Why the White amendment is a good idea (fwd)

Tim May tcmay at got.net
Thu Sep 25 11:12:14 PDT 1997



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 9:07 AM -0700 9/25/97, Declan McCullagh wrote:
>---------- Forwarded message ----------
>Date: Wed, 24 Sep 1997 19:06:33 -0600
>From: Aaron Weissman <aweissman at mocc.com>
>To: "'fight-censorship at vorlon.mit.edu'" <fight-censorship at vorlon.mit.edu>
>Subject: Why the White amendment is a good idea

>The NETCenter is a great idea.  Very few of us
>would argue that our society has an interest
>defining rules and in prosecuting their

The NETCenter is largely duplicative, though will be much less effective,
than the NSA. I strongly urge Aaron and others to review the history and
capabilities (and limitations) of the NSA.

>transgression as crimes.  Once we have agreed on
>that point, the issue changes to a (still very
>important) discussion on methods.  By creating a
>decryption lab (and funding it with tremendous
>amounts of money), our society will fulfill the
>basic obligation to protect against the
>transgression of our rules.

The COMINT mission of the NSA _already_ consumes vast amounts of money,
with an estimated staffing (for the NSA as a whole) of 100,000 persons.
(Obviously many of them are not doing SIGINT and COMINT, but a fair
fraction are. And the Agency has had five decades or more to build up this
staff.) The NSA also draws on additional resources, including the Defense
Language School and related facilities for translation, the DOD branches of
signals intelligence (Naval Security Group, Air Force Intelligence, Army
Security Agency, etc.), and has ties to CIA, DIA, NRO, etc.

It is UNLIKELY IN THE EXTREME that a NETCenter could even remotely approach
the NSA in decryption capabilities, so the funding of NETCenter would
mostly be throwing away money for a feelgood, public "demonstration site."

(The NSA sometimes assists with law enforcement. But often it does not. I
grant that a purely civilian codebreaking facility might once have been
needed. But for reasons I'll get to below, it's much too late to start now!
And much too expensive.)

>However, despite the worst intentions of some,
>this laboratory cannot be an indiscriminate tool.
> The United States Government may be a the
>ultimate example as an organization possessing
>"national means," however, it's resources are far
>from infinite.  In addition, such a lab would
>require our very best and brightest
>mathematicians. We may be able to afford one of
>these labs, but more would be a large stretch.

Indeed, and those bright mathematicians who are also willing to work as
GS-14s. 15s, and so on, are mostly at the NSA now. Again, look into the
funding of the NSA and ask if the country would be willing to make a
similar expenditure for NETCenter. (Not that it will help.)


>Once this NETCenter exists, the demands for it's
>services will soon outstrip it's resources.  In
>addition, the massive cost involved per use would
>be large enough to attract public scrutiny.  I

Once the NETCenter failed to decypt the first several dozen instances of
PGP or 3DES thrust before it, I rather expect enthusiasm will wane.


>have no doubt that our government could crack the
>very largest keys if it were to through billions
>of dollars at the problem.  However, in an age of

Aaron, you really need to get up to speed on cryptography. Even the basics
of it.

When you do, you'll discover that it is strongly believed (though not yet
proved) that leading ciphers are "hard" to break. Conventional
cryptanalysis is useless, i.e., the kind where fragments of text are used
to help produce a key.

Even the NSA has acknowledged that cryptanalysis of modern ciphers is
essentially impossible, at least from intercepted ciphertext. (Interception
of signals, a la TEMPEST, may be a different matter, and of course there
are important civil liberties issues involved in setting up such
surveillance operations.)

As to you point that "very largest keys" could be cracked with "billions of
dollars," check out some of the "work factor" (difficulty of brute forcing)
estimates for modern ciphers. Schneier's "Applied Cryptography" is a good
place to start.

You will see that some ciphers have work factors for readily achievable
keys which exceed the energy in the entire universe. (The "secure phone" I
have, from Communication Security Corporation, uses 3DES. This is something
like 100 bits more in key length than ordinary DES. Even if a "Wiener
machine" can be built to break ordinary, 56-bit DES, at a cost of perhaps a
million bucks or so for the entire machine (and then perhaps a few hundred
bucks per crack, it is estimated), think of the cost of the machine to
break 3DES! 2^100 times harder is about 10^30 times harder. Now that's a
lot of money! The "tab" for each American  taxpayer would be about $10^22.

(There is a slight possibility that dramatic speedups in cracking could
come from mathematical advances. DES and other ciphers are under constant
scrutiny, and 22 years or more of scrutiny of DES has produced a limited
speedup.)

The point is this: modern ciphers are for all intents and purposes
"unbreakable."

Though we as technical people are usually cautious to say that
"unbreakable" is a dangerous word, the fact is that it's our current best
description of what a 2000-bit RSA key is, and that's all there is to it.

See Schneier for more on why this is so.


>I have no doubt that a considerable portion of
>the NETCenter's time will be spent in matters of
>foreign intelligence.  (As I said, we cannot
>afford two massive decryption laboratories -- the
>NSA will have to give its decryption mandate to
>this new agency).  In sum, this amendment gives

Right. I'm sure that will happen.

- --Tim May

The Feds have shown their hand: they want a ban on domestic cryptography
- ---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."



-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQA/AwUBNCqg0FK3AvrfAt9qEQJIkQCeIp33C8UNVsM5tbE90ZEWIrVp+IcAoKvI
0giZDX5Do56vHXSURaNt2dQ4
=/s7n
-----END PGP SIGNATURE-----







More information about the cypherpunks-legacy mailing list