Saturday 2/28/98 7:22 PM
Tim May
Just saw your stuff at jya.com.
Got in the mail today
Volume 9, Number 4, 1997
MILITARY PSYCHOLOGY
The Official Journal of the
Division of Military Psychology
American Psychological Association
Special Issue: Effects of Chemical Protective
Clothing of Military Performance
Guest Editors: Gerald P. Krueger and
Louis E. Banderet
I�ll transcribe some of the text.
The US government drugs soldiers before they go into battle.
Trust me.
Banderet was ANOTHER of my Ph. D. students.
Later
bill
Title: HP Crypto Export
28 February 1998
Date: Sat, 28 Feb 1998 14:18:22 -0500 To: [email protected] From: Michael Elder <[email protected]> Subject: HP Crypto Export >From the NY Times online (www.nytmes.com) February 28, 1998 Hewlett-Packard Granted License For Encryption System By Peter Wayner The Commerce Department has granted Hewlett-Packard an export license for its VerSecure encryption architecture allowing the company and its licensees to export strong encryption tools, the company announced Friday. The catch is that the products must take their orders from a central computer system that will dictate how all the products will behave in each country. The company hopes that the solution would break the deadlock between the Clinton Administration, which continues to restrict the export of secure computer technology throughout the world, and the computer industry, which contends that foreigners are not interested in buying products that don't protect their secrets. The new solution effectively disconnects the problem of distributing encryption technology from the process of determining the policy for government access to information. The heart is a new class of trusted hardware cards and chips that take their orders from a central company known as a Security Domain Authority or SDA. In countries, like France, that require people to keep a record of keys for unlocking data, the SDA would only allow the computers to encrypt information if it complied with the laws. In countries with no laws about encryption usage like the United States, Germany and Great Britain, the SDA would allow users to encrypt in whatever manner they choose. Hewlett-Packard sees the solution as a win for the industry, which will be able to build one set of hardware and software that can be shipped throughout the world. The SDA's will set the local rules because the computers will not encrypt information without first getting permission from the SDA. Doug McGowan, one of the director of Hewlett-Packard's efforts, said in a telephone interview, "Never before has a general purpose cryptography tool been exportable from the United States, with or without key recovery. We're opening a huge market for American industry to enable commerce on a worldwide basis." The price for this flexibility is the need for specialized hardware that treats the SDA as its master. In an ordinary computer, the owner can control all aspects of what the computer does. This extra hardware will raise the price of machines and is bound to be more expensive than software which can be distributed at minimal cost. Feisal Mosleh, a business development manager at Hewlett-Packard, pointed out that specialized hardware can offer faster performance and more security. "It is very hardware-specific with the flexibility of software and that gives us a lot of strength in terms of tamper resistance" he said in a phone interview. Many security experts continue to point out that general-use microcomputers and their operating systems are dangerously insecure. In one recent attack, hackers were able to begin transfers from a bank account by manipulating accounting software. Off-loading the process to specialized hardware makes it simpler to ensure that the system is secure because the special hardware has only one job. Hewlett-Packard says that it is licensing the architecture to a number of different computer vendors and announced that IBM, Motorola, CertCo, Trusted Information System, Microsoft and RSA Data Securities had already signed licenses. The vendors will be free to choose how they implement the special computer hardware, but most will probably use firmware with an embedded microprocessor. The initial version will reportedly include DES, triple DES, RSA, RC2, RC4 and Diffie Hellman algorithms. Each of these solutions can be sped up by specialized hardware, but only a general microprocessor can handle all of them with equal agility. The specialized hardware will also be tamper-proof to prevent people from circumventing the commands of the SDA. When an encryption card is first started up, it cannot begin working until it has received instructions from an SDA in its country. This information is contained in a "policy token." Joe Beyers, general manager of Hewlett-Packard's Internet Software business unit, explained, "The token says, 'You can use this amount of key, this amount of strength for this amount of time.'" Beyers went on to say, "The aspect of time allows the government to evolve their policy. Time limits are one of the attributes that made it attractive to the U.S. government." It would be possible for a government to change policy with the system from time to time, perhaps forcing citizens to use long keys in time of war to protect themselves and then relaxing the policy after peace emerged. In the current plan, policy tokens would be good for one year, forcing computers to re-register with an SDA in order to keep working. The SDA would have no control of a token after it was issued and would only be able to change policies at the renewal. The relationship between the SDA and the key recovery program is more difficult to describe. The SDA would not keep any records of any keys that would allow the police to eavesdrop on calls. But the policy tokens would force the embedded hardware to obey the local laws that might include key recovery. The FBI has asked Congress to mandate key recovery systems that give it clear access to all communications. The yearly interrogation between the SDA and the individual computers does not mean that the system will be foolproof. Someone could simply carry a laptop from a country that allows personal privacy to a country with more invasive laws and use it freely until the policy token runs out. Also, it may be possible to spoof the token authorization procedure by pretending that the request came from one country instead of another. Some critics found the use of special hardware to be problematic. Jim Lucier, a policy analyst for the Americans for Tax Reform, a Republican think tank, pointed out that specialized hardware was ignored by the marketplace in the past. "None of it ever works" he said, "because the more obvious solution, which is end-to-end encryption, is already there." Lucier also pointed out that specialized hardware is more complicated to engineer and much more expensive to distribute than software. "Atoms cost more than bits, it just comes down to that," he said. In a press conference Friday morning, Beyers promised that the new hardware was "months, not years away" and also promised that the hardware costs would be as low as possible. Marc Rotenberg, director of the Electronic Privacy Information Center, suggested that replacing the current export control bureaucracy with a network of SDA's was not a significant advance. "Government efforts to regulate crypto will only slow the development of commerce," he said. In fact, the decision by the United States government to grant a license to Hewlett-Packard's architecture is far from liberating. Companies making VerSecure products can only ship them to countries approved by the United States government, a list which at this time is limited to the United Kingdom, Germany, France, Denmark and Australia. More countries will become open if and when they create an SDA infrastructure that is acceptable to the United States. Hewlett-Packard has gone to great lengths to prevent rogue nations from setting up their own unauthorized SDA's by cloning hardware. The infrastructure uses CertCo's secure certificate servers to restrict the ability to create the software necessary to build the tokens. Beyers says that no one person at Hewlett-Packard has the ability to do this in order to reduce the potential for corruption and theft. Hewlett-Packard is also working heavily with foreign countries to assure them that the system does not include back doors that might be accessible by the United States government. Beyers said that the company had retained an international group of cryptographic experts to vet the system and allay any fears of hidden back doors. A press release from Hewlett-Packard quoted William A. Reinsch, undersecretary of commerce, as saying, "We are pleased to support HP's effort to develop and market encryption products that encourage the use of key recovery in providing robust, secure encryption. This approval and our ongoing dialogue with the industry are consistent with the Clinton Administration's goal of allowing the market to develop recoverable encryption products." Peter Wayner at [email protected] welcomes your comments and suggestions. Copyright 1998 The New York Times CompanyTitle: Untitled Document
Date: Sat, 28 Feb 1998 12:08:30 -0800 To: Michael Elder <[email protected]>, [email protected] From: Tim May <[email protected]> Subject: Re: HP Crypto Export At 11:18 AM -0800 2/28/98, Michael Elder wrote: >>From the NY Times online (www.nytmes.com) >Hewlett-Packard Granted License >For Encryption System > >By PETER WAYNER >known as a Security Domain Authority or SDA. In countries, like France, >that require people to keep a record of keys for unlocking data, the SDA >would only allow the computers to encrypt information if it complied with >the laws. In countries with no laws about encryption usage like the United >States, Germany and Great Britain, the SDA would allow users to encrypt in >whatever manner they choose. Until, of course, the U.S. changes its policy. A constant danger with any of these "solutions" is that they make later imposition of controls so much easier. Consider the implications of widespread deployment of the HP-type system (which, BTW, I don't think will happen in the U.S., or elsewhere). A simple change in the law and all new tokens (and they must be renewed yearly, so says HP) will implement the new law. The camel's nose in the tent strategy. The HP/IBM product is perniciously evil and should be fought with all technical and memetic means. --Tim May Just Say No to "Big Brother Inside" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^3,021,377 | black markets, collapse of governments.
Friday February 27, 1998 3:15 PM
By e-mail and US mail
Lieutenant General Kenneth A Minihan, USAF
Director, National Security Agency
National Security Agency
9800 Savage Road
Fort George G. Meade, MD 20755-6000
Dear General Minihan:
Purposes of the letter are to
1 request information under the Freedom of Information Act
2 explore settlement possibilities of our current lawsuit.
In about 1986 Sandia National Laboratories assigned me the
task of design and construction of a Comprehensive Test Ban
Treaty seismic data authenticator.
In the initial stages of the project, Sandia cryptographer
Gustavus Simmons attempted to convince both Sandia
management and NSA employees Tom White, Mark Unkenholtz,
and Ed Georgio that a form of public key authentication should
replace NSA employee Ronald Benincasa's National Seismic
Station/Unmaned Seismic Observatory 11-bit data authentication
algorithm.
My Sandia supervisor John Holovka and project leader H B [Jim]
Durham ordered me to write a paper explaining public key
cryptography.
This paper, RSA ENCRYPTION, along with my SAND report
describing my implementation of Benincasa's algorithm and
filings in our lawsuit, now appear on Internet at
http://www.jya.com/index.htm, click CRYPTOME, then OpEd,
then http://www.jya.com/whprsa.htm.
Sandia explored the merits of switching from Benincasa's
algorithm to a public key-based authentication method suggested
by Simmons.
For Sandia's evaluation of the merits of public key, electronic tagging,
and Bureau of Engraving and Printing projects , I bought for Sandia
samples both the Cylink CY1024 and AT&T A & B two chip sets for
modulo m arithmetic computations.
NSA employee Tom White sent me a copy of the SECRET classified
NSA report on IBM's hardware public key chip FIREFLY.
I wrote in my tutorial paper
RSA hardware computations
The slow speed of software RSA computations plus the potential
wide use prompted several companies to build chips which compute
modular arithmetic to at least several hundred bits. Most of
these chips "cascade" to compute with a larger number of bits.
Corporations involved in building these chips are
1 IBM Firefly
2 AT&T
3 Motorola (apparently a three chip set)
4 Cylink Pittway-First alert
5 Sandia Labs (Algorithm M and predecessor chip)
Details of the IBM chip is classified. AT&T as of July 1987 has
not released details of their chip. Little information is
available on the Motorola chip set.
The Cylink chip is commercially available. Its price dropped
from $1,500 to $600 each in June 1987. Data is transferred to
and from the chip with serial shift register communication.
The early Sandia chip was limited in speed. The replacement
chip is cascadeable, communicates with 8 or 16 bits parallel,
matches the speed of the Cylink chip, but is not out of
fabrication.
Rumors circulate that there is about an order of magnitude
performance difference between some of these chips.
These hardware chips improve exponentiation speed about 3 orders
of magnitude over software implementation benchmarked on an Intel
8086 family microcomputer.
Whitfield Diffie writes about both the Cylink and Sandia chips. And
is quoted at http://www.aci.net/kalliste/nukearse.htm.
Sandia had terrible luck with its public key chips.
I reported SOME of the troubles to Electronic Engineering Times editor
Loring Wirbel [http://techweb.cmp.com/eet/823/] on March 23, 1994.
Dr. John Wisniewski was a supervisor at Sandia's Center for
Radiation-hardened Microelectronics. Wisniewski was a graduate
student at Washington State University in about 1975. I was a
professor at WSU.
Wisniewski knows all about the failing Sandia chips in the nuclear
arsenal. I took notes on February 13, 1993. Wisniewski reviewed
the problems again for me.
1 No quality initiative. Each chip lot had a different
process.
2 Overall yield - 40-50%. Down to 10% after packaging.
3 Metalization problems. No planarization. No flow of
glass. Couldn't use high temperature. Step coverage
problems. Layed down over tension. 100% field returns
over several years.
4 Sandia would store lots of parts for replacements.
Sandia management made the decision to place low yield parts in
the nuclear arsenal. Sandia must meet DOD schedules management
reasoned. Hundreds of millions spent on CRM. Sandia must show
productivity.
Wisniewski told me that low yield chip test survivors are those
whichthe tests failed to detect failures. Wisniewski will talk.
503-625-6408. Wisniewski now works for Intel in Oregon. Have
Wisniewski tell you about the fire in the CRM clean room!
Sandia supervisor Jerry Allen later told me it cost $300,000 each to remove
Sandia's failing chips at Pantex from a nuclear bomb.
NSA apparently is biased toward hardware implementations of cryptographic
and authentication algorithms. As opposed to software implementation.
NSA representatives and Sandia management decided not to use a public
key authentication scheme for its CTBT seismic data authenticator because
of all of the problems with implementing public key algorithms.
But NSA surely has spent MUCH MONEY on public key chip implementations.
NSA is promoting its Clipper crypto chips as described at
http://cpsr.org/dox/clipper.html.
And we get some information about technical specifications of NSA's Clipper
chip at http://www.us.net/softwar/http://www.us.net/softwar/clip.html
Clipper Chip Information
MYK-78 CLIPPER CHIP ENCRYPTION/DECRYPTION ON A CHIP
1 micron double level metal CMOS technology
0.35 watts power
28 pin plastic leaded chip carrier (PLCC) package
Transistor to transistor logic (TTL) interface
Chip ID, family key and device unique key are installed at
programming.
Chip ID, family key and device unique key are installed at programming
facility and are completely transparent to the user.
Therefore, Under the provision of the Freedom of Information Act,
5 USC 552, I am requesting access to:
1 Copies of all invoices from
A AT&T
B Motorola
C IBM
D Sandia National Laboratories
to NSA for payments for developing ANY public key-related chips between
January 1, 1980 and February 27, 1998.
2 Copies of all invoices to NSA from ANY corporation involved in
development
of ANY Clipper chip-related hardware between January 1, 1980 and
February 27, 1998.
The public has a right to know how much NSA spent on TRYING monoploize the
crypto business.
If there are any fees for searching for, or copying, the records I have
requested, please inform me before you fill the request.
As you know, the Act permits you to reduce or waive the fees when the
release of the information is considered as "primarily benefiting the
public."
I believe that this requests fits that category and I therefore ask that
you waive any fees.
If all or any part of this request is denied, please cite the specific
exemption(s) which you think justifies your refusal to release the information and inform me of your agency's administrative appeal procedures available to me under the law.
I would appreciate your handling this request as quickly as possible, and I
look forward to hearing from you within 20 working days, as the law stipulates.
With respect to our current FOIA lawsuit, I feel that we should settle this
unfortunate matter.
I see from your biography at http://www.nsa.gov:8080/ and
http://www.nsa.gov:8080/dirnsa/dirnsa.html that you are
1979 Distinguished Graduate
Master of Arts degree in National Security Affairs
Naval Postgraduate School
Monterey, California
One of my former M.S. and Ph.D students in Computer Science,
Ted Lewis, is currently the chairman of Computer Science at
Naval Postgraduate School [http://www.friction-free-economy.com/].
Small world.
But I think that this emphasizes that WE SHOULD all be on the same side.
Not engaged in a conflict in US federal court. Or on Internet.
NSA attempts to withhold requested information are possibly unwise.
In our wired world the aggrieved know what happened to them.
[http://www.aci.net/kalliste/speccoll.htm]. http://www.wpiran.org/,
http://www.netlink.co.uk/users/impact/namir/namirm.html
And moderates in Iran, [http://persia.org/khatami/biography.html], appear
want settlement too.
My family and I have been damaged by these crypto wars.
I ask you that consider fair settlement of damages caused by the National
Security Agency.
I cannot find your e-mail address on Internet.
Therefore I will forward the e-mail copy of this FOIA/settlement letter to
Ray Kammer of NIST [http://www.nist.gov/], who along with the FBI
[http://www.fbi.gov/, http://www.fbi.gov/fo/nyfo/nytwa.htmand], and NSA
are trying to control the crypto business so that Kammer can possibly
forward an e-mail copy of the FOIA/Settlement letter to you.
Sincerely,
bill
William Payne
13015 Calle de Sandias
Albuquerque, NM 87111
505-292-7037 [I am not reading e-mail]