Re: [LEGAL] Crypto as Contraband?

[Dave Emery <die@die.com>]

On Sun, Mar 08, 1998 at 01:55:29PM -0500, Vin McLellan wrote:
> 
> 	Whoever at NSA decided that the US national security interests in
> crippled-crypto products, such as it is, could be sustained by such a
> mechanism obvously never heard of the 2600 tone, once the biggest secret of
> the telephone companies. And those who ignore the past, etc., etc....

	As someone who was alive and curious back then (mid 60's), I'd
take issue with this.  I found plenty of technical papers in the Bell
System Technical Journal proudly describing so called SF E&M signalling
(which uses 2600 hz) in great detail, along with MFKP  (blue box tones)
and the whole signalling and switching architecture of the (then) Bell
system. They were proud of what they had developed and quite willing to
share it with the technical community - it was no dark secret at all. 
There was even a technical paper that described in detail a bizzare two
frequency one transistor oscillator that allowed them to build what was
essentially a blue box into a operator console keypad.

	The problem was that nobody outside of a few insider engineers
with devious twisted hacker style imaginations  and the spook agency
types had ever asked what might happen if you sent these in-band tones
down the line from a subscriber telephone at just the right (or wrong)
moments, and what it might be possible to do with this knowlage.  
Nobody else knew or cared to find out what might happen if...

	It is a sad day for US national security if people entrusted
with protecting it don't think about how to defeat the protections they
put in place because they are linear thinkers hobbled by the idea that
everyone will do only the most obvious things.  But I really think that
they perfectly well know that current software can be easily patched to
defeat controls, and that there is little they can do  about it.  Nor is
the threat from software patches to Netscape really likely to endanger
much, since there is already a lot of software like PGP available that
is already strong.  In fact I rather suspect that they are quite happy
to see that patch in ciculation since it substantially bolsters their
long held insistance that all crypto be implemented in tamperproof
hardware chips and not software.

	What scares me, as I have said before on this list, is what
happens when future tamperproof Intel CPUs acquire the ability to run
encrypted code decrypted inside the processor and all copies of Windows
2001 are completely unpatchable and opaque (without breaking the crypto)
and nicely jiggered to enforce rules about what programs are allowed to
do what or even run at all.  

-- 
	Dave Emery N1PRE,  die@die.com  DIE Consulting, Weston, Mass. 
PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2  5D 27 BD B0 24 88 C3 18