"Pat Farrell" <pfarrell@cs.gmu.edu>
The "government" as a whole is not against crypto. The NSA is _very strongly_ against it. There are 60,000 or more bureaucrats in NSA that would be effectively put out of work by widespread strong crypto. All the $17 Billion that they use on signal intercepts would go to competing approachs (satelite recon, spys in the field, etc.) that are controlled by other agencies. Why? because signal intellegence is so easy now that it is extremely cheap and cost effective. Widespread strong crypto will not make evesdropping impossible, but it will make it _very_ expensive in time and money, and thus make it much less attractive.
Hey cypherpunks, I recognize that it is critical to balance our criticisms with proposals for improvement. For example, in an earlier list of chief criticisms on Clipper I also brought up the point that a cryptographic standard developed under an impartial standards-creation process would be acceptable. Hence, let's get this into the collective psyche: NSA is definitely extremely endangered in the `signal interception' role. However, just to prove that we're not totally out to get all those black spooks, I propose that we emphasize that the NSA pursue a different role that they are in an immensely beneficial position to undertake: *promoting* cryptography use among the public and in government. Don't laugh! A very major part of NSA is dedicated to maintaining and developing the codes and machines that the rest of the military uses. The dichotomy in the two aspects of the organization was apparent with e.g. Kahn's speculation on the development of DES (make it stronger! say the makers. make it weaker! say the breakers). If we gently or jarringly prod NSA into more of the `making' instead of the `breaking' role, that would be a way of not overly offending too many bureacrats by giving them the sacred escape hatch. So: don't advocate completely dismantling the NSA. (That may happen, but if it does it will happen on its own without any encouragement.) Instead, say that in the Post Cold War era they are better suited to shift into the code*making* arena instead of the overlong insistence of the code*breaking* domination. Gosh, think of all those lonely NSA geniuses who have secure schemes but are being overruled. Imagine what this expertise could do for commercial cryptography and American technological competitiveness/supremacy if they were allowed to say `your algorithm is weak because' and not `---[CENSORED-CONFIDENTIAL-INFORMATION]---'. We have to paint ourselves as moderates before we can shine as extremists. Also, let me remind everyone to COUNTER the arguments that we now need a vast framework of intelligence gathering on `commercial espionage' -- I'm not denying that it is a problem or even an increasingly significant one, but this is *not* the role for government. That's why the word `commercial' is in there! Government involvement here will do nothing but restrain and restrict the mobility of companies involved; they have plenty of opportunities to hire deft independent consultants but a large bureacracy can do nothing for them but endanger them. * * * Satellite Torque By the way, I've been reading a lot about how satellite intelligence data is starting to get freed up based on pressure by companies such as Martin Marietta, who would like to sell the lucrative information (surprise, other countries already are and since we aren't allowed to we're dying in an important market we could potentially dominate). There is a great deal of classified satellite surveillance data out there and the fact that some of it might be on the way to being unchained is highly encouraging for the overall Cypherpunk cause. Just a little sunshine disinfectant leaking through, eh? Opening up satellite data is a way of putting more pressure on NSA, which, from what I understand, devotes a great deal of staff toward interpreting it. Or maybe that's another intelligence agency. Either way, it's a valuable wedge and torque we need to pry loose some major obstacles. If anybody is in a position to facilitate the release or dissemination of this data, go for it! * * * NSA: a big bureacracy or a bunch of bureacrats? Someone brought up the point that NSA is really just a whole lot of disconnected bureacrats who are really more interested in saving their own careers than any selfless motive such as promoting the stability of any overall government agency. This of course has relative accuracy, but either way we should try to use it as leverage against Clipper and the NSA cryptography-regulation role. I'd say the first step is to get in contact with whoever makes these policies or is involved! If we could get a list of email addresses of `VIPS in CRYPT' together to lobby, that would be stupendous. However, it seems to me that as soon as anyone tries this they are going to find out pretty fast how much of a uniform monolith the whole of NSA is. It's extremely isolated and guarded as a cohesive *whole*. But! I get the feeling there are a lot of independent *contractors* and *consultants* associated with the NSA. Anybody have any idea of how to get a list of them? We have the people from Mycotronx by name--why don't we have any email addresses? What about AT&T? Surely somebody who matters besides jim@rsa.com has an email address. Consider this the Great CypherPunk Treasure Hunt. happy hunting!