[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The Crypto Home Shopping Network



>By "allow", I'm assuming that you mean "allow for export".

Technically, yes.

>Or, are you saying that they won't allow strong crypto in *domestic*
>next-generation cellular phones?

De facto, if not de jure. As has been the case for several years, the
NSA publicly maintains that it is not interested in controlling the
domestic use of strong cryptography. But the standards committee that
controls this stuff (the TIA TR45.0.A "Ad Hoc Authentication Group")
is made up largely of the technically incompetent and/or "spook
wannabees" sympathetic to the government.  With a single exception,
the members all represent cellular vendors and carriers, not end
users. The single exception is a NSA R&D employee legitimately
representing the US government as a potential end user of digital
cellular.

>What forms have the "incentives" or "disincentives" taken?

It is clear that without a strong, organized demand by the US public
as a whole for meaningful cell phone privacy, the cellular industry
has no real incentive to provide it. NSA only had to suggest very
quietly that the lack of meaningful cryptographic privacy would make
it much easier to export digital cellular technology, and the industry
quickly got the hint. After all, they were really only concerned about
cellular fraud in the first place (hence the use of "authentication"
in the group name) and they'll care about end-user privacy only if it
hits them in the bottom line. So far it hasn't.

Indeed, we're now starting to see protests and demands for real
privacy from some of our potential non-US customers; how we could ever
meet it under the ITARs is a good question.

Phil