[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SAFE Forum--some comments




TCM

>And here I'll comment on Ken Bass's excellent comments [...]
>
>He pointed out that the driving force for crypto policy is probably the
>_law enforcement_ camp, not the _intelligence agency_ camp. And that the
>NSA is regretting the ITAR stuff, as it has sparked an "arms race" to
>develop stronger crypto. Bass noted that people now equate permission to
>export with weakness, and that had the U.S. not restricted exports, users
>probably would've been "fat, dumb, and happy" to keep using breakable
>crypto.

doesn't make sense to me at all. who was behind clipper? the NSA, not
the FBI.  the FBI is behind digital telephony, which involved
*wiretapping*, not key escrow.

actually I think that the NSA is trying to convince law enforcement
agencies that if they follow the NSA plan of crypto suppression &
key escrow that their job will be easier, that great instability results from
unfettered crypto. this fits into the way the NSA hates to be behind
any proposal themself, and need "cut outs" to do the lobbying for them.

I think at the core of it the NSA doesn't really care too much about
law enforcement issues like obtaining warrants and that kind of thing.
all the talk about warrant and subpoenas makes no sense from the point
of view of the NSA.  the NSA goals and the law enforcement goals
do not really seem to me to overlap much at all and that the whole
argument that they do has been a diversion.

this suggests an interesting way to turn the "pro-suppression" crowd
against itself. if the law enforcement arm can be convinced, as
many people are now advocating, that strong crypto actually makes
their job easier and the world information infrastructure less insecure,
they may eventually advocate unfettered crypto. then you have only
the NSA alone standing up and saying that they need the suppression
laws.

the concept that the NSA "regrets" ITAR laws sounds like an utter
fantasy to me. the ITAR has been around for decades. the NSA has
been continually *strengthening* the interpretations of the ITAR.
the ITAR is enforced largely through NSA *harassment* of companies
that are seen to be supposedly violating it. the NSA can stop sending
their "men in black" at any time. when the harassment stops, the
crypto would spread. no one is twisting the NSA's arm to reject
crypto exports in all the applications that are submitted. rather,
it is the NSA that is doing all the arm twisting.

the NSA has made radical interpretations of the ITAR in various 
situations:

1. they rule that mere *hooks* are illegal
2. they have told Microsoft that merely *signing* foreign crypto software
packages is illegal

so the more I think about it, the more I think Bass's comments
as reported by TCM are a pile of hooey. perhaps even disinformation.
the NSA has full power to stop their harassment campaign at any
time. it is possible that there are *elements* within the NSA that
regret the policy, but they clearly are not the ones involved in 
enforcing it.

what many people fail to mention is that today we may not even
have these horrible infoterrorist problems that the NSA and CIA
et. al. are screeching about lately if crypto had been allowed to
grow organically and unharassed.  in my view, the NSA is largely
*responsible* for the weakness in the information infrastructure
as it now stands because of their suppression of efforts to
implement strong security via crypto. this is the great hypocrisy
of it all.

frankly at times I think the whole key escrow
debate seems like a huge smokescreen or decoy just to get the public
to argue about something the NSA was never seriously contemplating
anyway. it's could be just a delaying tactic that is working quite 
spectacularly.  every conference of experts sounds the same and they all 
come to the same conclusion. meanwhile the ITAR is virtually unchanged within
the last 5 years.