Interesting People mailing list archives
Possibly compromised account
From: David Farber <farber () central cis upenn edu>
Date: Thu, 24 Feb 1994 15:16:50 -0500
Date: Thu, 24 Feb 94 13:08:50 -0500 From: shap () viper cis upenn edu (Jonathan Shapiro) To: farber () central cis upenn edu Cc: interesting-people () eff org Subject: Possibly compromised account This is to alert you to the possibility that Dorothy Denning's login may have been compromised. In a recent mailing to the "interesting people" list, a party alleging to be Dorothy Denning made a number of statements in support of the SkipJack initiative that were erroneous or deliberately misleading. The suspect in question makes remarkably subtle use of misdirection to twist the facts of the case. This is not consistent with the sort of integrity one expects from Dorothy's statements. In order that you will be able to spot future mailings from this unknown party, I will point them out. [Suspect] I expect their [the NSA's] concern is that if a product with a very strong algorithm such as SKIPJACK were to be manufactured without keys being escrowed, then such products would be very attractive on the foreign black market (presumably, such products would not be exportable) where they could interfere with foreign intelligence. Note the subtle misdirection embedded in the words "I suspect." The author wishes you to believe that the stated position is the NSA position, and is distracting attention from the fact that they are supporting the opinion by promulgating it. The position described is ludicrous. It says that the focus market for SkipJack-derived systems is characterized as follows: 1) Customer is a criminal or terrorist. 2) Customer trusts the NSA, and all organizations that NSA collaborates with, either officially or covertly, legally or otherwise. 3) Aside from the fact that they are a criminal or a terrorist, customer is basically law abiding, and therefore will not use some other encryption algorithm as a substitute or layered on top of SkipJack. 4) Customer is smarter than your average turnip, which is why we need to tap their phones in order to catch them. No question that I'ld choose SkipJack for all of my illegal and/or terrorist activities. I'll hop right out and buy one. > An FBI legislative proposal now under consideration at the White > House would mandate a Clipper-like scheme. That proposal is > backed by fines up to $10,000 per day and jail time. [Suspect] Everything I've seen has said Clipper is voluntary. Quoting from the standard: "This standard does not mandate the use of escrowed encryption devices by Federal government agencies, the private sector or other levels of government." Note that the suspect has not responded to the issue at hand. Standards are not legally binding, so it would hardly matter if the NIST standard mandated SkipJack. FBI legislative proposals, on the other hand, stand a disturbing chance of becoming law. [Suspect] Before I supported Clipper, I already knew quite a bit about how the whole system was going to be structured, so I felt confident that the goal of high security would be achieved. Nothing I have seen so far has changed my assessment. I encourage you all to take a few minutes to browse the CPSR and/or EFF FTP archives. It has some fascinating material obtained from the allegedly secure contractor whose job is to produce the keys. Dorothy Denning's reputation is one of integrity. Clearly, the comments above could not have originated with her. It's an interesting question, however, to ask who is employing the suspect. Jonathan SkipJack. Because We're Not Listening.
Current thread:
- Possibly compromised account David Farber (Feb 24)
- <Possible follow-ups>
- Re: Possibly compromised account Timothy Finin (Feb 24)
- Re: Possibly compromised account Willis H . Ware (Feb 24)
- Re: Possibly compromised account wulf (Feb 25)
- Re: Possibly compromised account Willis H . Ware (Feb 25)