Re: NPR story on crypto...
John Young writes: What's intriguing is whether PECSENC, now headed by an ex-NSA honcho, is going to bite NSA's sigint bullet, and recommend that strong encryption is better for the public interest than natsec snooping, what with the world now getting its hands on means of strong protection for conventional telecommunications of text and to a lesser extent voice. I'll go out on a limb and speculate that the NSA will eventually be a proponent of strong crypto. Why? Because the weak-crypto crowd essentially operates as a cartel. A cartel is built of all interested parties (e.g. oil producers in OPEC). They all agree to refrain from behavior which would be advantagous if only a minority did it, but which is harmful if everyone did it (e.g. competing in a free market). In the case of economic producers, that means reducing production and raising prices. Of course, you can't deny the free market. It's like a balloon -- press in on it, and it presses out somewhere else. If you succeed in containing it, it pushes back hard everywhere. Now that prices are higher, you have two problems: new entrants have to be incorporated into the cartel, and current entrants have a strong incentive to cheat. These problems are bad enough that only one cartel has survived in the long run: the deBeers diamond cartel. Remember the new diamond fields in Canada and Russia discovered earlier this decade? They were brought into the cartel (IIRC). They had to be, otherwise the cartel would fall. This works because people have been persuaded that diamonds are precious, worth paying very high prices. There's lots of room in the diamond cartel. Is it obvious now how this applies to the crypto market? If everyone is forced to use weak crypto, all governments can spy on all others.[1] But now that PC's are cheap and strong crypto is widely available, governments have a harder time enforcing weak crypto (presuming they want to). As their citizens and corporations defect, the remaining cartel members lose the advantage of decrypting the defectors, and have a shorter lever to control their own citizens and corporations. At some point there will be enough defectors to bring down the cartel. Once we break the dam, the NSA, being a responsible government institution, must advocate strong crypto in order to protect its mission. Because, their mission is to gain an advantage over other countries through sigint. If their policies create an obvious disadvantage (US crypto can be broken, but nobody else's can), then they'll be changed. And when the dam breaks, you'll see an amazing flip-flop. You'll need a seat belt on your computer chair to keep from falling on the floor. [1] There are secret trade shows where wiretapping equipment is sold. You need a clearance and a photo badge to attend. I've never been, but I expect that the same, or similar, trade shows sell DES-breaking equipment. Particularly when it's cheaper than five hum-vees. -- -russ nelson [EMAIL PROTECTED] http://crynwr.com/~nelson Crynwr supports Open Source(tm) Software| PGPok | Government schools are so 521 Pleasant Valley Rd. | +1 315 268 1925 voice | bad that any rank amateur Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | can outdo them. Homeschool!
Re: NPR story on crypto...
What's intriguing is whether PECSENC, now headed by an ex-NSA honcho, is going to bite NSA's sigint bullet, and recommend that As far as I can tell Stuart Baker has realized that the time has come for crypto to be widespread. I don't really see him standing in the way of the PECSENC issuing a recommendation in either direction. At the last meeting I was at he was truly a facilitator, not an opinion leader. -- sameer
Re: NPR story on crypto...
-- At 03:17 PM 6/26/99 -0400, Russell Nelson wrote: At some point there will be enough defectors to bring down the cartel. Once we break the dam, the NSA, being a responsible government institution, must advocate strong crypto in order to protect its mission. Because, their mission is to gain an advantage over other countries through sigint. This has not been their mission since the fall of the Soviet Union. If they were still operating under their wartime mission, they would have already done a flip Their new revised mission is to gain an advantage for the US government over US citizens. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 1Or62Yo2734CUUOeRD2kSfdrhpiM8Q4CGyBqQbaV 4NvZ/17IPS0YGa5nUzZoTAbMgjjNF9ElbQIe4vD2
Re: NPR story on crypto...
-BEGIN PGP SIGNED MESSAGE- At 4:14 PM -0400 on 6/26/99, Sameer Parekh wrote: As far as I can tell Stuart Baker has realized that the time has come for crypto to be widespread. Yup. F=MA, where M stands for money. :-). Digital commerce is financial cryptography, financial crypto is strong crypto, and without strong crypto there's no digital commerce. And all that. I don't really see him standing in the way of the PECSENC issuing a recommendation in either direction. At the last meeting I was at he was truly a facilitator, not an opinion leader. Of course, lawyers are paid to be nice when they have to be, :-), but when Stu came to talk to DCSB a couple(?) of years ago, he seemed not at all like the "Smoking Man" picture we all had painted of him at the time. Just a simple country lawyer out to make a buck. :-). Stu said that at some point, say, three to five years before his DCSB talk, whenever that was, the NSA had indeed seen the handwriting on the wall about their inability to control the spread of strong cryptography in a world of ubiquitous public internetworks, and decided that the only thing left for them to do was to try to stall for as much time as they could. The best way to do that, Stu himself says he figured, was to tell Louie Freeh, probably the only guy in history who had actually busted someone using a telephone wiretap (the "Pizza Connection" herion-and-pizza-parlor case, certain proof that criminals are indeed dumb), that he (Louie) wouldn't get to play telephone with the bad guys anymore if said pizza-barons had strong crypto. And so, down Stu went, hat in hand, to hear him tell it, to the Hoover Building. And, there, Stu let slip the dogs of war. If you can call J. Edgar in a pink chenille dress, flounces, ruffles, and all, a *war*-dog, anyway... Since then, of course, Stu's been out in *private* practice, not "public" practice (a pair of word combinations which together still make me giggle), and the only actual crypto-law customers he can find are people who want to *spread* cryptography, all so that the aforementioned bad-guys won't steal their -- and, more important, their customers' -- money. Go figure. As a result, Stu has now had the required deathbed conversion to the idea that financial cryptography is the only cryptography that matters. Imagine that. Oh, well, that's why we live in a world where we have to hire sophists to keep us out of jail and still have to deferentially refer to them "counsellor", I guess. ;-). Yet, all of this is as it should be, because, repeat after me, class, "physics causes economics and economics causes law and 'policy'". Try to do it the other way around, and you look like Hitler and eugenics. Or Stalin and Lysenko's biology. Or Mao and Marx's economics. Or Carter and Lovins' engineering. Or Gore and Gore's ecology. Word to the wise, folks. In 2002, $1.1 *trillion* worth of transactions will be executed on the internet, according to the most wild-ass projection you can find out there. And, of course, every wild-ass prediction like that so far has been short by at least one order of magnitude. If you can't imagine where all that money's going to actually come from, remember that $4 trillion a *day* is still being moved around on expensive proprietary networks, like SWIFT, or whatever, using constipated old book-entry settlement methods. As opposed to the ubiquitously cheap internet and instantaneous -- and less risky -- digital bearer settlement, of course. (Betcha can't tell what kind of transactions *I* want to underwrite, can you? :-).) Better living through financial cryptography, in other words. The moral of the story, boys and girls, is that *political* cryptography is dead. Political cryptography is military cryptography, obviously, it is also, sadly, our personal favorite flavor of geek-promoted "anti-spook" cryptography, as well. In other words, and as ruthless as this sounds, if it don't make money it won't sell, and if it won't sell, who cares about it, anyway? Fortunately for freedom-loving cryptogeeks everywhere, where actual money is involved, the stronger the financial cryptography, the better the market likes it. And, oddly enough, we haven't put *actual* money on the net yet, just instructions to move money from one bank account to another. That's about to change. And, when it does, political cryptography will be a doe in the headlamp of an express-train called financial cryptography, high-balling down that intercontinental express track called the public internetwork. Bambi meets Mozilla, if you will. F = MA. Cheers, RAH -BEGIN PGP SIGNATURE- Version: PGP Personal Privacy 6.0.2 iQEVAwUBN3f8yMUCGwxmWcHhAQHnqggAsR9jgkZ1f9QRB2ydFC/vNklFCHvyKYDm jR3/ACNFghwEovOgsTPisjQjcWVQ0Nzd/ceFdR4xgBIEeX9XapJKbMwMiV4bjUs3 +Gyabc1J8pGJQRmS5K7iBo9rBTSXt2+Av3UUdaAT0A3dIDO4g2H7jYIjiBQWEPFf vKYNkVMnYt/uizB9Ih8Clnif1OybhRzlGzRfbO3yzNeka8Pn/mNeUiglHSOAwi3y
Crowell says export crypto, not jobs; was: NPR story on crypto...
At 01:14 PM 6/26/99 -0700, Sameer Parekh wrote: What's intriguing is whether PECSENC, now headed by an ex-NSA honcho, is going to bite NSA's sigint bullet Vin McLellan responded: Unfortunately, the new chair of PECSENC is William P. Crowell, who became President of Cylink about 6 months after he retired as Deputy Director of the NSA. I believe Crowell took over in May. I don't pretend to know what Mr. Crowell believes in his heart of hearts, but I talked to him briefly after the Bernstein ruling. He told me that, as CEO of Cylink, he was sworn to maximize profits for the company, which meant opposing _anything_ (his words) which hindered his company's ability to sell domestically or abroad. I asked him how he thought people would respond to that, given his previous role in the encryption wars. "I haven't changed," he told me. "The world has." In other words, he said (and we printed in my previous employer's publication), foreign availability has simply made export restrictions irrelevant. Will Rodger USA Today.com (speaking only for myself)
Re: NPR story on crypto...
Vin McLelland wrote: Nice article in USAToday, Will! You might find it useful to note -- and I'm open for correction on this from anyone -- that the US Government's Bernstein brief is, I believe, the first time the Govt has openly acknowledged that the export control issue is all about sigint -- listening to the legal communications of citizens and officials of other national, allied and friendly. There's more brewing on this with PECSENC, if not PEC. Recall that PECSENC has been directed by the President to come up with recommendations for a more publicly acceptable crypto policy by September under the rubric "Liberalization 2000:" Quote from a proposed Federal Register notice by PECSENC: The PECSENC has designated an encryption export control experts' group to evaluate and propose an agenda of plausible, incremental reforms as early as next year. The experts' group will consider proposals from the PECSENC, from industry, and from the public. It will recommend proposals it finds worthy of the PECSENC's consideration. The proposals will be considered independently by the PECSENC and modified, adopted, or rejected as the PECSENC chooses. This is from a report on the May 14 PECSENC meeting: http://jya.com/pecsenc051499.htm There may be more news of this from the PECSENC meeting today on when the public is to be engaged in this "liberalization" policy. What's intriguing is whether PECSENC, now headed by an ex-NSA honcho, is going to bite NSA's sigint bullet, and recommend that strong encryption is better for the public interest than natsec snooping, what with the world now getting its hands on means of strong protection for conventional telecommunications of text and to a lesser extent voice. This would correspond with the CRISIS report of 1996, which recommended liberalization on strong crypto and the development of other (unnamed) technologies for snooping and law enforcement. The rapid advance of technologies for identification, interception and surveillance other than those for text and voice transmissions could replace the need for weak crypto. There are some pretty amazing things being done with Hidden Markov Modeling to track patterns for identification, based on a survey of some 300 patents utilizing the invention in a wide host of applications.
RE: NPR story on crypto...
At 06:34 PM 6/24/99 -0400, David Lesher wrote: NPR's ATC has a story at the end of their first segment; i.e. 4:25 Eastern. I missed most of it but it was about some aspect of Osama bin Laden's group being arrested. Mention was made of encrypted files, and the inference that they were cracked. And Vin McLellan replied: Whether the Yeminis and the Western LEAs had already obtained access to the contents of the encrypted files was left unclear, although it was implied. If so, it seems likely that we (or at least selected judges and legislators) will hear a lot about the incident in future debates over Wassenaar and crypto export controls. Yet it appears folks who make this argument won't be able to say the info. remained encrypted despite their best efforts. All of which begs a question: why has the crypto debate been so quiet this year? Perhaps the govt. is nearing its end game. One highly placed LEA source told me he expects crypto liberalization to pass _this year_ -- in all likelihood something like McCain's PROTECT Act which would do away with essentially all controls once the Advanced Encryption Standard is done. That, BTW, is supposed to happen no later than 1/1/2002, the bill says flatly. Of course, Clinton still won't sign it. For years I thought it would be 2005 or later before we saw the end of controls. What's happening now seemed almost impossible just a year ago... My story: http://www.usatoday.com/life/cyber/tech/ctf452.htm Will Rodger USAToday.com
RE: NPR story on crypto...
Nice article in USAToday, Will! You might find it useful to note -- and I'm open for correction on this from anyone -- that the US Government's Bernstein brief is, I believe, the first time the Govt has openly acknowledged that the export control issue is all about sigint -- listening to the legal communications of citizens and officials of other national, allied and friendly. Repeatedly, in the past, the US Govt. has reduced the public policy debate to absurdity by claiming that only by severely limiting the strength of the crypto available to legitimate commercial buyers of American (and Wassenaar) computer and communications technology could the we safeguard children, womenfolk, and the home hearth from blood-thirsty terrorists and ravening pornographers. _Vin At 05:06 PM 6/25/99 -0400, Rodger, William wrote: All of which begs a question: why has the crypto debate been so quiet this year? Perhaps the govt. is nearing its end game. One highly placed LEA source told me he expects crypto liberalization to pass _this year_ -- in all likelihood something like McCain's PROTECT Act which would do away with essentially all controls once the Advanced Encryption Standard is done. That, BTW, is supposed to happen no later than 1/1/2002, the bill says flatly. Of course, Clinton still won't sign it. For years I thought it would be 2005 or later before we saw the end of controls. What's happening now seemed almost impossible just a year ago... My story: http://www.usatoday.com/life/cyber/tech/ctf452.htm Will Rodger USAToday.com "Cryptography is like literacy in the Dark Ages. Infinitely potent, for good and ill... yet basically an intellectual construct, an idea, which by its nature will resist efforts to restrict it to bureaucrats and others who deem only themselves worthy of such Privilege." _A Thinking Man's Creed for Crypto _vbm * Vin McLellan + The Privacy Guild + [EMAIL PROTECTED]* 53 Nichols St., Chelsea, MA 02150 USA 617 884-5548