[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NSA says Joe Sixpack won't buy crypto




> [email protected] (reporting on R. H. Morris' talk at Crypto '95):

> >- By the middle to late 1960's cryptanalysis became less cost effective
> >  than obtaining the information by other means -- wiretaps and so on.

> "Vladimir Z. Nuri" <[email protected]> writes:
> but for some reason, the NSA keeps humming along...? perhaps 
> confirming the rule that bureacracies, like bores at parties,
> persist long after they are relevant?

Evidently they have plenty of other sources to deal with... their SIGINT
charter is to read traffic, not necessarily to decrypt traffic.  It does
seem excessive, though, and it will seem even more excessive once more
traffic is encrypted with strong systems and plaintext begins to disappear
from the airwaves and wires.  It bothers me that the gov't appears to
be redefining the role of the intelligence community to be economic spying
rather than the military spying that was (I think) justified during the
Cold War.  Rather than finding ways to justify and maintain current budgets
and bureaucracies, why not just cough up the peace dividend?

> >In the future there will be more radio used for ordinary communications.
> >Americans are unwilling to pay for secure telephones, but that's not the
> >case in Europe.

> I object to this highly. the NSA has very little credible understanding
> of market forces, IMHO. they are a government agency. they do not
...
> as for the market viability of cryptographic phones, I think this
> is duplicity ranging on utter lying that "the US public is not 
> willing to pay for secure phones". this is precisely the baseless

I misstated his point to some extent here.  He was contrasting current
buying practices in the U.S. and in Europe, not predicting the future (i.e.
not exactly what I said above).  In particular, he mentioned GSM in Europe
and its success... of course, that doesn't count as strong encryption with
the keys evidently being no better than 40 bits worth, but it's a lot
better than calling in the clear from your cellular phone.  He indicated
that Europe has embraced GSM and the US has not (yet) embraced anything
equivalent (about which more below).

>                                           Clipper, the closest the
> agency has come to creeping out of the darkness of their coffin,
> was a total fiasco.

Clipper wasn't a fiasco from the gov't's point of view if you look at what
it prevented rather than what it achieved.  By now the DES-based AT&T
encryption box might be the US standard if the Gov't hadn't intervened by
"incentivizing" them around the time of the Clipper roll-out.  It was
ready to go and was already in production when Clipper got rushed up.  As
it is there is now no standard and most traffic is still in clear.  If
this doesn't reflect a credible and <practical> understanding of how the
market works, what would?  Of course this one can't completely be laid at
NSA's door, but it's convenient to think of them as the fount of US crypto
policy decisions.

>              you see, there is far more to be gained from widespread
> encryption than is to be lost from it.

Agreed.

	Jim Gillogly
	Trewesday, 13 Halimath S.R. 1995, 01:26