Path: netcom.com!netcomsv!decwrl!sdd.hp.com!math.ohio-state.edu!howland.reston.ans.net!noc.near.net!news.delphi.com!usenet From: KEITHWRITERS@delphi.com Newsgroups: talk.politics.crypto Subject: Technosys, Prosody, the "NSA", and some unfunny BS passed off as a joke Date: Mon, 22 Nov 93 11:50:11 EST Organization: Delphi Internet Lines: 132 Message-ID: <931122.42611.KEITHWRITERS@delphi.com> NNTP-Posting-Host: delphi.com Never Rub Another Man's Rhubarb or, Why Social/Reverse Engineering is NOT Cool by Keith Eluard, Technosys -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ! The Hoax When I was planning to release Prosody and Mirrorshades, my text composition programs, I was expecting *some* backlash from governmental bodies because it would be possible to transport Prosody out of the US because I would send it via Internet. Fine. That was expected and understood when we were planning the whole shebang. With spin control, it could be good advertising for us. "If The Feds are scared of it, then it must be good..." What we were NOT expecting was what happened: on 6 November 1993, our lawyer received an email from a person claiming to be "Jerome Marshall of the NSA" (National Security Agency), stating that all persons involved in the release of Prosody would be subject to arrest and seizure of property if all of our data and notes on the project were not turned over to the "NSA". Two days later, we received a physical letter on Department of Justice stationery stating the same thing. A confession: I'm not as Hip to the Clip as I should and so thought the NSA would be under the DoJ. We were advised by our lawyer (he wishes anonymity-i wish him my foot up his butt) to comply. And we were going to do just that until a fortuitous email from John Markoff suggested that we contact the NSA ourselves via the phonebook rather than the contact numbers listed in the correspondence. It seems as if there is an ugly joke going on here, and I'm not amused by my part in it. The National Security Agency (informally and unofficially) claims that there is no employee of the NSA that should or would have contacted us, our lawyer, or anyone connected with us about Prosody, much less DEMAND OUR DATA. The contact we made at the NSA (I will not reveal her name as she cannot officially speak for the NSA) helped clear up some of the confusion thrown in our path: 1. The NSA is under the Department of Defense, not Justice. 2. Encryption is not illegal (NO SHIT) 3. My programs are not encryption, no matter what anyone says. They are not based on any accepted cryptographic method and do not pose any threat to anyone's (in)security. After discussing this with our new legal counsel, we have come to the conclusion that this entire affair was a practical joke in very bad taste or an attempt to steal the programs by using the current paranoia/hysteria that says ALL FEDS ARE BAD. Not that I saying they're good, but they're not all bad. As I said before, I'm not amused... @ What Will Happen Our plan at Technosys is this: we will revise the code for Prosody and Mirrorshades to completely cripple the "encryption" factors and then release them as PD/shareware on the internet. Meanwhile, we will encourage everyone who we talk to as we float through c-space that they join the EFF, or at least find out their data rights on the Net. Also, we will work with any other software developers out there in on the Net to create a "Concerned Citizens Network" to help monitor and prevent reverse engineering/social engineering/outright theft of our programs. Eventually, we will release a Natural Language encryption program based on accepted RSA algorithms (ala PGP), but only in physical form (i.e. diskette) to prevent raising anyone's eyebrows. All in all, about what we were going to do anyway... # What YOU Can Do Lots of things. Join the EFF. Get involved with Computer Professionals for Social Responsibility (if applicable to you). Contact your system administration to find out exactly what your data rights are (a local college here in Indianapolis will NOT allow anything sent via PGP on its host, for example). Do some research on the things that concern you about the current security/insecurity situation. Write Mr. Bill & OzoneMan (president@whitehouse.gov, vice.president@whitehouse.gov) about what you find and aren't happy with. And above all, talk to other users you know about what is wrong and what you could do to fix it. Then fix it. $ RESOURCES FOR THE CONCERNED Technosys: limetwig@mindvox.phantom.com (K Eluard) keithwriters@delphi.com (K Boyle) cert.sei.cmu.edu/pub -=-Computer/Internet Security info info@eff.org -=-address for the EFF president@whitehouse.gov vice.president@whitehouse.gov -=-sorry, when I get an address for the real potentate, I'll put HER'S here too Thanx for your patience and attention. Pax. -=-Keith Eluard * "Lord, grant me the serenity to accept the things I cannot change, the courage to try to change the things I can, and the wisdom to hide the bodies of the people I had to kill because they pissed me off." *