A Mysterious Component Roils Microsoft

By JOHN MARKOFF, September 4, 1999
http://www.nytimes.com/library/tech/99/09/biztech/articles/04soft.html

SAN FRANCISCO -- A cryptographer for a Canadian software firm, dissecting a piece of Microsoft security software, made an unexpected find: an element in the Windows operating system labeled "NSAKey."

When his discovery was made known on his company's Web site Friday, it set off a firestorm of Orwellian visions in Internet discussion groups.

Was the buried software component, as the cryptographer surmised, a Trojan horse that gave the National Security Agency a hidden back door into the world's computers? Or was it merely a Microsoft programmer's remarkably bad choice of language in a software system designed to protect electronic communications and commerce?

Microsoft executives insisted that there was no Big Brother feature in the software. "The big answer is that these charges are completely false," said Scott Culp, a security product manager at Microsoft.

And the National Security Agency, which gathers electronic signal intelligence worldwide and is responsible for the security of the Government's computers, issued a terse three-sentence news release distancing itself from the controversy, saying, "Questions about specific products should be addressed to the company."

Microsoft officials acknowledged that the episode was in any case a black eye for the world's largest software publisher.

"We're going to pay and pay and pay for this," said one of the company's security experts, who spoke on the grounds that he not be identified.

In recent months Microsoft has become a lightning rod for criticism of its products' security and has had to deal with several gaffes, including the discovery last week of a security flaw that exposed the e-mail of users of its Hotmail service.

The latest uproar was set off by Andrew Fernandes, a mathematician in Research Triangle Park, N.C., who is chief scientist of the Cryptonym Corporation, a small Canadian software firm that is developing computer security products.

Fernandes first presented his findings at a technical meeting last month in Southern California, but word did not spread more broadly until today, when a news release was posted on the Cryptonym Web site.

In a telephone interview, Fernandes said he had made his discovery while exploring and trying to replicate the security software in Microsoft's Windows and Windows NT operating systems.

The operating systems make use of a key -- a large number -- to authenticate software components, providing confidence that a component is correctly identified and has not been tampered with. For example, when new encryption functions are added for security, the key verifies that they comply with Government regulations.

Cryptographers had previously noted the existence of a second key whose use they could not account for. What Fernandes found in the program was an identifying tag, disguised in earlier versions. And the label was "NSAKey."

The discovery shocked him, Fernandes said, adding, "It doesn't make any sense why they would put in a second key."

He concluded that the key represented a serious security flaw that would leave Microsoft's operating system vulnerable to intrusion. "The result is that it is tremendously easier for the N.S.A. to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system," his news release asserted.

But at Microsoft, Culp said the key labeled NSAKey was a backup permitting Microsoft to authenticate encryption components if the first key was damaged. And he said the name was simply unfortunate.

Because the key insures compliance with Federal export laws, and the National Security Agency is the authority responsible for reviewing software and hardware products intended for foreign use, the component has been referred to colloquially at Microsoft as the "NSA key," he said. But Culp insisted that the key was not shared with any outside party, including the N.S.A.

"We protect it with dobermans and barbed wire," he said. "Conspiracy theorists are worked up about this, but real life is more boring."

Security and privacy experts were generally skeptical about the notion that Microsoft was cooperating with the nation's electronic intelligence agency.

Microsoft has vocally opposed proposals by law-enforcement and intelligence agencies that would give them electronic back doors to monitor computer data.

Some security experts said that even if there was no sinister explanation for the NSAKey, Microsoft should not add components to its security software system without publicly identifying them.

"They've debased their currency once again by not disclosing this," said Mark Seiden, chief consultant for the information security group Kroll-Ogara.

Microsoft executives said there had been no reason to publicize the backup key. "It was not something that anyone had expressed any interest in," Culp said.

And in any case, the Big Brother that Fernandes said he had discovered turned out to have an Achilles heel. He said he had been able to develop a small program that strips out the second key.

---

Why a Small Software Label Raised Eyebrows
For Programmers, a Link to Spy Agency Seemed Likely

By PETER WAYNER, September 4, 1999
http://www.nytimes.com/library/tech/99/09/cyber/articles/04soft-side.html

When a group of foreign programmers examining the inside of Microsoft's Windows operating system discovered an undocumented hole in the security software they immediately began wondering if it was put there for the United States government's intelligence gathering branch, the National Security Agency. This was not a difficult leap for them to make because the hole came with a cryptic label "_NSAKEY" attached to it.

Andrew Fernandes, a programmer for the Ontario-based company Cryptonym, found the label after following up on the work of an English cryptographic expert, Nicko van Someren. He posted a news release describing his discovery on his company's Web site earlier in the week.

To many who read the release, a link between NSA and the label was understandable, considering that the agency's main job is supporting the Executive Branch and the Department of Defense by gathering electronic intelligence.

The news of the discovery spread quickly over the Internet, where people lapped up the accusation that two of the great leviathans at the center of many digital-age conspiracy theories were caught with such a tight connection. While many doubted that a simple label with a suspicious-sounding name could be proof of any serious link, others assumed the worst.

While there is no immediate danger of information being compromised, it added to the distrust in Microsoft's security prowess, Last week, the Web was aflame with news of the discovery of a serious hole in Hotmail, the company's free Web-based e-mail service.

For the record, Scott Culp, manager of security at Microsoft says that the NSA had no control over the hole in the software.

The bigger and more difficult set of questions is what the hole is doing in Windows, whether it is really fair to consider it a hole, and why it was put there in the first place.

Culp said that the so-called hole is really a feature designed to increase reliability and add a backup in case a powerful natural disaster destroyed Microsoft's buildings, and with them the company's ability to document its Windows software. It was only named "_NSAKEY" because the NSA was responsible for checking Microsoft's implementation of computer security.

The hole is really part of Microsoft's Crypto API (CAPI), a system built into Windows for providing encryption tools to other software packages. API stands for "Application Programmer's Interface," a technique used by programmers to coordinate their work in much the same way that the blueprints let an architect and a team of builders coordinate their work.

The CAPI lets programmers who know nothing about codes add security to their software, allowing that software to run on computers using the Windows operating system. A Web site, for instance, may ask the CAPI to scramble a credit card number before transmitting it over the Internet. A piece of software storing medical records could use the same CAPI to add privacy.

Ordinarily, APIs are arcane tools that are designed and read only by programmers. Cryptography, however, is a more sensitive matter because the U.S. government treats such software for encoding and decoding messages as munitions that might give a foreign power an edge in a war. Therefore, the government prohibits the export of encryption software.

The United States has gained significant advantages over its enemies in recent wars by breaking their codes, and the Defense Department would not like to lose this advantage over foreign powers. In addition, the Federal Bureau of Investigation is worried that criminals, in the United States and overseas, may use unbreakable encryption to defy investigators looking for evidence.

When Microsoft decided it wanted to add encryption features to Windows, it needed to balance the demands of people like doctors asking for ways to protect their patient's records with the demands of the government's regulatory apparatus seeking to preserve their eavesdropping ability.

Microsoft's solution was to ship no encryption features with Windows itself, but build a generic system that allowed all users to load their own encryption software modules. Ordinarily, the U.S. government even objects to the existence of systems like the CAPI, which are also known as "software hooks," where someone might attach encryption software. The government believes that even the existence of something like the CAPI would make it easier for foreigners to scramble the data with Microsoft Windows.

To solve these objections, Microsoft designed the CAPI mechanism to check all modules to see if they bore a special digital signature. The CAPI uses digital signatures to check out the provenance of the modules that might be installed. Anyone who wants to add scrambling abilities to their copy of Windows must first apply to Microsoft and get approval after promising never to export the software and violate U.S. law. When all of the forms are filled out, Microsoft gives its approval by applying a digital signature to the encryption module.

Digital signatures are verified by using public keys, long numbers that are generated by a complicated mathematical technique. These keys act like the equivalent of a driver's license or a signature card kept on file at a bank. Each copy of Windows keeps a set of public keys and uses them to insure that the digital signatures were, in fact, created by Microsoft.

When the CAPI comes across a new encryption module, it checks the digital signatures with a public key. If the mathematics work out, Windows approves the module and allows the user to encode and decode information at will.

This solution allowed Microsoft to bundle in features for cryptography while shipping the same version of Windows throughout the world. Ideally, only people in the United States would get high-quality protection because Microsoft would add digital signatures only to software that was not going to leave the United States.

This much was known publicly since Microsoft introduced the CAPI. Last year, van Someren, a scientist at the English company nCipher, discovered that there were really two public keys, or signature cards, inside Windows. That meant two entities could create digital signatures. One was definitely Microsoft, but no one knew the identity of the other.

This summer, Fernandes discovered that Microsoft had inadvertently left some debugging information bound into the latest version of some software patches for Windows NT. Patches are new pieces of software that fix problems with previously released software. Programmers attach name tags to different pieces of data and use these tags to help find bugs, but they usually strip out the name tags to save space and avoid releasing competitive information. Fernandes discovered that the debugging name tags had not been stripped away and the first key came with the name "_KEY". The second key came with the tag "_NSAKEY". Fernandes also discovered that the new beta versions of Windows 2000 came with three keys.

Culp said that while the two keys do give two entities the ability to certify encryption modules, there is no reason to fear that the NSA controls one. Microsoft controls both so they would have a backup, he said.

Matt Blaze, a security expert for AT&T, said that this argument makes sense if Microsoft stores its copies of the key in tamperproof hardware. These devices are designed to resist attacks by erasing the key. "If you're doing that, and your hardware gets destroyed by an earthquake or a fire, then you would never get that key back," he said in a telephone interview. The box would assume that the earthquake or lightening storm was really an attacker trying to get at the key. It would immediately forget it as a defense.

Culp says that both keys are kept in tamperproof boxes behind barbed wire in separate parts of the country, but he would not say where.

Still, Microsoft's explanations have not quieted the speculation on the Internet. Most critics are still worried about the possibility that the technique would allow whoever holds this second key to slip broken encryption software onto someone's computer. The Clinton Administration is currently lobbying Congress to get permission to do just this with suspected gangsters and drug runners. A slightly broken encryption mechanism would allow them to surreptitiously decode the messages. Whoever holds the second key would have the power to create such a broken mechanism.

Bruce Schneier, a security expert at Counterpane Systems, dismissed this possibility. "There are much better ways of compromising security on a computer," he said.

But Schneier conceded that bugging the encryption module used by CAPI and simply eavesdropping on all communication would be a subtle attack that would be less likely to be detected.

Many point out that if this approach was taken by the NSA, it would not be the first time. The Baltimore Sun reported in 1995 that the NSA had secretly subverted the encryption hardware of a Swiss company, Crypto AG.

Still, Blaze said that the existence of two or three keys is not best explained by a secret government backdoor. "It would be much easier to convince Microsoft to tell them the secret key," he said.

The existence of both _KEY and _NSAKEY has also inadvertently introduced a loophole in the mechanism to reduce the proliferation of export control software. Van Someren originally began looking for the key in the hopes of replacing it with one of his own. He could not approach Microsoft and get them to validate his cryptographic software because he works in Britain.

If someone simply replaces _KEY, Windows will fail to start up because _KEY is used to validate other parts of the Windows security software. Replacing _NSAKEY, on the other hand, makes it possible for anyone outside the United States to use the CAPI without problems. Cryponym is currently distributing a program that demonstrates how to do this.

Today, van Someren uses the technique in Britain to experiment with building tools for Windows NT and insuring that his company, nCipher, can create software and hardware that works well with Microsoft's. The mechanism designed to enforce the export rules has failed because of the extra key.

Fernandes said, "Export control is effectively dead for Windows. "

-----------

Former FBI Spokesman Faults Reno For Waco Silence

Updated 3:16 PM ET September 4, 1999
http://webcrawler-news.excite.com/news/r/990904/15/news-crime-davidians

OKLAHOMA CITY (Reuters) - A former FBI spokesman was quoted Saturday as saying he had urged Attorney General Janet Reno to allow publication of more information about the standoff with the Branch Davidians in Waco, Texas, but she had rejected the idea.

The Daily Oklahoman newspaper quoted Bob Ricks, who now heads Oklahoma's highway patrol, as saying he told Reno during a conference in 1994 that Justice Department rules requiring FBI agents to remain silent about the standoff were causing credibility problems for the agency in the Midwest.

"I said, "You probably don't realize it, but in the Midwest, Waco is still an extremely big deal out here, and it's the subject of much conversation," Ricks told the paper.

Ricks said he told Reno he didn't like rules preventing more open discussion of the ill-fated siege and that their silence "could ultimately end up being a problem."

Ricks told the paper that Reno had responded: "I don't think the American people care about Waco anymore." The report added that a Justice Department spokesman denied Reno had made the comment.

"I think the government could have done a much better job in providing full disclosure," Ricks told the Oklahoman.

Ricks said his conversation with Reno took place about a year after the 51-day siege at Waco, in which cult leader David Koresh and more than 80 people died after a disastrous assault by agents on the group's compound.

Minutes after the raid was launched, the buildings erupted in flames and burned to the ground, killing most inside. Ricks was the primary spokesman for the FBI during the siege.

Investigation following the incident indicated the fires were set by cult members inside the compound, not by agents.

Later statements by the FBI and the Justice Department claimed no incendiary devices were used in the assault. The agency recently reversed this stance after recent revelations by former agents and taped evidence showed incendiary tear gas canisters were used by the FBI during the assault.

Ricks told the paper that Justice Department rules also prevented the FBI from conducting its own investigation following the siege, called an "after-action critique," which would have examined the successes and failures of the action.

---

Documents on Waco Point to a Close Commando Role

By PHILIP SHENON, September 5, 1999
http://www.nytimes.com/library/politics/090599waco-special-ops.html

WASHINGTON -- The Pentagon's elite Special Operations Command sent observers to the siege of the Branch Davidian compound in Texas more than a month before the final assault on the compound, suggesting that military commandos had a far longer and closer involvement in the disastrous 1993 operation than previously divulged, according to declassified Government documents.

The documents obtained under the Freedom of Information Act also show for the first time that officials at the highest levels of the Defense Department, including Secretary of Defense Les Aspin and the Joint Chiefs of Staff, were briefed by the Special Operations Command about the events near Waco.

The command, which is based at MacDill Air Force Base in Florida, oversees the military's most secretive commando squads, including the Army's Delta Force and the Navy Seals, and the documents suggest that the command was monitoring the situation virtually from the start of the 51-day siege. The command's spokesmen did not return calls for comment on the documents.

The exact relationship between the military and law-enforcement agencies in the planning of the raid on April 19, 1993, which ended in the fiery destruction of the compound and the deaths of about 80 people, has long been a mystery. It is expected to be a topic of Congressional hearings this fall into the siege, especially given the new disclosure that possibly incendiary military-issue tear-gas canisters were fired near the compound. Congressional officials say they want to know where the canisters came from, and who gave approval for their use.

Clinton Administration officials, aware of the severe legal restrictions on the use of American troops in the United States, have long said that the military's role in the siege was purely advisory to law-enforcement agencies, including the Federal Bureau of Investigation and the Bureau of Alcohol, Tobacco and Firearms.

The heavily censored documents do not show that the military took an active part in the siege and F.B.I. officials have long acknowledged that the military assisted the law enforcement agency. Today, John Collingwood, an F.B.I. spokesman said "The Department of Defense played no operational role at Waco."

A report issued last month by the General Accounting Office, the accounting arm of Congress, which examined the military's role in Waco, did not contradict the F.B.I. account, but did find that the military had provided about $1 million in equipment, supplies and electronic surveillance gear to the F.B.I. and the A.T.F., which had launched an ill-fated arrest raid on the compound in February 1993.

Although Administration officials have previously acknowledged that three soldiers assigned to Delta Force were at the cult compound on the day of the fiery raid as observers, the documents show that the first Special Operations monitors actually went there more than a month earlier, and that their findings were reported to Washington and to the Joint Chiefs of Staff.

The documents were provided to The New York Times by the National Security News Agency, a nonprofit research group in Washington that has often unearthed Government documents and other information embarrassing to the Pentagon.

In a report to the Joint Chiefs and the F.B.I. in Washington that was dated March 2, 1993, commanders of the Special Operations Command said they had carried out "observation of operations in Waco, Tex."

The one-page document was heavily edited by military censors but appears to outline the deteriorating situation found by the monitors at the site near Waco, where the Davidians had barricaded themselves in their compound.

The siege began on Feb. 28, when agents of the Bureau of Alcohol, Tobacco and Firearms conducted a failed raid on the compound, resulting in a firefight in which four Federal officers and two of the cult members were killed.

The report is stamped "secret specat," or special category, which would have limited its distribution to a select group of Government officials with security clearances. The identity of the monitors sent to Texas and their ranks were not revealed.

In a report dated March 30, nearly three weeks before the final assault on the compound, the Special Operations Command responded to an "F.B.I. request for assistance" at the site.

The exact nature of the request is not clear in the heavily censored copy of the document that was released by the Defense Department. But the request clearly was important because the report prepared by the Special Operations Command was forwarded to the highest levels of the Pentagon, including Defense Secretary Aspin, and to the Joint Chiefs, then led by Gen. Colin Powell.

Federal law-enforcement agencies at the compound requested help from the Pentagon, including heavy weapons and military training, almost immediately after the raid on Feb. 28. Over the next weeks, the F.B.I. was provided with military helicopters, tanks, armored personnel carriers and weapons.

Related Articles

Reno Vows to Get at Truth on Fire at Cult Compound (Sept. 4, 1999)
http://www.nytimes.com/library/politics/090499fbi-waco.html

As Pressure Builds, Reno Appears Calm (Sept. 4, 1999)
http://www.nytimes.com/library/politics/090499waco-reno.html

Justice Dept. Talking to Ex-Missouri Senator About Leading a Waco Inquiry (Sept. 3, 1999)
http://www.nytimes.com/library/politics/090399waco-senator.html

Reno Orders Tape Seized From F.B.I. (Sept. 3, 1999)
http://www.nytimes.com/library/politics/090299fbi-waco.html

Forum Join a Discussion on Waco and the F.B.I.
http://forums.nytimes.com/webin/WebX?10@129.Oodva9BMg8V^42352@.ee6b280

Photo, Fire (FBI Videotape), April 19, 1999 Waco
http://www.webcrawler.com/photo/img/r/crime/davidians/19990903/was01?r=/photo/r/990905/00/news-crime-davidians
http://www.webcrawler.com/img/feeds/r/crime/davidians/19990903/was01_full.jpg

---

Clinton Expresses Confidence In Reno Over Waco

Updated 12:49 AM ET September 5, 1999, By John Poirier
http://webcrawler-news.excite.com/news/r/990905/00/news-crime-davidians

WASHINGTON (Reuters) - President Clinton said Saturday that he had confidence in Attorney General Janet Reno but pointedly avoided saying the same for the head of the FBI, which is accused of lying about a deadly 1993 siege.

"I certainly have confidence in the attorney general," Clinton said during a news conference at the presidential retreat at Camp David, Maryland.

"I support the attorney general's decision to seek an independent investigation" of the siege of the Branch Davidian compound near Waco, Texas, six years ago, Clinton said. The religious sect's leader, David Koresh, and about 80 of his followers were burned to death in the assault.

"We ought to see what the investigation turns up," Clinton said.

Asked if he also had confidence in FBI Director Louis Freeh, the president replied, "I think he did the right thing in saying he thought there ought to be an independent investigation, and I think that that's all we can ask of him."

Earlier this week, after denying for six years that pyrotechnic devices had been used in the Waco attack, the FBI said it had found two videotapes showing that heat-generating military tear gas canisters had been employed.

The agency emphasized, however, that the fatal Waco fire occurred hours later in another part of the complex.

The Branch Davidian incident -- a cause celebre for conspiracy theorists -- returned to the front page after the Dallas Morning News uncovered evidence of the military canisters' use from a Texas lawsuit.

"Over the past two weeks, I, along with many Americans, have been troubled, very troubled, over what has transpired," Reno said Thursday at a news conference dominated by questions about the FBI's new account of its actions.

Under pressure from both Republicans and Democrats in Congress, Reno has said she wants an outsider to head an independent investigation to "get to the truth" about the siege.

The White House, which has supported Reno throughout the controversy, had previously been silent about the FBI.

-----------

Private Eyes

High-resolution satellite images are about to go on sale. Now everyone from Saddam Hussein to Monsanto will be able to buy the kind of pictures the Pentagon has enjoyed for years. Will the age of transparency make us safer? Or just give us the creeps?

By ROBERT WRIGHT, September 5, 1999 New York Times Magazine
http://www.nytimes.com/library/magazine/home/19990905mag-tech-privacy.html

Suppose you had just spent hundreds of millions of dollars to build and launch a satellite and were planning to recoup the investment by selling the satellite's pictures. Chances are you would be pretty good at thinking up reasons that someone might want to buy images from outer space. At any rate, John Copple is.

Copple is the C.E.O. of Space Imaging, whose Ikonos satellite assuming the Sept. 24 launch goes as planned will offer the finest-grained pictures ever sold on the open market. "Where do I want to park the boat?" asks Copple, who is not, actually, in a boat, but is imagining himself in the shoes of a data-poor sports fisherman. "I want to fish where there's a lot of underbrush underneath the water, so the fish population has a lot of food." The solution is obvious. Ikonos "can see into the water quite a ways."

Fishing is not the only endeavor now plagued by primitive uncertainty. There's also hiking. But by taking a "3-D fly-through of Yellowstone Park," you could choose the most scenic trail before leaving home. Or maybe you're in the real-estate market, scouring the hills for choice acreage. Or you're in the swimming pool business, combing the city for affluent addresses with large backyards but no pools. Or you're a farmer who wants to use "multispectral" imagery to see which crops are in distress before they visibly falter.

There is, however, one use of Ikonos imagery that Copple does not bring up and that, when pressed, he plays down. It's the use for which reconnaissance satellites were invented four decades ago: reconnaissance. Vipin Gupta, a remote-sensing expert at Sandia National Laboratories, is more voluble on the subject. "In the short term, make no mistake, they're marketing for defense and intelligence applications," he says of Space Imaging and the several competing companies that plan to enter the high-resolution imaging business. "Governments have been willing to pay big money for this kind of data."

This is what makes Ikonos a geopolitical milestone. Able to discern objects only a few feet wide to see at "one-meter resolution" -- it will give presidents, generals and assorted political actors around the globe a kind of power once confined to elite nations.

This democratization is not universally celebrated. Among the ambivalent: high-tech nations, like Israel, with low-tech enemies, and sole-remaining-superpowers accustomed to kicking around tinhorn dictators. If Saddam Hussein had got his hands on good satellite imagery during the Persian Gulf war, Iraq could have anticipated Gen. Norman Schwarzkopf's famous "left hook" maneuver and turned it into a bit less of a cakewalk.

Faced with such prospects, the United States is struggling to preserve a strategic edge. Some approaches are peaceful, like denying commercial licenses for certain types of imagery or reserving the legal right to exercise emergency "shutter control" over American-owned satellites that is, reserving the right to blind a satellite company's customers. Other approaches are not so peaceful, like developing a ground-based laser that could convert satellites including those that belong to American companies into insensate hunks of warm metal in time of national peril. According to a report issued last year by the United States Space Command, America must be able to assert the "control of space" whenever necessary.

That's one view. Another view is that everyone should calm down. In this view, the "age of transparency," as the science-fiction writer Arthur C. Clarke has called it, will be a wonderful thing. In his 1987 novel, "2061: Odyssey Three," Clarke envisioned a time when, with everyone keeping an eye on everyone else, surprise attacks would be impossible and war among great powers unthinkable.

For the policy doctrine in search of Washington credibility, being championed by a science-fiction writer is not necessarily an asset. But a measured version of the Clarke scenario is now being used by some Washington policy analysts. "Symmetrical transparency will be a good thing in the long run for peace," says Ann Florini of the Carnegie Endowment for International Peace.

So why isn't transparency being hailed by more people in Government? Because, Florini says, they don't get paid to think about the long run. They're in the business of day-to-day crisis control handling the Husseins of the world, struggling for tactical advantage. "They're in the habit of fighting this fire right now, and it's easier to fight this fire right now if you have control over the information flow."

So, as Ikonos awaits its debut, there is disagreement over what to worry about. In some parts of Government, the worry is that the era signaled by Ikonos will be bad for national security and world peace. In some think tanks, the worry is that this attitude could itself be bad for national security and world peace -- that the United States will spend its time trying vainly to forestall the age of transparency rather than shaping it to benign ends.

What everyone agrees on is that things are going to change. The era of commercially available high-resolution satellite imagery has been falsely proclaimed for years. Launches have been delayed and delayed again or, worse still, have failed. In fact, an earlier Ikonos, launched in April, never reached orbit, thanks to a faulty rocket. But with Ikonos ready to go and two comparable commercial satellites due up in space in 2000, the age of transparency now seems sure to dawn one way or another. Within a year, "we're going to see takeoff finally occur for better or worse," says John Baker, formerly of the Space Policy Institute at George Washington University and now a policy analyst at the RAND Corporation.

If Ikonos gets up and running, it will hardly be the first satellite offering salable pictures. But its one-meter-resolution images will be unique. Unlike the 10-meter images available from the French SPOT satellites and the 5-meter images available from India, the pictures from Ikonos will get analysts close enough to discern missile launchers and tanks and distinguish between fighter planes and bombers. Moreover, unlike the two-meter images sold by Russia, the Ikonos images aren't hobbled by Sputnik-era technology. The Russians still parachute their film to earth; under ideal conditions a picture is available nine days after it is shot, and the wait has been known to take months. Space Imaging, under ideal circumstances, can get a preliminary image out 30 minutes after the shutter snaps. Five-day-old images will qualify as archival and sell for $30 to $300 per square mile of mapped surface on the company's Web site.

This combination of clarity and speed is what gives American military planners the creeps. And the combination will grow only more pervasive. Ikonos, circling the globe on a north-south axis twice a day, and swiveling east to west from its 420-mile-high perch, will render the average piece of turf visible once every three days. If Space Imaging's two American competitors, Orbital Imaging Corporation and Earthwatch, stay on their launch schedules, visibility could reach once a day within a year.

American attempts to forestall transparency will have to contend with the force that confounds various national policies these days global competition. Consider a restraint that Congress, with State Department support, has placed on satellites launched by American companies: it is now illegal to take high-resolution pictures of Israel. Naturally, this makes American satellites less attractive to some customers (Israeli businesses, certainly). So does the general uncertainty spawned by the Clinton Administration's elastic shutter-control rules, which give the Government the power to shut down satellites not just to protect "national security" but also when "international obligations or foreign policy interests may be compromised." Eventually, you would expect satellite entrepreneurs to avoid these liabilities by incorporating in hands-off places like the Cayman Islands.

Sure enough, by next year, if all goes according to plan, one-meter images will be available from West Indian Space Ltd., a Cayman Islands company. (It is a joint venture involving an American company and Israel Aircraft Industries, which is owned by the same Israeli Government that successfully lobbied to fetter high-resolution American satellites. If you would like energetic elaboration on this paradox, contact lobbyists from American satellite companies.)

And so it will go. In the long run, the more the American Government tries to control commercial satellites, the fewer American commercial satellites there will be to control. In the fall of 1997, Orbital Imaging asked permission to sell data from a planned "hyperspectral" satellite, Orb View-4. Such a satellite could detect camouflage, help find underground minerals and maybe even sense genetically distinct strains of corn and other crops (in which case, agribusinesses like Monsanto might use it to hunt down farmers planting bootlegged copies of proprietary seed). Finally, in April, the Administration rendered a verdict: yes, Orbital can sell hyperspectral images, but currently only at 24-meter resolution, not at Orb View's 8-meter capacity. Expect the next hyperspectral satellite to come from a more laissez-faire nation.

In an especially vigorous exercise in futility, the United States has tried to impede the launch of a foreign commercial satellite. The Canadian company Macdonald Dettwiler expected NASA to launch its three-meter-resolution radar satellite, Radarsat-2, which was slated to make its debut in 2002. But radar satellites can see through clouds and at night, something the Pentagon has said it doesn't want just anybody to be able to do at resolutions finer than five meters. Early this year, NASA started balking at handling the launch. So the Canadians, not surprisingly, have started exploring the possibility of a European launch.

The coming age of transparency has received so little attention in Washington policy circles that to speak of a conventional wisdom is premature. Still, there is a small community of transparency ponderers, and their discourse to date, when synthesized and stripped of bothersome academic caveats and qualifications, yields a few basic generalizations.

Rule No. 1 is almost self-evident: as transparency is imposed on all nations from above, closed societies, like North Korea, have more secrets to lose than open societies, like our own. This rule hasn't kept American officials from worrying. At a conference on remote sensing earlier this year, a speaker from the National Reconnaissance Office, which operates U.S. spy satellites and weighs in on commercial satellite licensing (along with the C.I.A. and the State, Defense and Commerce Departments), warned that "soon Hezbollah and Osama bin Laden are going to have access to a one-meter image of you pick it the state Capitol at Albany, N.Y., the White House, the Congress, the Pentagon."

Actually, if Osama bin Laden wants an overhead view of the Pentagon, he should check out the Web site of the National Reconnaissance Office. Among the images at nro.odci.gov is a nice satellite shot of the building from Government archives. It's not at one-meter resolution, but crisper shots taken from airplanes are available at Washington souvenir stores.

Besides, most terrorists would just as soon blow up a bus station as a Federal building and they deliver bombs by car, not plane. "A terrorist doesn't need satellite imagery," says Bhupendra Jasani, a remote-sensing expert at Kings College, in London. For the most part, "terrorists just want to create chaos."

Granted, terrorists may eventually be able to send smart missiles or smart bombs by combining overhead pictures with data from global-positioning satellites. But whether the target is the Pentagon, the White House or your house, getting the overhead pictures will be the easy part, with or without Ikonos. All in all, then, it seems safe to enunciate Rule No. 2: the coming generation of high-resolution commercial satellites won't be a big boon for terrorists.

That is why the people trying to wrap their minds around the age of transparency are giving most of their thought to war between nations. One result is Rule No. 3: in your classic nuclear standoff, symmetrical transparency can lessen the chances of war.

"I've been in satellite imagery since 1962," says Brian Gordon, who used to work for the Defense Intelligence Agency and whose company, Direct Information Access Corporation, analyzes pictures for Space Imaging and its competitors. "I've seen the effect of our knowing what the Soviets were doing and vice versa." After Soviet and American spy satellites went aloft in the early 1960's, "paranoia diminished."

To put the logic in a contemporary setting: if Pakistan knows that India isn't mobilizing an assault and India knows the same about Pakistan, then, in theory, neither trigger finger will get defensively itchy, and if each side knows that the other side is watching, both will indeed be less likely to mobilize an assault.

Of course, if satellites gave you a clear view of your enemy's missiles, you might start thinking you could wipe them out with a pre-emptive strike that a nuclear war would be "winnable." Still, various real-world factors would make it hard to put much faith in such a strategy. For example, for all you know your victim might "launch on warning" and retaliate as soon as your missiles were seen heading over the border.

For this and other reasons, it remains highly unlikely that a rational leader would gamble on a first strike. So long as that is true, what starts nuclear wars isn't a nation deciding to attack, but rather a nation wrongly perceiving that it is under attack. And if warped perception is the problem, accurate information, capably interpreted, is part of the solution.

In the realm of conventional war, alas, warped perception isn't the only problem. Conventional wars are winnable, a first strike thus rational and high-resolution targeting data potentially dangerous. Before invading Kuwait, Saddam Hussein bought imagery from the French SPOT satellites a measly 10-meter resolution, but better than nothing. (France cut off Hussein's access before the allied invasion.)

Of course, satellites can also help deter aggression, since troops massing on borders are vivid from above. Hence Rule No. 4: when it comes to conventional war, there are no simple rules. Transparency can plausibly be a tool for good or ill.

Even here, though, good may have an edge. Consider the Spratly Islands, in the South China Sea. They are a place of perpetual argument among a half-dozen nations over who owns which chunk of land. China has done some stealthy construction work in a part of the Spratly Islands known (no kidding) as Mischief Reef, ostensibly to provide shelters for its fishermen. Last year the Philippine Government, another Spratly disputant, took aerial photos and noticed some oddities about this particular fishing-shelter-refurbishing project: new barrackslike structures and satellite receivers. And were those platforms by any chance gun emplacements?

The big question is whether China would have been less assertive had it known it was going to be on candid camera. As it happens, a partial answer was provided late last year by Representative Dana Rohrabacher, irrepressible Republican of California. The Congressman used a Philippine Government plane to fly over and take pictures of Chinese ships in the region. According to The Manila Times, China having caught wind of the photo op withdrew its major combat ships, though Rohrabacher did get pictures of several remaining vessels.

Unfortunately for world peace, Rohrabacher can't spend all his time in a plane circling the Spratly Islands. But half a dozen high-resolution satellites could have the same effect.

Satellites have other advantages over airplanes, notes Baker, the policy analyst; he plans to use Ikonos imagery to test the hypothesis that commercial satellites could stabilize the Spratly Islands. Satellites aren't intrusive they can legally pass over anyone's territory, which means that they don't start incidents that start wars.

Baker is guardedly optimistic about transparency. Though it can help bad guys as well as good guys, it makes surprise harder, and the typical war's inaugural surprise comes from the aggressor, not the victim. Of course, history is full of examples in which evidence of threatening maneuvers went unseen or misinterpreted or unpublicized. Witness America's lack of alarm over Iraqi troops poised to invade Kuwait. Or its inability to anticipate India's nuclear test last year. Or its apparent failure to make waves about China's Spratly constructions, which it presumably saw. (The best U.S. spy satellites have resolutions measured in inches.)

But that's the point. In the age of transparency, vigilance won't rest solely on the shoulders of a Government that may or may not notice warning signs, may or may not interpret them correctly, may or may not choose to publicize them. For starters, there will be television networks and magazines to publicize fresh satellite imagery. There will also be issue-oriented groups eager to air data that further their cause. In the case of the Spratly Islands, the conservative Heritage Foundation played this role, happily posting Rohrabacher's photos at www.heritage.org. Every issue has its Heritage Foundation, some nongovernmental actor corporate, nonprofit, whatever that wants to advertise misbehavior and might pay for the privilege. Armed with satellite shots, the Sierra Club could become a de facto enforcer of environmental treaties or at least an aggressive embarrasser of noncompliant nations.

In a way, it's just another step toward a global village. As the science-fiction writer David Brin stressed in his nonfiction book, "The Transparent Society," people in traditional villages know one another's business, and it is precisely this lack of privacy that keeps them on good behavior. (Happily, the satellites that keep national leaders feeling naked before the world won't have the same effect on the average citizen. Your neighbors can use a one-meter-resolution satellite to see if there's a swimming pool in your backyard, but they can't see who has been swimming there.)

All told, there seems to be grounds for formulating Rule No. 5: the age of transparency is a plus. Over time, it should help victims more than aggressors, prevent more wars than it starts and do an especially good job preventing nuclear wars. In this view the view of the transparency enthusiast the coming generation of commercial high-resolution satellites will become a vital global resource, a precious celestial membrane that could save the human species from itself.

You will search American space policy in vain for the phrase "precious celestial membrane," or for any grand plan to unite with other nations to protect outer space. The stated goal of the United States is to control space: to insure that America has the ability both to protect its own space assets and to destroy those of any other country.

This doctrine was spelled out last year in the report issued by the United States Space Command. It is a visionary tract that justifies itself in cosmic historical terms. "As sea commerce advanced in the 18th and 19th centuries," the report observes, "nations formed navies to project power and to protect and enhance their commercial interests. Similarly, during the westward expansion of the continental United States, military outposts and cavalry emerged to protect our wagon trains, settlements and railroads." And as outer space is commercialized . . . well, you get the picture.

Not noted in this manifesto is one big difference between sea and land on the one hand and space on the other. Space will increasingly house lots of sensitive satellites whose disruption might trigger the apocalypse; so turning it into a battlefield could be bad news.

This conclusion doesn't depend on your buying Rule No. 5. Even if the growing reliance on eyes in the sky isn't a net plus, the fact remains that the reliance is growing. And one thing everyone agrees on is that in a nuclear world, sudden widespread blindness is bad. It makes people edgy.

In some contexts, the Clinton Administration appreciates this logic. This New Year's Eve, as Y2K dawns, computer glitches could stop the flow of satellite data to various nations. The Administration plans to gather officials from Russia, and perhaps from other nuclear powers, at a "Center for Y2K Strategic Stability" in Colorado Springs, Colo. There the United States will share data coming in from its own Y2K-compliant systems. The idea is that it is in America's interest to keep sudden blindness from afflicting other nations in time of peace.

Presumably, if this is in America's interest on Jan. 1, 2000, it will be in America's interest thereafter an observation that raises some doubts about current policy. To wit: maybe the continued American development of antisatellite weapons (ASAT's), by spurring an arms race, could expose the world's satellites to catastrophic disruption. Maybe it would be a good idea to quit while we're ahead, or at least while we're not behind, if other nations will agree not even to enter the race.

Granted, verifying compliance with such a pledge would be tricky, to say the least. But that's no excuse for ignoring the problem, which seems to be the Administration's current frame of mind. The value and feasibility of an ASAT treaty whether a ban on the weapons themselves or (more feasibly) a ban on testing them is getting zero study in the arms control agency at the State Department.

In one sense, antisatellite weapons are no big deal. They are just one tool in the "space control" arsenal, along with tactics like bombing satellite dishes and jamming satellites. Indeed, the White House itself, recognizing that such weapons are a messy form of space control, deems them a tool of last resort and keeps the ASAT program alive partly in deference to Congress's Buck Rogers coalition, starring the Republican Senators Bob Smith of New Hampshire and Jon Kyl of Arizona.

Still, antisatellite weapons, however faint their profile in the space-control arsenal, serve as a sharp symbol of failure the failure to acknowledge the basic drift of things these days. With satellites, as with economics and so much else, a nation's sovereign control of its destiny is increasingly impractical, so control must be found in cooperation.

This isn't left-wing woolly-minded one-worldism. Well, actually, it is. But its core logic isn't exclusively left wing. Living testament to this fact is Henry Sokolski, a former adviser to Dan Quayle and now executive director of the Nonproliferation Policy Education Center. Sokolski is squeamish about transparency, bullish on antisatellite weapons and all for shutter control. But he realizes that unilateral shutter control is a futile game. Hence his woolly-minded multilateralist scheme: to forge an agreement with other nations under which we blind our satellites for them and they blind their satellites for us. One for all and all for one.

Nothing necessarily wrong with that. Even the average leftish transparency enthusiast realizes that there will be more wars, that some of those wars will be just and that during a just war symmetrical transparency is unfortunate. So most observers left, right and center accept that in wartime the United States would pull what strings it could peacefully and legitimately pull. And most think it would be nice to arrange in advance for coordinated string pulling something the Administration is just starting to explore.

But for the leftish transparency enthusiast, this would be only the beginning of the multilateralist schemes. There would also be a continuing and comprehensive version of the Y2K strategic-stability center: a place where analysts from, say, India and Pakistan could confront one another with alarming images and request explanation, as well as consult with third-party analysts. Such crisis control centers long advocated by Jasani, of Kings College will grow more important as the Matt Drudges of the world start publishing ambiguous satellite images along with alarmist half-baked analysis.

Some leftish schemes would include a concerted supranational effort to protect the whole satellite system from any one disruptive nation. If that meant surrendering America's prerogative to blind satellites unilaterally by shutter control, so be it. The idea is that the overall gain of preventing sudden apocalypse-inducing outages would dwarf the tactical edge lost in particular cases.

Actually, the United States could well lose that prerogative anyway. Barbara Cochran, president of the Radio-Television News Directors Association, has asked, What exactly is the difference between a satellite picture and regular photographs you know, the pictures that the First Amendment gives newspapers the right to publish regardless of the Pentagon's opinion of them? If her argument winds up in court and prevails there, the Government's broad criteria for shutter control will be history; in order to close a satellite's eyes, the White House will have to argue that there is a "clear and present danger" to national security and show it to a judge.

If the courts deem remote sensing a First Amendment issue, it isn't just shutter control that could suffer. After all, blowing up satellites is an equally effective means of hampering this particular form of free speech. And that includes foreign satellites, if they have American customers. It could be that a few years from now part of America's current strategic doctrine the unilateral "control of space" will be seen as unconstitutional. Not to mention a bad idea.