NSA Turns To Commercial Software For Encryption

Tim May timcmay at got.net
Sun Oct 26 20:39:05 PST 2003


On Sunday, October 26, 2003, at 07:37  PM, Neil Johnson wrote:

> I dunno know.  It comes down to which of the following slogans you 
> believe.
>
> ECC: "Our algorithm is so good it has been licensed by the NSA".
>
> or
>
> RSA: "Our algorithm is so good that the NSA tried to prevent it's 
> publication,
> had it classified as a munition and export controlled, tried to get the
> government to ban it in favor of a key escrow system, arrested and 
> harassed a
> programmer for implementing an program using it, etc."
>
> Depending on the orientation of your tin foil hat, either one can mean 
> the
> algorithm is good or has a backdoor. Oh, the fodder for conspiracy 
> theorists.
>
> Other theories:
>
> It's always in NSA's interest to make sure that the current "in vogue" 
> crypto
> system require licensing even if it is a commercial license. At least 
> it
> limits it's use in Open Source and Free Software.
>


Or my theory:

Part of outsourcing.

I hear yawning. But there's more to outsourcing than simplistic notions 
that outsourcing lets the Pentagon (and NSA, CIA, etc.) save money:

-- outsourcing puts the Beltway Bandits into the loop

-- outside suppliers are a place for senior NSA cryptographers and 
managers to go when they have maxed out their GS-17 benefits 
("sheep-dipping" agents is another avenue for them to work in private 
industry)

-- outside suppliers are less accountable to Congress, are insulated in 
various well-known ways

This is not just something out of a Grisham thriller, with a Crystal 
City corporation funneling NSA money into a Cayman account...this is 
the Brave New World of hollowing out the official agencies and moving 
their functions to Halliburton, Wackenhut, TRW, TIS/NAI, and the legion 
of Beltway Bandit subcontractors all around D.C.

(When I left the D.C. area in 1970 the practice was in full swing, and 
even my father went to a Bandit in Rockville when he left the U.S. 
Navy, doing the same job but both better paid and less accountable. And 
he wasn't even a spook.)

Put it this way, if Dick Cheney had worked for the NSA before going 
into private practice for his 8 years out of government, he'd want to 
go to a place like Certicom. And then return to government and help 
mandate that his former company's products be the Official Standard.

Follow the money.

--Tim May





More information about the cypherpunks-legacy mailing list