Forwarded messages from RISKS

Paul Ferguson fergp at sytex.com
Thu May 20 08:17:28 PDT 1993


These messages were extracted from RISKS Digest (14.64) -
 
8<------- Snip, Snip -------------
 
Date: Wed, 19 May 1993 16:32:46 -0400 (EDT)
From: esr at snark.thyrsus.com (Eric S. Raymond)
Subject: Re: Clipper (Denning, RISKS-14.60; Rotenberg, RISKS-14.62)
 
In <CMM.0.90.1.737688970.risks at chiron.csl.sri.com> Marc Rotenberg
wrote:
> Denning has to be kidding.  The comments on the proposed DSS were
> uniformly critical.  Both Marty Hellman and Ron Rivest questioned
> the desirability of the proposed standard.
 
Mr. Rotenberg, as a public figure operating in the political arena,
has to exercise a certain diplomatic restraint in responding to Ms.
Denning's claims. I am, thankfully, under no such requirement.
 
As a long-time RISKS reader and contributor, I observe that that this
is not the first time that Ms. Denning has apparently operated as a
mouthpiece for the NSA's anti-privacy party line on DES and related
issues.
 
I believe Ms. Denning's remarks must be understood as part of a
continuing propaganda campaign to marginalize and demonize advocates
of electronic privacy rights.  Other facets of this campaign have
attempted to link privacy advocates to terrorists and drug dealers
by suggesting that only criminals need fear wiretapping.
 
These are serious charges.  I make them because, in the wake of the
Clipper proposal, I do not believe civil libertarians can afford any
longer to assume that their opponents are persons of good will with
whom they can simply debate minor differences of institutional means
in a collegial way.
 
It's time for someone to say, in public and on this list, what I know
many of us have been thinking.  The future is *now*.  Electronic
privacy issues are no longer a parlor game for futurologists; they are
the focus of a critical political struggle, *and the opponents of
privacy are fighting their war with all the tools of force, deception,
and propaganda they can command*.
 
The histories of the DES, the FBI wiretap proposal, and now the Clipper
proposal must be considered against a wider background of abuses
including the Steve Jackson case, "Operation Longarm", and the routine
tapping of U.S. domestic telecommunications by NSA interception stations
located outside the geographic borders of the United States.
 
These form a continuing pattern of attempts by agencies of the U.S.
government to pre-empt efforts to extend First and Fourth Amendment
privacy protections to the new electronic media.  In each case, the
attempt was made to present civil libertarians with a fait accompli,
invoking "national security" (or the nastiness of "kiddie porn") to
justify legislative, judicial and practical precedents prejudicial
against electronic privacy rights.
 
While I would not go so far as to claim that these efforts are
masterminded by a unitary conspiracy, I believe that the interlocking
groups of spies, bureaucrats and lawmen who have originated them
recognize each other as cooperating fellow-travelers in much the
same way as opposing groups like the EFF, CPSR and the Cypherpunks
do.  Their implicit agenda is to make the new electronic
communications media transparent to government surveillance and
(eventually) pliant to government control.
 
One of the traits of this culture of control is the belief that
manipulative lying and dissemblage can be justified for a `higher
good'.
 
I believe that Ms. Denning's disingenuous claim that the DSS "is now
considered to be just as strong as RSA" is no mere technical
misapprehension. I believe it is propaganda aimed at making objectors
non-persons in the debate.  I cannot know whether Ms. Denning
actually believes this claim, but it reminds me all too strongly
of the classic "Big Lie" technique.
 
It is important for us to recognize that the propaganda lie is not an
aberration, but a routine tool of the authoritarian mindset.  And the
authoritarian mindset is, ultimately, what we are confronting here
--- the mindset that regards the fighting of elastically-defined
`crime' as more important than privacy, that presumes guilt until
innocence is proven, that demands for government a license to override
any individual's natural rights at political whim.
 
We cannot trust representatives of an institutional culture that was
*constructed* to deal in information control, lies, secrecy, paranoia
and deception to tell us the truth.
 
We cannot accept the authoritarians' unverified assurances that the
sealed interior of the Clipper chip contains no `trapdoor' enabling
the NSA to eavesdrop at will.
 
We cannot trust the authoritarians' assertions that they have no
intention of outlawing cryptographic technologies potentially more
secure than the Clipper chip.
 
We cannot believe the authoritarians' claims that `independent' key
registries will prevent abuse of decryption keys by government and/or
corrupt individuals.
 
We cannot --- we *must not* --- cede control of encryption technology
to the authoritarians.  To do so would betray our children and their
descendants, who will work and *live* in cyberspace to an extent we
can barely imagine.
 
We cannot any longer afford the luxury of treating the authoritarians
as honest dealers with whom compromise is morally advisable, or even
possible.  Whatever their own valuation of themselves, the
thinly-veiled power grab represented by the Clipper proposal reveals
a desire to institutionalize means which a free society, wishing to
remain free, *cannot tolerate*.
 
Big Brother must be stopped *here*.  *Now.*  While it is still possible.
 
                                Eric S. Raymond <esr at snark.thyrsus.com>
 
- --
 
Date: Wed, 19 May 93 18:37:24 EDT
From: denning at cs.cosc.georgetown.edu (Dorothy Denning)
Subject: Re: Clipper (Raymond, RISKS-14.64)
 
Eric Raymond has accused me of being part of a propaganda campaign
and a "Big Lie." Among his wild speculations, he wrote:
 
  I believe that Ms. Denning's disingenuous claim that the DSS "is
  now considered to be just as strong as RSA" is no mere technical
  misapprehension. I believe it is propaganda aimed at making
  objectors non-persons in the debate.  I cannot know whether Ms.
  Denning actually believes this claim, but it reminds me all too
  strongly of the classic "Big Lie" technique.
 
Frankly, I don't know how to respond his allegations other than by
saying that I am not and have never been on the payroll of NIST, NSA,
or the FBI and that every word I have published has been completely
on my own initiative.  While I frequently speak with people in these
agencies (mainly to ask them questions so that I can be informed) and
have considerable respect for them, I am operating on my own initiative
and making my own independent evaluations based on all the evidence I
can find.  I try to avoid pure speculation as much as possible.
 
My objective in responding to Sobel in the first place was to point
out that, in my best judgement, the DSS as revised is as secure as
RSA.  I did that so that readers would not be led to believe the
contrary.  Let me elaborate more.
 
The security of the DSS is based on the difficulty of computing the
discret log.  (The Diffie-Hellman key exchange, invented in 1976, is
likewise so based.)  The security of the RSA is based on factoring.
My understanding is that the computational difficulty of these two
problems is about the same for comparable key lengths, and indeed,
the fastest solutions with both come using the same basic technique,
namely the number field sieve.  If I'm wrong here, I am happy to be
corrected by someone who knows more than I do about this.
 
There are other factors, of course, that must be taken into account.
With both schemes, you have to make sure you get good primes.  In the
case of the DSS, you want really random ones so that you don't get
ones with "trapdoors." This is readily done and the chances of
getting a trapdoor one are minuscule. For a reference, see Daniel
Gordon's paper from Crypto '92.
 
I still remember the day when George Davida called me up to say that
he had cracked RSA.  It turned out that he had found a way of
exploiting the digital signatures to get access to plaintext (but
not keys).  I generalized his mathematics and published a paper in
CACM (April 84).  The solution is to hash messages before they are
signed, which has other advantages anyway.  I also remember various
articles by people pointing other potential vulnerabilities with RSA
if the primes weren't picked right.
 
There are potential weaknesses in all of these public-key methods, but
they can be resolved.  As near as I can tell, NIST has resolved the
potential problems with the DSS, and I am confident that if new ones
are found, they will resolve them too.
 
Dorothy Denning

Paul Ferguson               |  The future is now.
Network Integrator          |  History will tell the tale;
Centreville, Virginia USA   |  We must endure and struggle
fergp at sytex.com             |  to shape it.
 
          Stop the Wiretap (Clipper/Capstone) Chip.






More information about the cypherpunks-legacy mailing list