I would have liked to have slept in the following morning but that was not an option. I was awakened at 6:30 by the telephone beside my bed. It was Fisk’s secretary, informing me that I was to report to his office at 8:30. That left me just enough time to pull myself out of bed and prepare a quick breakfast before walking down the street to catch the bus to downtown Chicago.
As it was, I was late, arriving at the FBI building at close to 9:00. Still bleary eyed, I mumbled my name to the receptionist and was escorted without comment to a large conference room at the end of the hall. I still had not fully recovered from the previous day’s mad dash across town with Lisa at the wheel of her off-road Mustang convertable.
Nobody seemed to notice my tardiness, as a large number of people had been requested to attend the debriefing and many of the others were late too. Lisa was already there by the time I had arrived however. The attendees included all of the people that had been at the meeting in D.C. Rudy Levinski was there, sitting near the back. I later learned that each and every person that was aware of the money mill was in attendance, with the exception of the President and his cabinet. The main message that was conveyed at the meeting was that no part of the entire incident would be released to the public. Anybody who leaked word of the the EFT crimes to the press would be treated in a manner in accordance with the importance of the secrecy of the entire affair. Nobody dared to ask what this meant, especially me. I feared that I would be the prime suspect if there were a leak. Everybody knew that my involvement was not due to a professional obligation nor my political stance. Or, to be more accurate, my involvement was due to my political stance on computer security, but that initial involvement was more closely related to the crimes rather than the shutting down of the mill. I said very little during the entire debriefing, speaking up only when Samuelson stated that we had entered a new era; law enforcement can no longer preserve public safety. This sounded too much like a lead-in to the argument for key escrow. It was at this point that I interjected into the proceedings. Far from being cause for trepidation and consternation, the shift to electronic banking should be reason to be optimistic. If deployed carefully and responsibly, digital messaging systems and Electronic Commerce can be far more reliable than more conventional means of conducting banking and business. With digital commerce, we have a theoretical basis upon which to pin our confidence.
Digital signatures are unforgeable without access to the private key. The private key can be stored on tamper-resistant smart-cards such that nobody — not even the cardbearer — can read the key off the card. The signing functions are implemented in hardware on the card. Modern public-key cryptography can be used for key-exchange in a way that avoids the sort of attack used to run the money mill. Indeed, in the modern era of cryptology, there is little justification for continued use of shared-key key-exchange protocols such as X9.17. It would behoove the ABA to give serious consideration to a public-key-based protocol for key exchange.
To further avoid future trouble in the EFT network, the member banks should employ secret-sharing procedures. Secret sharing is similar in concept to the procedures for launching nuclear weapons where two officers must simultaneously insert physical keys into keyholes on opposite sides of the room. The idea is that neither officer can unilaterally make the decision to launch; it requires the full cooperation of both officers. Cryptographic key-sharing divides a key into several parts and entrusts different people with each part. Knowing only one part of the key is of no practical value toward the reconstruction of the key. Secret sharing is based upon strong cryptographic theory, enabling cryptologists to prove with mathematical rigor that knowledge of only a limited number of key-shares is useless. Not only would this have prevented Susan Ignassi from causing all the trouble she did, but even a renegade bank president would be unable to obtain his own bank’s master key without the cooperation of other officers of the bank. Susan Ignassi was able to learn the key-encrypting key used by Fourth Nationwide Bank of California because of her position as a manager of the security department. Agent Jonny Carter had diagnosed part of the problem correctly; Ignassi provided compelling evidence of the danger of the NASA syndrome in international banking. Without secret-sharing procedures to eliminate the possibility of any one individual learning the entire master key, the banking industry is vulnerable to dishonest security officers. Combined with the sloppy procedures and lax attitudes in these same banks, it appears that Susan Ignassi is not an anomaly.
Digital signatures and secret-sharing are not the only recent advances in cryptology. Zero-knowledge proofs make it possible to establish that a remote party knows a secret without either party ever divulging to eavesdroppers what that key is, all without the use of encryption! These only touch upon the surface of the tremendous volumes of powerful new information-sharing and information-protection features that are now achievable using modern cryptography. We live in an era with great reason for confidence. Ours is a time of exciting potential. Information is something to be held sacred. There is no pursuit more noble than the pursuit of knowledge and information. Key-escrow and export limitations on cryptographic tools only hinder the free exchange of information over public networks.
All of this assumes that strong cryptographic tools are used. Fortunately, such technology is available today. Very strong encryption algorithms are widely known and easy to implement. Admittedly, perfect security is not obtainable, but very good security is. We live in a time where the cost of security grows at a rate similar to a logarithm function. At relatively little expense it is possible to deploy very tight information protection. Additional dollars beyond that initial cost have a low marginal return. The result is that even small enterprises can implement strong encryption and only extremely powerful entities, such as the NSA, can develop encryption algorithms that are significantly stronger than the status quo.