[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(fwd) Technosys, Prosody, the "NSA", and some unfunny BS passed off as a joke



Path: netcom.com!netcomsv!decwrl!sdd.hp.com!math.ohio-state.edu!howland.reston.ans.net!noc.near.net!news.delphi.com!usenet
From: [email protected]
Newsgroups: talk.politics.crypto
Subject: Technosys, Prosody, the "NSA", and some unfunny BS passed off as a joke
Date: Mon, 22 Nov 93 11:50:11 EST
Organization: Delphi Internet
Lines: 132
Message-ID: <[email protected]>
NNTP-Posting-Host: delphi.com

 
Never Rub Another Man's Rhubarb
or, Why Social/Reverse Engineering is NOT Cool
by Keith Eluard, Technosys
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 
!	The Hoax
 
When I was planning to release Prosody and Mirrorshades, my text composition
programs, I was
expecting *some* backlash from governmental bodies because it would be possible
to transport
Prosody out of the US because I would send it via Internet. Fine. That was
expected and understood
when we were planning the whole shebang. With spin control, it could be good
advertising for us. "If
The Feds are scared of it, then it must be good..."
 
What we were NOT expecting was what happened: on 6 November 1993, our lawyer
received an
email from a person claiming to be "Jerome Marshall of the NSA" (National
Security Agency),
stating that all persons involved in the release of Prosody would be subject to
arrest and seizure of
property if all of our data and notes on the project were not turned over to
the "NSA". Two days
later, we received a physical letter on Department of Justice stationery
stating the same thing. A
confession: I'm not as Hip to the Clip as I should and so thought the NSA would
be under the DoJ.
We were advised by our lawyer (he wishes anonymity-i wish him my foot up his
butt) to comply.
And we were going to do just that until a fortuitous email from John Markoff
suggested that we
contact the NSA ourselves via the phonebook rather than the contact numbers
listed in the
correspondence.
 
It seems as if there is an ugly joke going on here, and I'm not amused by my
part in it.
 
The National Security Agency (informally and unofficially) claims that there is
no employee of the
NSA that should or would have contacted us, our lawyer, or anyone connected
with us about
Prosody, much less DEMAND OUR DATA. The contact we made at the NSA (I will not
reveal her
name as she cannot officially speak for the NSA) helped clear up some of the
confusion thrown in
our path:
 
	1.	The NSA is under the Department of Defense, not Justice.
	2.	Encryption is not illegal (NO SHIT)
	3.	My programs are not encryption, no matter what anyone says. They are not
based
on any accepted cryptographic method and do not pose any threat to anyone's
(in)security.
 
After discussing this with our new legal counsel, we have come to the
conclusion that this entire affair
was a practical joke in very bad taste or an attempt to steal the programs by
using the current
paranoia/hysteria that says ALL FEDS ARE BAD. Not that I saying they're good,
but they're not all
bad.
 
As I said before, I'm not amused...
 
@	What Will Happen
 
Our plan at Technosys is this: we will revise the code for Prosody and
Mirrorshades to completely
cripple the "encryption" factors and then release them as PD/shareware on the
internet. Meanwhile,
we will encourage everyone who we talk to as we float through c-space that they
join the EFF, or at
least find out their data rights on the Net. Also, we will work with any other
software developers out
there in on the Net to create a "Concerned Citizens Network" to help monitor
and prevent reverse
engineering/social engineering/outright theft of our programs. Eventually, we
will release a Natural
Language encryption program based on accepted RSA algorithms (ala PGP), but
only in physical
form (i.e. diskette) to prevent raising anyone's eyebrows.
 
All in all, about what we were going to do anyway...
 
#	What YOU Can Do
 
Lots of things. Join the EFF. Get involved with Computer Professionals for
Social Responsibility (if
applicable to you). Contact your system administration to find out exactly what
your data rights are
(a local college here in Indianapolis will NOT allow anything sent via PGP on
its host, for example).
Do some research on the things that concern you about the current
security/insecurity situation.
Write Mr. Bill & OzoneMan ([email protected],
[email protected]) about
what you find and aren't happy with. And above all, talk to other users you
know about what is
wrong and what you could do to fix it.
 
Then fix it.
 
$	RESOURCES FOR THE CONCERNED
 
Technosys:	[email protected] (K Eluard)
		[email protected] (K Boyle)
 
cert.sei.cmu.edu/pub
	-=-Computer/Internet Security info
 
[email protected]
	-=-address for the EFF
 
[email protected]
[email protected]
	-=-sorry, when I get an address for the real potentate, I'll put 	HER'S here
too
 
Thanx for your patience and attention.
Pax.
-=-Keith Eluard
*
"Lord, grant me the serenity to accept the things I cannot change, the courage
to try to change the
things I can, and the wisdom to hide the bodies of the people I had to kill
because they pissed me
off."
*