re: "Men In Black Study" I think this is a really excellent project, for the main reason that the NSA lives and dies by a "nobody is noticing" modus operandii (relative congressmen, the public, companies, foreign governments, etc.). it is a sort of "security through obscurity" that can be defeated. this has been a topic that has long fascinated me. I suggest however that the scope of the survey be expanded to the FBI. there are reports the FBI visited Lotus a long time ago to ask them to put in a "back door" into their encryption software, because it was too strong. it seems to me this is very similar to the survey questions. also keep in mind that the NSA loves to use "front agencies" like NIST to do their dirty work. so it might be hard to detect an "NSA visit". however the NSA like all intelligence agencies is really brilliant in intimidation. I think one would find that these situations are going to go "unreported" because the NSA may be leaving the impression that "not following our suggestion" is one sin, but that "screaming about this in the public" is going to be another liability. that is the coercion tactics that they are legendary for, IMHO. "you must do this, but we can't tell you why. you can't ask anyone else about this, either". I suspect that the entire crypto industry has been sabotaged in a lot of subtle ways by the NSA doing this, and nobody is the wiser. I hope people realize that by not reporting this, you contribute to the problem, not the solution. as Thomas Paine said, roughly, "the power of tyranny lies solely in the fear of rebellion". a study on this would be very significant. (from what I understand, the NSA tried to do this with public key crypto, i.e. suppress it at the publication stage. a professor gave a lecture on this in one of my classes and said that it was even covered in the NYT at the time. unfortunately I lost the date. I believe it was a long time ago (maybe the 80's or even the 70's). hopefully someone else has an encyclopedic brain. in fact, we might be able to get Levy or Markoff to write on this subject if we can get any significant results. that would be *hot*. they could put a great spin on it, like "the netscape bugs are a problem, but an even more horrifying and unimaginable thing going on is..." if the NSA has visited Netscape, that's virtually an article right there!!
* Does the NSA really visit companies planning to include crypto modules and ask them to weaken or remove the crypto modules?
a rumor was floating around that they visited Mosaic designers.
* What pressures are brought to bear on companies to induce them to weaken crypto, even for domestic-only use, or to remove hooks?
probably just the insinuation that they may be liable. you know the lovely intimidation tactic, "what you are doing may have LIABILITY". of course everyone does all kinds of ridiculous things, because, after all, one might be LIABLE after doing them.
* Is there concrete evidence of these things?
it is in the NSA's interest to cover up any evidence, and furthermore to suggest that their program, if it exists, is totally ineffective. I think otherwise. I think it is prime dirty secret of the NSA and a major public relations liability that ought to be exploited to the utter, full extent by cypherpunks. [Blaze etc.]
They confirmed that such a panel _does_ exist, but that it is fairly ineffectual. Apparently many people publish without approval.
however it may be more effective with commercial companies worried about liability. sometimes the slightest whiff of liability sends a company screaming for cover and not touch an entire area with a ten foot pole. I wonder if cellular phone encryption in the US has been delayed for this reason.
NSA Actions: Visits on a regular basis by two NSA representatives ("always two"). Pressured them to drop plans for a strong domestic crypto module.
Source: Personally told to me by programmer at the company, 1995-10-14. He wishes the company not to be named.
unfortunately, whenever someone says, "don't name my company", it loses effectiveness. I would like to point out that people are directly contributing to their erosion of rights by this behavior that suggests that they doing something lawbreaking that they are ashamed of. well, good luck with the study. I'll do what I can to publicize it <g>