A couple of posters have talked about "drift net fishing" of communications, where random stuff is sampled and intelligence items gleaned. (I think it was Ernest Hua who cited the example in a Tom Clancy book/movie.) Perhaps, but let's go back to the discussions at the EPIC "SAFE" conference in Palo Alto several months ago. Some convincing evidence was presented that the moving force behind GAK is *not* the NSA, but is rather the *FBI*. Specifically, even 40-bit keys are probably too long for massive "drift net fishing," in that the cost per break is probably still too high. The cost for a "focussed attack" (I can't think of a fishing parallel...maybe "spear fishing"?) is of course low. The speaker at SAFE pointed out that the FBI is pushing for the 40-bit keys (and now is accepting the 56-bit keys?) because for focussed attacks, e.g., on the communications of a person under observation, they can call on other agencies to break the ciphers for them (even if they don't yet have their own such machines). In a nutshell, almost any level of encryption above, say, 30something bits, is too much when millions of messages per day are to be "drift-netted" is too much. (The exact number that is "too much" depends on a lot of factors, including the cost of the cipher-breaking machines, the number of messages to be read per day, etc. This number will change with time.) The FBI's interest may be changing, too. Their lead role in the TWA 800 investigation may have them sorely wanting "drift net" capabilities, as all other leads are exhausted. If we see more of these sorts of terrorist (maybe) incidents, it may be that more "drift net" capabilities are sought. A note on _contact analysis_. One thing the FBI probably wants badly are databases of who has travelled where, and when, for correlation analysis. Note that the crackdown on "valid IDs" for travel, for airlines, helps in this regard. I would not be surprised to learn that the airline databases are routinely fed to the Feds, so to speak. (Possibly via the FAA, acting as a kind of cutout.) Were I the head of the FBI, this is what I would want. The next step will be collecting hotel reservation databases. (Unlike the case with the FAA and the airlines, I don't know what kind of authority would grant them access to private hotel databases, but I expect they are working to find such authority somewhere. Maybe the infinitely malleable "regulation of commerce" clause, even if hotel stays are canonically _not_ interstate trade!) (They already got access to the credit card databases, decades ago, of course.) --Tim May "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM that the National Security Agency would try to twist their technology." [NYT, 1996-10-02] We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."