"Pat Farrell" <pfarrell@cs.gmu.edu>

The "government" as a whole is not against crypto. The NSA is _very strongly_ against it. There are 60,000 or more bureaucrats in NSA that would be effectively put out of work by widespread strong crypto. All the $17 Billion that they use on signal intercepts would go to competing approachs (satelite recon, spys in the field, etc.) that are controlled by other agencies. Why? because signal intellegence is so easy now that it is extremely cheap and cost effective. Widespread strong crypto will not make evesdropping impossible, but it will make it _very_ expensive in time and money, and thus make it much less attractive.

Hey cypherpunks, I recognize that it is critical to balance our criticisms with proposals for improvement. For example, in an earlier list of chief criticisms on Clipper I also brought up the point that a cryptographic standard developed under an impartial standards-creation process would be acceptable. Hence, let's get this into the collective psyche: NSA is definitely extremely endangered in the `signal interception' role. However, just to prove that we're not totally out to get all those black spooks, I propose that we emphasize that the NSA pursue a different role that they are in an immensely beneficial position to undertake: *promoting* cryptography use among the public and in government. Don't laugh! A very major part of NSA is dedicated to maintaining and developing the codes and machines that the rest of the military uses. The dichotomy in the two aspects of the organization was apparent with e.g. Kahn's speculation on the development of DES (make it stronger! say the makers. make it weaker! say the breakers). If we gently or jarringly prod NSA into more of the `making' instead of the `breaking' role, that would be a way of not overly offending too many bureacrats by giving them the sacred escape hatch. So: don't advocate completely dismantling the NSA. (That may happen, but if it does it will happen on its own without any encouragement.) Instead, say that in the Post Cold War era they are better suited to shift into the code*making* arena instead of the overlong insistence of the code*breaking* domination. Gosh, think of all those lonely NSA geniuses who have secure schemes but are being overruled. Imagine what this expertise could do for commercial cryptography and American technological competitiveness/supremacy if they were allowed to say `your algorithm is weak because' and not `---[CENSORED-CONFIDENTIAL-INFORMATION]---'. We have to paint ourselves as moderates before we can shine as extremists. Also, let me remind everyone to COUNTER the arguments that we now need a vast framework of intelligence gathering on `commercial espionage' -- I'm not denying that it is a problem or even an increasingly significant one, but this is *not* the role for government. That's why the word `commercial' is in there! Government involvement here will do nothing but restrain and restrict the mobility of companies involved; they have plenty of opportunities to hire deft independent consultants but a large bureacracy can do nothing for them but endanger them. * * * Satellite Torque By the way, I've been reading a lot about how satellite intelligence data is starting to get freed up based on pressure by companies such as Martin Marietta, who would like to sell the lucrative information (surprise, other countries already are and since we aren't allowed to we're dying in an important market we could potentially dominate). There is a great deal of classified satellite surveillance data out there and the fact that some of it might be on the way to being unchained is highly encouraging for the overall Cypherpunk cause. Just a little sunshine disinfectant leaking through, eh? Opening up satellite data is a way of putting more pressure on NSA, which, from what I understand, devotes a great deal of staff toward interpreting it. Or maybe that's another intelligence agency. Either way, it's a valuable wedge and torque we need to pry loose some major obstacles. If anybody is in a position to facilitate the release or dissemination of this data, go for it! * * * NSA: a big bureacracy or a bunch of bureacrats? Someone brought up the point that NSA is really just a whole lot of disconnected bureacrats who are really more interested in saving their own careers than any selfless motive such as promoting the stability of any overall government agency. This of course has relative accuracy, but either way we should try to use it as leverage against Clipper and the NSA cryptography-regulation role. I'd say the first step is to get in contact with whoever makes these policies or is involved! If we could get a list of email addresses of `VIPS in CRYPT' together to lobby, that would be stupendous. However, it seems to me that as soon as anyone tries this they are going to find out pretty fast how much of a uniform monolith the whole of NSA is. It's extremely isolated and guarded as a cohesive *whole*. But! I get the feeling there are a lot of independent *contractors* and *consultants* associated with the NSA. Anybody have any idea of how to get a list of them? We have the people from Mycotronx by name--why don't we have any email addresses? What about AT&T? Surely somebody who matters besides jim@rsa.com has an email address. Consider this the Great CypherPunk Treasure Hunt. happy hunting!

Well, I promise not to rant as long as no one goes soft on Clipper and the NSA. Unfortunately for the cause, I've been busy lately. Jim McCoy <mccoy@ccwf.cc.utexas.edu> posts some (ahem) interesting opinions on the NSA:

1) The NSA is not chartered for domestic surveillance work. If you discover the NSA watching you within the US you can have them arrested. They are probably more interested in the systems being put in use around the world and less about systems internal to the U.S.

they are not `chartered' per se but as Bamford makes clear everyone from the director and all the way down thinks that they live in a sort of extra-legal limbo. The NSA has a Napoleonic complex and delusions of grandeur that it is the fourth branch of the U.S. government--the Police Branch (with additional powers to make policy submissions on the level of the Executive branch). The vague and secret laws supposedly `governing' them do nothing to restrain them. There is even a law that exempts NSA from certain laws unless specifically mentioned! And tell me, who's job is it to arrest a corrupt police officer? (A: the American public.) `They are probably more interested in systems in use around the world than in the U.S...' well, this is a rather strange comment. It reflects both a false dichotomy and a true mutual exclusion. NSA and its members think that what happens in their bunker and the U.S. is universal. It has a very imperialistic and egotistical view regarding its sovereign cryptographic role, you understand. The argument that what happens in the U.S. cryptographic arena is relevant to the world at large is wrong for precisely the reasons the NSA believes in it and right for precisely the reasons they fear. Namely, yes, if U.S. exports strong cryptography it will penetrate the world faster. That is how the U.S. *does* matter. If the U.S. lags behind from absurd and asphyxiating regulations, we will find ourselves inundated by superior products from the outside by countries that don't have bizarre taboos against strong cryptography and secure protections for the privacy of their citizens. That is how the U.S. *doesn't* matter. Either way, the proliferation of strong cryptography is inevitable. The NSA believes that strong cryptography will be restricted internationally to the point that the U.S. quashes it. The truth is that the U.S. will be quashed internationally to the point that it restricts strong cryptography.

2) The NSA has been dealing with strong cryptography for a long time. These are the people who have been playing crypto games with "the Ruskies" since before I was born. I sincerely doubt they are losing a great deal of sleep over the fate of Clipper. ... no one at Fort Meade is going to be getting a pink slip if Clipper goes down in flames.

That's the problem. They should be, if they were truly accountable for their actions and not insulated and inbred bureacrats. Where are the rolling heads? Clipper is an unadulterated fiasco in every respect except in bringing greater public attention to unconscionable clandestine machinations in our government and cryptographic technology. For the former, please spare us the depraved exhibitions. For the latter, far more ethically superior demonstrations are possible. (To say the least for both.)

The FBI, and other domestic law enforcement agencies are probably very gung ho for weak crypto, but I just don't think that No Such Agency is going to be greatly effected by it. Thier fingerprints are all over the Clpper stuff, but seeing as how thier other mission is to develop ciphers this is only natural.

Fingerprints? More like a blaring signature in neon or spraypainted graffiti. Clipper as `only natural'? I suppose in the way one would consider a stillborn monster `natural'. NSA will not be affected by strong cryptography if it doesn't spread, that's correct. But that's like saying Communists would be unaffected if they could prevent the spread of technology. The spread of strong cryptography worldwide to the great detriment of signal interception is absolutely inevitable. Clipper only shows that NSA has deluded itself seriously enough to fail to recognize this basic truth to the point of investing huge sums of money, expertise, and audacity in an illegitimate project doomed to failure by its fundamental premise: that a government can control *any* technology (let alone a powerful emerging one) to perpetuate its own warped agenda and status quo. P.S. the `beta vs. VHS' reference is nothing but NSA propaganda and the terminology of apologists and spooks, and I hold it against you for using it. In only one way is it apt: the government is hoping they can entrench their inferior VHS standard by market momentum and black behind-the-scenes machinations despite the technical superiority of competitors. Well, sometimes inferior standards win out in the marketplace, but only temporarily and never indefinitely. And no government proposed VHS, or they would have been either laughed or chased off the face of the earth.