Jack Rickard was kind enough to send me the following. A new member of the list told me he had found out about the list from this article. Eric ----------------------------------------------------------------------------- From: jack.rickard@boardwatch.com Date: Wed Jan 20 09:57:55 1993 Subject: CYPHERPUNKS COVERAGE The following article appeared in the February, 1993 issue of Boardwatch Magazine, a monthly publication covering electronic bulletin boards, online information services, and networking issues. Boardwatch Magazine is published monthly at an annual subscription rate of $36. Boardwatch Magazine, 7586 West Jewell Ave., Suite 200, Lakewood CO 80232; (303)973-6038 voice; (303)986-8754 fax; (303)973-4222 data. Internet: jack.rickard@boardwatch.com. FRONTAL ATTACK ON THE PUZZLE PALACE by Lance Rose A privately funded attack is underway against a little-known government agency that has devoted itself to the control of privacy in this country (who gets to have privacy, who doesn't, and how much privacy can anyone have?). If successful, it may begin to unravel decades of surreptitious information control so effective most of us have not been aware of its operation. The agency in question is the National Security Agency, or NSA. It was established in 1952 by President Harry Truman to monitor signal transmissions that might affect the security of the United States. Since that time, the NSA has steadily cast a pall over public use and knowledge of cryptography, and generally regulated the limits of privacy in this country. It has done so with 40,000 or more active employees, and funding not readily discernible from inspecting Congressional budget lines. Those not already familiar with the NSA might be surprised at the depth and extent of its influence. For instance, rumor has it that NSA monitors much of the digital telephone activity in this country, even though it is authorized only to monitor foreign transmissions. NSA is also in charge of regulating the export of cryptographic devices to other countries, which are officially deemed such a great security risk they are dealt with as "munitions" under the U.S. export control laws. Any device or software intended for export and using encryption techniques (which are usually included to aid in the privacy or security of personal or business communications, such as in cellular phones) must be reviewed by the State Dept., which generally passes on the review to the NSA. These review processes are so slow and nitpicking that they choke off almost all international trade in effective encryption devices from the U.S. The ultimate effect of this process, as pointed out by John Barlow of the EFF, is to inhibit development of strong encryption devices even within the U.S., since manufacturers are often reluctant to make two different versions of their goods, one for domestic use and one for export. Well-known, powerful encryption techniques subject to close NSA export control include devices based on the DES algorithm, and public key devices based on the RSA algorithm. In addition, NSA is actively involved, along with such cohorts as the FBI and the Justice Department, in ongoing legislative efforts to keep effective new cryptography and privacy techniques out of the public's hands. Last year, proposed Senate Bill 266 would have made it illegal to use a cryptographic technique unless the government had been provided a "back door" enabling it to easily extract the plain text from any message encrypted through that technique. Apparently, brute force cipher-cracking by the NSA was wasting a little too much of the taxpayers' dollars (albeit through untraceable budget lines) so we would all get a break if the government's obligatory snooping and code-cracking activities cost a lot less. Luckily, this bill was kept from enactment, in large part through the efforts of the Electronic Frontier Foundation. NSA and FBI came back this year with a new variation - a bill that would require all phone companies to set up special wiretap stations for official eavesdropping, so agents would not have to waste taxpayer dollars figuring out how to tap those nasty optical fiber lines without being detected. It's ironic that in the face of a federal statute (the Electronic Communications Privacy Act) with strong legal obstacles to discourage officials who seek to monitor private telephone activities, those same officials want to install facilities giving them the practical ability to wiretap as easily as you or I might open the faucet for a glass of water. Another NSA tactic has been massive removal of texts on cryptography from public access through classifying them as secret government documents. Again, slowing down the transmission of knowledge on cryptography in this manner has placed a drag on development of publicly useful encryption methods. The advent of the Freedom of Information Act (FOIA) threatened this regime, with its provisions for requesting declassification of government documents. However the NSA, like many other federal agencies, discovered a fairly effective antidote to FOIA requests: ignore the requests, and when it could ignore them no longer, make the requesting party drag the NSA bodily into court over and over in escalating legal procedures to compel production of the requested documents. This process was such a burden on the requesting parties that it weeded out all but the most dedicated and well-financed attempts to fetch documents on cryptography out of the black hole of NSA classification. Such conduct was also literally illegal, since it involved failure to meet statutory time limits to respond to FOIA document requests. The NSA appeared to be deliberately not meeting the time limits, and basically thumbing its nose at those who sought the documents under its control. One of those who encountered the NSA's monumental heel- dragging in releasing cryptography-related documents was John Gilmore. Gilmore runs a software house named Cygnus Support, was one of the founders of the Electronic Frontier Foundation, and is a vocal and impassioned supporter of individual privacy rights against the modern encroachments of the state. Gilmore and his attorney, Lee Tien, decided to challenge certain NSA practices head-on, specifically the practices of overclassifying documents in the area of cryptography, and the NSA's unwillingness to release cryptographic materials into the public domain regardless of whether the materials actually have strategic military value justifying their classification. In July, 1992, Gilmore requested, under the FOIA, copies of the books "Military Cryptanalysis" by Friedman, volumes 3-4 (earlier volumes were already declassified) and "Military Cryptanalytics" by Friedman and Callimahos, volume 3 onward (the exact number of volumes is not publicly known). The Friedman books dated from the 1930's, the ones with Callimahos from the 1950's - not likely state of the art stuff. To add a little irony, Friedman had been one of the founders of the NSA. To no one's surprise, the NSA did not respond to Gilmore's FOIA request for the books. Gilmore appealed the decision administratively, but again was unable to obtain the materials, forcing him to the next step of filing a suit against NSA in federal court in the Northern District of California. Here is an example of an administrative setup ripe for abuse, being played for all it's worth by the NSA. In an ordinary court action, a party who does not respond within a time limit set by statute can lose the case by default. Here, however, the NSA did not lose anything by not responding to the FOIA requests in the administrative agency setting. In fact it actually gained an advantage, forcing Gilmore to put more energy and resources first into a pointless administrative appeal, and then finally starting a federal court action from scratch. Some time after beginning the FOIA procedure, Gilmore tracked down the Friedman volumes from the '30's at a couple of public repositories in California. Amazingly, when the NSA found out he had the books, they told him the books were still classified or should be classified, and threatened him with a criminal action if he dared to show the books to anyone else. This received some press attention in the S.F. Examiner and elsewhere, to the NSA's great displeasure. Not only was the NSA getting publicity, which it shuns, but it looked like NSA was trying to bury ancient materials already fully accessible to the public, and threatening to jail someone who dared assert the public had a right to such materials. The attention had a salutary effect on the NSA's actions, however. They recently declassified the old Friedman volumes, making it perfectly legal for Gilmore to distribute them. Score one for the libertarians. They have started the NSA backpedalling. As we go to press, Gilmore's case against the NSA is still proceeding for purpose of obtaining the remaining Military Cryptanalytics volume(s), as well as a "pattern and practice" claim against the NSA. This last legal claim is particularly important. As described above, the NSA drags its heels on FOIA requests, outlasting all but the most resolute opponents. But any time a hardy soul manages to push his case close to a court decision, the NSA can turn around at the last moment and say, "here are the materials you requested." The case would then officially become moot because the request was finally honored, and no court decision stating that the NSA engages in obstructive and delaying practices would ever issue. This sorry result can be avoided by the claim that NSA engages in a "pattern and practice" of obstructing and delaying FOIA requests for cryptographic materials. It will survive any such "mooting" move by the NSA, and if Gilmore perseveres, may result in a judicial decision laying some of the NSA's practices bare on the public record. If Gilmore and his attorney Lee Tien succeed, they could end up chipping off a big piece of the NSA wall of darkness. From the look of things, they may still have some arduous going ahead. No matter the decision on the trial court level, the NSA will have many court appeals left, and doubtless ot getting to UUCICO:USERLOG:d:\tbbs\userlog.inx Those interested in cryptography issues may find a new Internet mailing list of interest. A group is physically meeting in John Gilmore's Silicon Valley facilities and has started a mailing list under moderation of Timothy C. May (tcmay@netcom.com). The group includes John Draper (Cap'n Crunch), Tom Jennings, and others interested in cryptography, anonymous mail forwarding techniques, encryption, the Pretty Good Privacy program, and other privacy issues. You can join this mailing list from any service allowing Internet e-mail by sending a message to CYPHERPUNKS-REQUEST@TOAD.COM. [<BI>Lance Rose is an attorney practicing high-tech, computer and intellectual property law in the New York City area, and is available on the Internet at elrose@well.sf.ca.us and on CompuServe at 72230,2044. He works with shareware publishers, software authors, system operators, technology buyers, interactive media developers, on-line database services and others in the high technology area. He is also author of the book SYSLAW, a legal guide for bulletin board system operators, available from PC Information Group (800)321-8285. - Editor<D>]