Re: NSA back doors in encryption products
Rick Smith wrote: > If the NSA approaches Microsoft to acquire their support of NSA's > surveillance mission, then the information will have to be shared > with a bunch of people inside Microsoft, and they're not all going > to keep it secret. Two people in Microsoft would need to know. Bill Gates, and the lead programmer on the part of the product with the security or privacy bug. The lead programmer would do it and keep quiet if "Bill" personally asked him or her to. Nobody else would need to know, and it's unlikely that anybody else would stumble on the bug (particularly if the lead programmer does the maintenance on that part of the code). The US Government was doing such things as early as 1919, when they approached the head of Western Union. A messenger picked up all the telegrams of the last 24 hours, daily, brought them to Herbert Yardley's "Black Chamber", and returned them by the end of the day. The entire operation was completely illegal. The same was done with the Postal Telegraph company in 1920. (Puzzle Palace, pg. 11-12.) I doubt very many employees were in on the secret. I have a well-founded rumor that a major Silicon Valley company was approached by NSA in the '90s with a proposal to insert a deliberate security bug into their products. They declined when they realized that an allegation of the bug NSA wanted (using a "large prime" that was really composite) would be detectable and verifiable by customers and competitors. (There have been allegations of NSA-induced bugs in Crypto AG equipment, but the company just denies them and nobody has proven they exist yet. This one would've been easier to find once the allegation was made.) Turning down the offer on verifiability grounds left them wondering whether they really would have done it if it'd been possible to keep the whole thing secret. The quid pro quo offered by NSA would be that their products would have no trouble getting through the (at the time) draconian export controls. Of course, there was no way to enforce the deal either; "blowing the whistle" if NSA refused export permission would have revealed the company's security products as untrustworthy, probably kicking it out of the security market. Anybody tested the primes in major products lately? Did you ever wonder how certain companies' products got export licenses when other similar companies just couldn't export? How hard is it to factor a product of two primes when one of them isn't really prime? (I.e. to factor a product of three primes?) John
[FYI] (Fwd) EU Echelon investigation knobbled? [OT]
--- Forwarded message follows --- From: Martin Cooper <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject:EU Echelon investigation knobbled? [OT] Date sent: Tue, 23 May 2000 14:37:48 +0100 Send reply to: [EMAIL PROTECTED] According to the latest issue of Private Eye, the EU investigation into Echelon is being "quietly" dropped as a result of lobbying by the European Labour group. AIUI there is some connection with the Eurofighter procurement, but I couldn't make out quite what it was. M. --- End of forwarded message ---
Re: Hidden "secret search" provision in the meth bill & two others
I mentioned the "secret search" provisions in the meth bill before the House Judiciary committee in a May 9 article: http://www.wired.com/news/print/0,1294,36209,00.html This is similar to a letter from Reno in January that said cops could do secret searches and seizures (in the context of snatching private keys) without new legislation: http://www.wired.com/news/print/0,1294,33779,00.html In my weekly column last week I mentioned the meth vote in House Judiciary still hadn't happened, probably due to pressure from drug legalization activists: http://www.wired.com/news/politics/0,1283,36452,00.html The CDT letter is more detailed, but I've placed an ACLU "suggested amendments to the meth bill" letter here: http://www.politechbot.com/docs/meth-aclu.050800.html -Declan At 18:42 5/22/2000 -0700, John Gilmore wrote: >I have not verified this, but if true, time is of the essence. >It's time to HOWL to your Congressmen to stop them! > >Whenever you read one of those "clerical amendments" that inserts >phrases into other parts of other laws -- watch out! Somebody is >trying to pull the wool over your eyes. > > John