Not Good Enough for Government Work?


A report in today's News York Times on the federal government's plans for a new law enforcement computer network notes in passing that

for the first time, the Federal Bureau of Investigation and other agencies linked by it will be able to send one another encrypted e-mail. Previously, security concerns about the open Internet often caused sensitive information to be faxed, mailed or sent by courier.

Maybe I don't fully understand the FBI's security needs, but what about commercially available encryption software? If PGP, for example, is so hard to break that sending it outside the country could be considered a "munitions" export, why isn't it secure enough for the FBI?


NEXT: If War Doesn't Work, We May Have to Try Diplomacy

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. I always have to laugh whenever Hollywood shows the military or law enforcement and security folks using flashy, state of the art high tech equipment. It’s a fantasy that I think we’d all like to believe…

  2. If .22 caliber ammunition is powerful enough that the government considers sending it out of the country a “munitions” export, why does the Army need assault rifles and grenades? 🙂

    Seriously, though, the FBI’s reasoning is simple: it wants people with serious resources — foreign equivalents to the NSA — to be unable to read its mail and track its counter-espionage and counter-terrorist activities. If Iraq (for example) wanted to know what the FBI knows, it could afford to throw fifty million dollars at the project. The FBI cannot afford to do that for every criminal it deals with.

  3. The Feds probably don’t even know about PGP. Anything that costs less then a billion US dollars flys right under their radar screens.

  4. Good enough for government Work:

    “Measure it with a micrometer, mark it with a piece of chalk and cut it with an axe.”

    Any questions about how good FBI encryption software will be?

  5. I used to work in the PKI (public key cryptography) business. The challenge is not the security of the software but rather managing the all the keys. Every single user must have a pair of keys & be able to access other user’s public keys to encrypt messages & verify digital sigs. Plus you need a secure yet flexible signing hierarchy for your CAs, key escrow & revocation policies, and so on. Key management in PGP is very much a user-to-user exercise (hey, gimme your key, I ‘ll give you mine). You can download other people’s keys from a directory, but there’s really no way to verify that the person who created the keys is who they claim to be.

    It’s a very, very complex thing to undertake. Frankly, I’m kind of impressed that the Gov’t is making the effort.

  6. I think that a later paragraph in the story pretty accurately explains why the FBI didn’t use off the shelf encryption, “The changes come as the F.B.I. continues working to upgrade its entire computer system, which is so antiquated and compartmentalized that it cannot perform full searches of investigative files. ” Think Comodore 64.

  7. EMAIL:
    DATE: 01/22/2004 12:57:05
    Never let your sense of morals prevent you from doing what’s right.

  8. EMAIL:
    DATE: 05/21/2004 02:49:20
    Gratitude is born in hearts that take time to count up past mercies.

Please to post comments

Comments are closed.