Are you serious? (fwd) From: chuckles@MCS.COM (Jason Skiles) Newsgroups: alt.security.pgp,comp.org.eff.talk,comp.org.cpsr.talk Subject: New ITAR Indictment Date: 8 Jul 1994 01:02:56 -0500 Reprinted with permission from the Chicago Sun-Tribune, 5 July 1994:

From Sun-Tribune Wires

Washington, D.C.- In a Rose Garden press conference early this morning, Justice Department spokesmen announced the indictment of a Washington, DC. computer bulletin board system (BBS) operator, one Mr. Gil Bates, for violation of ITAR munitions export laws in connection with the operation of the infamous 'We got yer nudes here' BBS. According to federal authorities, many of the graphics files, or 'gif' files, named for their storage format, contained, when examined with a common hex editor, the value 0xAAAA, which can be used to encrypt data in such a way as to make it extremely difficult for intelligence and law enforcement agencies to recover the encrypted data. "0xAAAA first came to our attention a few weeks ago," explained Deputncrypted] file, by using a complicated algorithm known as 'exclusive or' and a 'mask' or encryption key, of, for example, "0xAAAA." Agents were stunned. "It's an entirely new and sinister turn of events in the field," said Miller. "We'd be helpless against such an attack." Miller went on to explain just how secure such a scheme would be. "When we need to crack some encrypted data, for example, email someone sends to his lawyer that we think may contain incriminating evidence," we usually just hand it to thenstitutional issues involved there, but we're working on it." He refused to elaborate. Once the technique was known, news spread quickly throughout the law-enforcement community. "This was a shot across the bow, a real wake-up call for us," said one Justice Department source. "We moved immediately, meeting with the vice-president and a professor from Georgetown. They were reluctant at first, but we mentioned organized crime and terrorists and they came around to our point of view." But why forbid the 'mask' or 'key' instead of the algorithm itself, the 'exclusive-or' technique? "That's sort of a funny story," explained Miller. "We were going to at first, but it turns out that the Clipper and Capstone chips [part of a government-designed key escrow system] make use of the algorithm in places. Of course, there were a few 0xAAAA's too, but the NSA assures us they've got a workaround." Bates loudly proclaims his innocence. "This is stupid, really stupid. It's just a 16-bit value, like any other. They can't restrict it. I'm... I'm at a loss. This is just too stupid to comment on." The case got weaker late this afternoon when it was revealed that the file in question didn't actually leave the country, but was retrieved by an FBI agent in Virginia. "Obviously this compromises our case somewhat," admitted Miller, "since Virginia isn't a foreign country. But someone in another country could have done the same thing, easily. That should count for something." Schneider noted that "Even though we'll probably have to drop the ITAR case, we did come up with something. He had a copy of PGP [a 'guerilla freeware' encryption package popular with subversives and criminals] and some files he'd protected with it." "We think they were maybe lists of children he an FBI agent in Virginia. "Obviously this compromises our case somewhat," admitted Miller, "since Virginia isn't a foreign country. But someone in another country could have done the same thing, easily. That should count for something." Schneider noted that "Even though we'll probably have to drop the ITAR case, we did come up with something. He had a copy of PGP [a 'guerilla freeware' encryption package popular with subversives and criminals] and some files he'd protected with it." "We think they were maybe lists of children he abused, or something," says Schneider. "Yeah, or something," added Miller. [Pre-flame apologies go out to those who object to the inclusion of 'serious' groups in the newsgroups list. If you know any silly ones where this would be more welcome, feel free to send it along.] ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | Jason "Chuckles" Skiles | <Insert a clever quotation here.> | | chuckles@mcs.com | - <misattribute it here> | ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | Any opinions I express are also those of every single school, company, | | and organization I've ever been in any way associated with. Honest. | ++++++++++++++++++++++++++finger for PGP public key+++++++++++++++++++++++++ ------------ To respond to the sender of this message, send mail to remailer@soda.berkeley.edu, starting your message with the following 8 lines: :: Response-Key: ideaclipper ====Encrypted-Sender-Begin==== MI@```%ES^P;+]AB?X9TW6\8WR:2P&2%`$A:^X<=%.A'J%;"Y7E2J[QT=&)]L M0`F:L=MI*O?R!?N6/E3TTZ6WF^B=ZP9][Y)B)J)4PF/%M3XOVYT^Y;!E*9Y9 $\U3XF@`` ====Encrypted-Sender-End====