[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FBI seeks huge wiretapping system
On this topic...
We had lunch with the deputy director of the NSA yesterday. In between
agreeing to put backdoors in the Internet, help round up subversives and
build a DES cracker :-) the topic of telephone tapping came up.
One point that was quite clear, a lot of what happens in the federal
government has more to do with the agency structure than common sense.
When the NSA are being asked to comment on an export license they
are being asked "is this thing dangerous", not "should it be exported".
But when the response comes back to commerce "its dangerous" you can
hardly expect the person on the other end to put their neck out on the
line and risk allowing an export license.
Out another way this is a beuracracy where the objective is to avoid
the negative rather than gamble for a positive. Where risks are taken
they are calculated beuracratic risks.
What is needed is a federal task force to reevaluate the crypto
export issue. This should look at whether the effect of the embargo
is positive or negative. Of course the result would be known in
advance but would provide a shield to hide behind. Would be useful
if some other counterproductive policies were re-examined at the same
time, like the persecution of Phil Zimmerman.
On ITAR he did say that the policy met the desired objective. The
particular objective concerned was not stated however. Probably if
they could tell us the objective we could provide a solution but then
again if they told us it would probably defeat the objective in itself.
On telephone tapping the statement was made that they do not allow
unauthorized taps and that technology was making wildcat taps by
local officials harder. Which makes sense. If the taps are performed
digitally they should be easier to monitor at a management level.
It is a fair point that just because technology has changed the
nature of the game it should not mean that wiretaps cease to be
possible.
What is very odd however is the FBI request for $500 million. This is
a somewhat large quantity of money to say the least. The telephone
switches are programmable these days, it should be possible to
provide tapping at substantially less cost. Mind you the Federal
government is not known for tight cost control. The NSA reconned that
a DES cracker would cost substantially more than $1 million because
the system costs would be much higher than the component costs.
"And it would only be able to operate on one keystream at once", also
note "DES is used more for authenticity than for confidentialty by
banks". One reading, the NSA can get the info they need at less cost than
breaking DES because the financial feeds are using DES to provide
CBC residues for MACs rather than encryption. Anyway the NSA price
estimate was "two or more orders of magnitude more in cost". I dispute
that since we brought in the ZEUS trigger system at arround $40 million
five years ago and it is vastly more complex than a DES cracker, this
constitutes a system cost of about ten times the raw component cost.
there was considerably more component diversity and system copmplexity
than any cypher machine would need. The raw input bandwidth of
6 Terabytes/sec would chew up DEs keyspace very quickly (ie it
is equaivalent to exhausting a 40bit keyspace in a second).
If the NSA want a cheap DES cracker they have my number. I'll take 5%
ot the difference between the actual cost and $100 million (their
estimate of cost) as my fee.
Phill