[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ELINT easier than HUMINT

(I've deleted the other list that was cc:ed here....)

At 4:03 AM 8/17/95, Chuck McManis wrote:

>This is the problem of using "physical" world analogies with the network.
>A similar argument that is posited is that "Sure its not 100% secure but
>its better than the carbons from a receipt (now gone) or people who
>don't shred their garbage." I respond that the network isn't the "real"
>world so the laws of physics don't apply. Someone in Boston MA is unlikely
>to fly into Sunnyvale to paw through my garbage, but it would be "trivial"
>for them to see my receipt go flashing by can throw some spare compute
>cycles at breaking it. A snooper/cracker program on a "spare" machine
>might yield a half dozen credit cards a week.

I agree. This has direct parallels to "physical eavesdropping" vs.
"electronic eavesdropping." After all, one might argue, why bother with
encrypting phone conversations when a physical bug could pick up the audio?

As Whit Diffie has noted, the difference is one of ease of use. It is hard
to plant physical bugs...and expensive, prone to error, etc. It would also
be pretty obvious, eventually, if every office in a building were
physically bugged, but it would be almost undetectable if the Northern
Telecom PBX box in the basement was being tapped on the way out. Crypto
with back doors is even easier for the wiretapper.

Electronic surveillance and related technologies (packet sniffers are a
form of surveillance) are cheap by comparison to physical surveillance. And
the concentration of communication lines and systems makes ELINT and COMINT
much cheaper _per target_ than HUMINT.

Now I don't personally worry too much at this time about giving my VISA
number over the phone, or even over the Net...I can always deny making an
authorization and the CC companies will not charge me (assuming the goods
ordered were not also shipped to my address).

But the future lies with protecting electronic transactions against
surveillance. The breaking of SSL in Netscape is not terribly important in
and of itself, given the government-imposed limits on key size, and given
the sorts of things now being encrypted (like VISA numbers). It gets more
important as the types of things encrypted become more serious.

At least now we know how people were "vanished" in that recent movie.

--Tim May

Timothy C. May            | Crypto Anarchy: encryption, digital money,
[email protected] (Got net?)  | anonymous networks, digital pseudonyms, zero
408-728-0152              | knowledge, reputations, information markets,
Corralitos, CA            | black markets, collapse of governments.
Higher Power: 2^756839    | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."