[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GAK the Spooks not the Civilians



-----BEGIN PGP SIGNED MESSAGE-----

Message-Id:<[email protected][129.46.82.85]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: Level Seven Design
X-PGP-KeyID-Fprnt: 4AAF00E5 - 30D81F3484E6A83F  6EC8D7F0CAB3D265
X-PGP: http://www-swiss.ai.mit.edu/htbin/pks-extract-key.pl?op=get&search=lsd
X-Floppyright: (f)1995 LSD.com _ Unlicensed retransmission prohibited.
Date: Mon, 4 Dec 1995 04:40:07 -0800
To:  [email protected]
From:  Dave Del Torto <[email protected]>
Subject:  GAK the Spooks not the Civilians
Cc:  [email protected], [email protected]

#define GAK Government Access to Keys, aka "key escrow": a copy of the
secret half of your secret/public cryptographic key-pair, normally known
only to you, is held in a "vault" somewhere by your government in case they
decide they need to read your encrypted private email with/without your
knowledge.

Here's an argument in favor of a _limited_ GAK* system, and a timely
example of why I think it's necessary. As I see it, there are two main
varieties of GAK-mail:

  #1: GAK for Citizens' keys
  #2: GAK for Government employees' keys

I'm disregarding #1 right off as being totally unacceptable, but I favor a
form of #2 "...of, by and for the People" directed at the government itself
and monitored by the elected representatives of the Executive and
Legislative branches as perhaps being essential to Democracy's survival.
Where official business is concerned, some form of GAK could go a long way
toward preventing the majority of everyday abuses by subrosa forces in a
government. It might be useless to aim it at teflon-coated, black-budgeted
outfits like the CIA or NSA, but it could keep a lot of other officials
honest as they go about doing the everyday business of running OUR
government for us through email.

One of the main reasons that the TLAs are pushing so hard for GAK is the
Culture of Distrust they stew in. They choose it: they breed and feed upon
and among the very sorts of minds who become involved in covert activities:
spooks. A Spook Culture begets a Spook Attitude towards other spheres of
social interaction -- like secure email between PGP, Eudora and Netscape
users who just desire private communications. I think this Spook psychology
is unavoidable, but if they'd just stick to loosing their creations on
*themselves*, then fine.

I just learned from CBS's "60 Minutes" program, along with millions of
other Americans, about a disturbing event involving the Clinton
administration, the State Dept and the CIA. I say "alledgedly" to be fair
(after all, no indictments have been handed down...yet) but it looks
reasonably clear to me: the interview was with the main individual involved
and he was quite clear about what had happened. Even if it's untrue, it's a
roadmap for what could easily happen if back-channel operators are allowed
to run the government during those milliseconds when the people we elect to
do it turn their heads.

You may remember the incident not so long ago where a US naval vessel was
set to deploy a peace-keeping force of Marines in the capital city of Haiti
so that President-elect Aristide could later assume office (foreshadowing
IFOR). The USS Harlan County was within a few thousand meters of docking,
when a small riot developed on the quay (in full view of camera crews).
Clinton decided reluctantly to abandon the landing at the last minute.
There were apparently only 40 or so FRAP members involved, but there they
were on the US nightly news that evening (interesting, but another topic).
One "Mr. Toto Constant," a leader of the right-wing Haitian militia group
FRAP and reportedly a longtime CIA contact/operative, claimed in an
interview on the CBS report that he met with the CIA station chief in
Port-au-Prince BEFORE the scheduled landing and assured him that the
planned FRAP "media frenzy" on the docks was going to be peaceful, was to
be performed for the benefit of the cameras only and would be no threat to
US personnel whatsoever. The CIA refused to confirm these allegations, but
according to CBS, Warren Christopher later implied that Constant was
telling the truth about having dealt with the CIA in the past. Hmmm.

The plot thickens: this CIA station chief alledgedly then disinformed
President Clinton, the Secretary of State Christopher and the cabinet (and
one assumes the Congressional overseers as well) about Mr. Constant's
assurances that there was no danger to the US Marines. Because he was
unaware of the lack of a real threat and because he was also misinformed by
the CIA that there might in fact be a threat, Clinton's hand was forced by
popular fears and media speculation about another "Somalia" scenario, and
he made the difficult decision not to land the troops. The domestic result
was cries of "cowardice" from conservatives and frustration among US
voters. Does this smack of Watergate-style dirty tricks to anyone besides
me? Rogue elements in the CIA manipulate intelligence information, provide
the President of the US (up for re-election) with faulty information,
advise him to make an embarrassing foreign policy decision in contradiction
to information they possess and then conservatives in the US Congress and
Republican party accuse him of being soft and unable to show leadership.
And people suggest Fred Cohen is overdoing his caffein intake? Pour me a
cup, Fred. These are the same guys suggesting they'll hang on to a copy of
my secret key. Yeah, sure.

The riots quickly evolved into murder squads consisting of Haitian military
units and former Ton-Ton Macoutes who purged the Aristide supporters among
their fellow Haitians until Clinton sent Jimmy Carter down, followed
closely by the Marines. The resulting genocidal catastrophe was an
atrocity, a blow against Caribbean stability and a major embarrassment to
the Clinton administration. Meanwhile, the CIA (and maybe Army and Navy
Intelligence) quietly raided a Haitian facility and "confiscated" 150,000
items of evidence, which they still refuse to turn over to Aristide, even
though it reportedly contains info on the CIA's contacts within FRAP, the
group still trying to destabilize his government. To add insult to injury,
the US still insists Aristide step down in February 1996, years short of a
full term, if you count the time he spent in forced exile after his
original election while the Haitian elite stripped the paintings off the
walls and headed for Switzerland. It's hard to blame Aristide for being a
bit upset about under these circumstances, but he made his bargain with the
You-know-what...

Besides the Haitians who died in the subsequent political violence, and the
blow to the stability of the developing Haitian democracy and US foreign
policy, this incident, even if it only has roots in the truth, is a
troubling indication that "shadow governments" operating inside and behind
the elected US governement have a profound effect on our lives. After all,
it's CIA intelligence that supposedly tells us when it's safe to drive the
1st Armoured's A-1's down to Sarajevo, right? It also brings up some other
interesting questions:

+ Did CIA take the same guy they had in Haiti and rotate him to Bosnia to
   lunch with Karadzic?
+ Information is power: do the intelligence services of our government
   wield it _at_ their own Executive branch "handlers?"
+ In this climate, are CIA and related intelligence branches having an
   impact on the specifications (eg. Fortezza) for methods and systems
   that could exert controls over the information we as citizens can
   keep private -- solely for purposes of self-preservation?

If the Executive branch's policy initiatives (whether we like them or not)
are at the mercy of forces WITHIN it, how can they possibly hope to store
our escrowed keys safely, much less guarantee a US democracy? Who is it in
the White House that keeps an eye on the message traffic of this CIA
station chief? Who keeps a copy of HIS secret key escrowed and who vets the
intelligence he generates before it ends up at cabinet-level
decision-making meetings where US troop movements are decided? Just who the
heck is running this country? Sure, Clinton and Gore want a national crypto
policy: given what their own dogs may be doo-ing it's not that hard to
understand, but hey, watch where yer pointin' that GAK there, Bubba.

Granted, the more crypto-savvy ophidians in the intelligence services are
bound to find other methods for passing such conspiratorial information if
they are prone to that, but how many bottom-feeders in our government are
trying little maneuvers of this nature through "normal" channels - and how
much of _that_ type of activity should be actively monitored (and who
polices _those_ police)? Maybe we need to take a closer look as a nation at
implementing a better GAK system for the State Department and the
Intelligence branches.

BTW, the CBS reporters at "60 Minutes" (Ed Bradley, et alia) received a
faxed CIA statement while preparing their report, stating that "...the CIA
collects and analyzes intelligence, it does not formulate policy..." and
that any implication that they manipulated intelligence regarding the
Hatian incident "is false." Excuse me while I clear my throat.

So, make those GAK versions for the feds, Netscape, but be sure you make
the rest of us a vanilla version. I don't need to send my mail from
Netscape: I'll stick with an untampered PGP for now. Clinton should require
GAK for govt employees doing official business only: if they go home, boot
up a non-GAKed system and start sending mail to their spook peers, their
traffic should be monitored and they should be hauled up in front of
Congress. Hey, couldn't be all bad, right? Later, they can write a book
about their experiences, and maybe run for public office like Ollie North.
;)

   dave


____________________________________________________________________________
"I mixed this myself. (holds up glass of water) Two parts "H," one part "O."
 I don't trust _anybody_!"                                  --Steven Wright




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Verbum sapienti satis est.

iQCVAwUBMMLsQKHBOF9KrwDlAQEgYQP+ITWALlvdS68sdkydQwG/DMgJ1CSI01wX
X1U3yWG6txLykUppFPP3hs476KqHLpoeL1tCscj2QRCqYY1sz4NoZ3ZEkJXcMP1Y
6Qt/KpHr/AXTDSDQD7QIFIYzZ4S+69hXiMV7mSK76nRLkbke8REA+k15w03atN+R
2l/vGhu4mzo=
=DeD3
-----END PGP SIGNATURE-----