Italian terror group's PDA highlights encryption controversy

Italian police have seized at least two Psion PLC PDAs (personal digital assistants) from members of the Red Brigades terrorist organization but the major investigative breakthrough they were hoping for as a result of the information contained on the devices has failed to materialize -- thwarted by encryption software used by the left-wing revolutionaries.

Failure to crack the code, despite the reported assistance of U.S. Federal Bureau of Investigation (FBI) computer experts, puts a spotlight on the controversy over the wide availability of powerful encryption tools.

The Psion devices were seized on March 2 after a shootout on a train travelling between Rome and Florence, Italian media and sources close to the investigation said. The devices, believed to number two or three, were seized from Nadia Desdemona Lioce and her Red Brigades comrade Mario Galesi, who was killed in the shootout. An Italian police officer was also killed. At least one of the devices contains information protected by encryption software and has been sent for analysis to the FBI facility in Quantico, Virginia, news reports and sources said.

The FBI declined to comment on ongoing investigations, and Italian authorities would not reveal details about the information or equipment seized during the shootout.

The software separating the investigators from a potentially invaluable mine of information about the shadowy terrorist group, which destabilized Italy during the 1970s and 1980s and revived its practice of political assassination four years ago after a decade of quiescence, was PGP (Pretty Good Privacy), the Rome daily La Repubblica reported. So far the system has defied all efforts to penetrate it, the paper said.

Palm-top devices can only run PGP if they use the Palm OS or Windows CE operating systems, said Phil Zimmermann, who developed the encryption software in the early 1990s. Psion PLC uses its own operating system known as Epoc, but it might still be possible to use PGP as a third party add-on, a spokesman for the British company said.

There is no way that the investigators will succeed in breaking the code with the collaboration of the current manufacturers of PGP, the Palo Alto, California-based PGP Corp., Zimmermann said in a telephone interview.

"Does PGP have a back door? The answer is no, it does not," he said. "If the device is running PGP it will not be possible to break it with cryptanalysis alone."

Investigators would need to employ alternative techniques, such as looking at the unused area of memory to see if it contained remnants of plain text that existed before encryption, Zimmermann said.

The investigators' failure to penetrate the PDA's encryption provides a good example of what is at stake in the privacy-versus-security debate, which has been given a whole new dimension by the Sept. 11 terrorist attacks in the U.S.

Zimmermann remains convinced that the advantages of PGP, which was originally developed as a human rights project to protect individuals against oppressive governments, outweigh the disadvantages.

"I'm sorry that cryptology is such a problematic technology, but there is nothing we can do that will give this technology to everyone without also giving it to the criminals," he said. "PGP is used by every human rights organization in the world. It's something that's used for good. It saves lives."

Nazi Germany and Stalin's Soviet Union are examples of governments that had killed far more people than all the world's criminals and terrorists combined, Zimmermann said. It was probably technically impossible, Zimmermann said, to develop a system with a back door without running the risk that the key could fall into the hands of a Saddam Hussein or a Slobodan Milosevic, the former heads of Iraq and Yugoslavia, respectively.

"A lot of cryptographers wracked their brains in the 1990s trying to devise strategies that would make everyone happy and we just couldn't come up with a scheme for doing it," he said.

"I recognize we are having more problems with terrorists now than we did a decade ago. Nonetheless the march of surveillance technology is giving ever increasing power to governments. We need to have some ability for people to try to hide their private lives and get out of the way of the video cameras," he said.

Even in the wake of Sept. 11, Zimmermann retains the view that strong cryptography does more good for a democracy than harm. His personal website, www.philzimmermann.com, contains letters of appreciation from human rights organizations that have been able to defy intrusion by oppressive governments in Guatemala and Eastern Europe thanks to PGP. One letter describes how the software helped to protect an Albanian Muslim woman who faced an attack by Islamic extremists because she had converted to Christianity.

Zimmermann said he had received a letter from a Kosovar man living in Scandinavia describing how the software had helped the Kosovo Liberation Army (KLA) in its struggle against the Serbs. On one occasion, he said, PGP-encrypted communications had helped to coordinate the evacuation of 8,000 civilians trapped by the Serbs in a Kosovo valley. "That could have turned into another mass grave," Zimmermann said.

Italian investigators have been particularly frustrated by their failure to break into the captured Psions because so little is known about the new generation of Red Brigades. Their predecessors left a swathe of blood behind them, assassinating politicians, businessmen and security officials and terrorizing the population by "knee-capping," or shooting in the legs, perceived opponents. Since re-emerging from the shadows in 1999 they have shot dead two university professors who advised the government on labor law reform.

Zimmermann is not optimistic about the investigators' chances of success. "The very best encryption available today is out of reach of the very best cryptanalytic methods that are known in the academic world, and it's likely to continue that way," he said.

Sources close to the investigation have suggested that they may even have to turn to talented hackers for help in breaking into the seized devices. One of the magistrates coordinating the inquiry laughed at mention of the idea. "I can't say anything about that," he said.

The technical difficulty in breaking PGP was described by an expert witness at a trial in the U.S. District Court in Tacoma, Washington, in April 1999. Steven Russelle, a detective with the Portland Police Bureau, was asked to explain what he meant when he said it was not "computationally feasible" to crack the code. "It means that in terms of today's technology and the speed of today's computers, you can't put enough computers together to crack a message of the kind that we've discussed in any sort of reasonable length of time," he told the court.

Russelle was asked whether he was talking about a couple of years or longer. "We're talking about millions of years," he replied.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Philip Willan

IDG News Service
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?