[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NSA and competence
> They sure make some BIG mistakes, though, don't they?
> And they didn't cover up the Clipper mistakes very well at all.
> And they're not seeing the economical relationships regarding exports
> very well.
> Do you suppose that maybe this is intentional?
What big mistakes? The Clipper error is a relatively small mistake.
Sure, there's a loophole that allows someone with the neccesary
will and knowledge to clipper-encrypt things in such a way that the
government can't decrypt them. But I believe the NSA when they say they
knew about this, but didn't care. Because it makes sense. The NSA
knows that anyone with the neccesary knowledge to exercise this loophole
_surely_ knows about other non-clipper encryption methods too.
Any terrorist who knows enough about encryption to know how to exercise the
loophole (which will be any terrorist at all pretty soon) will surely know
enough to encrypt with PGP underneath clipper anyway. So what difference
does it make to the NSA? Sure, clipper might be a bit harder for the NSA
to crack then RSA/IDEA, but appearantly not enough to justify NSA-concern.
This just re-emphasizes that the NSA isn't _really_ worried about terrorists
and drug dealers and such. I mean, they're worried, but that's not the
worry that motivates clipper. Because clipper wont' be any good against
terrorists and drug dealers as long as alternate encryption is legal.
They are worried about non-escrowed encryption becoming a _standard_, for
the Average Joe. The Average Joe, while he might use PGP in a clipper-free
world, proably isnt' going to use it if his mail is protected by
clipper already. And he sure isn't going to exercise the clipper
loophole. IMHO, the NSA obviously spends enough effort spying on the
Average Joe to justify clipper for these reasons. Because they can't
be blind enough to think that Clipper is going to be any use at all
against those who care. The fact that they are unconcerned about this
loophole seems to justify that.
As for "not seeing the economic relationships", they just don't care.
The export restrictions have one purpose only: to hinder cryptology
R&D in America. Yeah, anyone who thinks about it realizes that this means
hurting american software companies ability to compete, but the NSA
doesn't care about ability to compete. They care about National Security.
And they think that National Security will be compromised if American firms
engage in lots of crypto-R&D. So they are doing anything in their power
to prevent that. Export-restrictions are really the only thing they have the
power to do in this regard, but they should work perfectly sufficiently
for their purposes.
They dont' seem to be making too many mistakes to me.