Red Brigades' PDAs highlight encryption controversy

Computerworld - ROME -- Italian police have seized at least two Psion handheld devices from members of the Red Brigades terrorist organization, but the major investigative breakthrough they were hoping for as a result of the information contained on the devices has been thwarted by encryption software used by the left-wing revolutionaries.
The failure to crack the code, despite the reported assistance of FBI computer experts, puts a spotlight on the controversy over the wide availability of powerful encryption tools.
The Psion devices were seized March 2 after a shootout on a train traveling between Rome and Florence, Italian media and sources close to the investigation said. The devices, believed to number two or three, were seized from Nadia Desdemona Lioce and her Red Brigades comrade Mario Galesi, who was killed in the shootout. An Italian police officer was also killed. At least one of the devices contains information protected by encryption software and has been sent for analysis to the FBI facility in Quantico, Va., news reports and sources said.
The FBI declined to comment on ongoing investigations, and Italian authorities wouldn't reveal details about the information or equipment seized during the shootout.
The software separating the investigators from a potentially invaluable mine of information about the shadowy terrorist group was Pretty Good Privacy (PGP), the Rome daily La Repubblica reported. So far, the system has defied all efforts to penetrate it, the paper said.
Palm devices can run PGP only if they use the Palm OS or Windows CE operating system, said Phil Zimmermann, who developed the encryption software in the early 1990s. Psion PLC uses its own operating system, known as Epoc, but it might still be possible to use PGP as a third-party add-on, a spokesman for the British company said.
There is no way that the investigators will succeed in breaking the code with the collaboration of the current manufacturers of PGP, Palo Alto, Calif.-based PGP Corp., Zimmermann said in a telephone interview.
"Does PGP have a back door? The answer is no, it does not," he said. "If the device is running PGP, it will not be possible to break it with cryptanalysis alone."
Investigators would need to employ alternative techniques, such as looking at the unused area of memory to see if it contained remnants of plain text that existed before encryption, Zimmermann said.
The investigators' failure to penetrate the PDAs' encryption provides a good example of what is at stake in the privacy-vs.-security debate, which has been given renewed attention since the Sept. 11