Posted-Date: Fri, 18 Feb 1994 12:28:53 -0500 Path: netnews.upenn.edu!msuinfo!agate!howland.reston.ans.net!pipex!uknet!demon!an- teallach.com!gtoal Newsgroups: comp.org.eff.talk From: gtoal@an-teallach.com (Graham Toal) Subject: CERT/Whitehouse/Clipper link - smoking gun... X-Fax: +44 31 662 4678 X-Organisation: An Teallach Limited Date: Fri, 18 Feb 1994 16:48:15 +0000 Sender: usenet@demon.co.uk Lines: 55 Apparently-To: farber@pcpond.cis.upenn.edu By God, I knew there was something fishy about that latest CERT release (the one that referred to things that happened last November and didn't actually say anything new, but somehow managed to hit the *WORLD* press extensively within 24 hours)... Well, here's the smoking gun...

From: CERT Advisory <cert-advisory-request@cert.org> Date: Thu, 3 Feb 94 21:14:40 EST To: cert-advisory@cert.org Subject: CERT Advisory - Ongoing Network Monitoring Attacks Organization: Computer Emergency Response Team : 412-268-7090

============================================================================= CA-94:01 CERT Advisory February 3, 1994 Ongoing Network Monitoring Attacks

Note the date. The next day, we see this Whitehouse release: :THE WHITE HOUSE CONTACT: 202 156-7035 :OFFlCE OF THE PRESS SECRETARY :EMBARGOED UNTIL 3 PM (EST) FRIDAY, February 4, 1994 :STATEMENT OF THE PRESS SECRETARY :Information Infrastructure. A digital signature standard will enable :individuals to transact business electronically rather than having to :exchange signed paper contracts. The Administration has determined :that such technology should not be subject to private royalty :payments, and it will be taking steps to ensure that royalties are not :required for use of a digital signature. Had digital signatures been in :widespread use, the recent security problems with the Internet :would have been avoided. Note the reference to 'recent security problems with the Internet'. This is obviously referring to the highly publicised stories in the press *that day* which were engendered by the CERT report. Yet the whitehouse press release was written days before - see the 'embargoed until Feb 4th' warning at the top. So the Whitehouse had *prior knowlege* of the CERT release, and the fact that it would get extensive press coverage. I say CERT actively collaborated with the Whitehouse on the pro-clipper propoganda front, and I challenge them to deny it in a simple unequivocal statement. G PS The statement is also false: digital signatures would have no effect on network sniffing attacks; but it's just more FUD to strengthen the Whitehouse hand in a release that was buried in a flood of releases that day on Clipper.