which would be handed over to the government by the vendor. To eavesdrop, law enforcement would get a warrant to tap the phone, record the communication (which automatically includes the individual chip identifier), retrieve the key from the government database, and decrypt the message.
The government sees itself as the sole shepherd of Skipjack and chip keys. Of course, for this scheme to work, Skipjack/Clipper would have to be the only encryption game in town--and you can bet there have been discussions about outlawing encryption techniques other than Skipjack. But millions of dollars have already been invested in existing schemes (such as RSA) by Microsoft, Lotus, Novell, Apple, and their millions of users; mandating change would meet stiff resistance.
And considering the global nature of businesses such as banking and finance, where encryption is critical, it's unlikely that other countries (which have generally adopted ISO 9796 encryption) would allow Skipjack/Clipper to be imported. Or putting the sneaker on the other foot, would the U.S. even now adopt a Russian encryption scheme over which we had no control?
Nor is there a free lunch involved. Programmed Clipper chips cost about $25.00 each, which means the price of modems, phones, and the like will increase accordingly.
Money and export concerns aside, the real issues remain those of privacy and the government's attitude toward its citizens. What we're witnessing is a fundamental shift from what we've considered to be our Constitutional right to privacy to a view that the government is privy to our most private conversations. This alone is enough to make Kevin Poulsen look like nothing more than an angel with a dirty face.
Jonathan Erickson
editor-in-chief
Copyright © 1993, Dr. Dobb's Journal