SECURITY REPORTS

the Clinton administration was under investigation by several independent special counsels whose secret information was stored in Justice Department computer systems.

Other agencies within the Justice Department also availed themselves of NSA's security assistance. In a letter dated 6 June 1997 from the United States Marshals Service, George Zarur, the Chief Informat ion Officer, to NSA, the patent NSA boilerplate request language is again used, "We are aware of your organiza t ion ' s knowledge of information systems security and experience in assessing the threats and vulnerabilities of these resources." The letter then requests "the NSA's assistance to conduct an information system security assessment of the MARSHALS network (MNET)". The Marshals Service letter was followed by a memorandum from NSA which states, "We are pleased to acknowledge your request, and will provide the requested support."

A letter f rom the Federal Communicat ions Commission (FCC) dated 5 June 1998 reveals that the NSA had provided INFOSEC services to that agency. The FCC declined to release two documents relevant to the NSA's services citing the fact that one was SECRET and the other was CONFIDENTIAL.

A Department of Energy memorandum dated 9 May 1997 reveals that money provided by NSA (and the CIA) to Energy and the Lawrence Livermore National Laboratory was partially used to leverage key recovery into the Department of Energy's Travel System as well as "provide input to California's PKI [public key infrastructure] legislation".

Individuals familiar with NSA's civilian outreach programme maintain that cash-strapped agencies find the offer of free security services hard to pass up. Therefore, the agencies fail to see the impropriety of inviting intelligence agency representatives to peer into the security weaknesses of systems containing some of the most intimate personal details of American citizens.

Storm Brewing over 'Echelon'

Wayne Madsen

S torm clouds are gather ing in advance of a European Union-commissioned study of the joint

US-British top secret communications surveillance system commonly referred to as 'Echelon'. On 14 September 1998, following a glowing picture of EU- US relations painted by EU Commissioner Martin Bangemann, the European Parliament adopted a resolution endorsing the New Transatlantic Agenda agreed to at the 18 May 1998 London Summit . However, in its resolution, the Parliament issued an important proviso. While recognizing that it was important for US-EU "cooperation in the field of e lectronic surve i l lance for tracking down international criminal terrorists and drug traffickers but takes the v iew that protect ive measures concerning economic information and effective encryption should be taken to guard against abuse and threat to civil liberties posed by international t e l ecommunica t ions such as the 'Eche lon ' US system"

The reference to encryption is clearly aimed at the American attempt to force its European partners into an international mandatory key recovery scheme. Recently, FBI director Louis Freeh, Jr., Under Secretary of Commerce for International Trade David Aaron (and former US Crypto Czar), and Deputy Defense Secretary John Hamre have been stumping through Europe trying to convince sceptical governments to support the US cryptography initiative. They have largely come away empty-handed.

The future debate in the European Parliament can be expected to be lively. Many MEPs are demanding that the UK, as the closest partner of the US in the Echelon system, fully explain how its assets are trained on the other EU member states. UK MEP Glyn Ford has been at the forefront of demanding more information about Echelon. Additionally, the recent inclusion of the Green Party in the new German Government may result in similar demands to explain the role of Germany in providing the US National Security Agency with Echelon-related listening stations in that country.

Computer Fraud & Security November 1998 1361-3723/98/519.00 © 1998 Elsevier Science Ltd. All rights reserved