Re: CIA needs secure computers, but NSA kills attempts to make them

[gnu () toad com <gnu () toad com>]

Quote from Information Week:
> Computer networks have not proven themselves to be absolutely
> secure, so the  creation of an electronic system vulnerable to
> compromise goes very much against the grain of senior officers.
> But the need for quicker processing is apparent, as is the need
> for absolute security. It is a big problem not easily resolved.
> In fact, resolution may depend upon software yet to be
> developed, possibly by a new generation of programmers who will
> be offered well-paying jobs  by private enterprise at a time
> when government research dollars are being absorbed by current
> program needs.

Private industry has been trying to build secure computers and secure
networks for many years.  Each attempt is rebuffed by the US
Government, which relies on the ability to break into computers and
monitor network transmissions.

The National Security Agency's policies on export of cryptography
caused Digital Equipment Corporation to cancel its multi-year, multi-
million dollar `Secure Systems Group'.  They would've never been
allowed to deploy the resulting secure operating system to their
customers.

Apple and Microsoft both wanted to put cryptographic security features
deep inside their operating systems.  Both were threatened by the
National Security Agency.  Eventually, Microsoft persuaded one of the
Congressmen from Washington State to modify an export control bill to
remove NSA's authority over mass-market software.  This provision was
passed by the House of Representatives, but the Administration
threatened to veto the whole export control bill if it wasn't removed
in resolving the differences between the House and Senate versions of
the bill.  The eventual compromise was that NSA permitted a crummy
encryption code to be exported -- but it's so poor that nobody would
claim they had built a "secure" system using it.  (Neither Apple nor
Microsoft has deployed it.)

The National Institute for Standards and Technology wanted to define
standards for cryptographic signatures and for public directories of
encryption keys.  Pressure from the NSA caused them to propose a poor
standard for signatures, which industry has not adopted and which has
sparked a patent fight.  This standard was selected because it would
ONLY allow signatures, and would not allow encryption keys to be
exchanged.  Building privacy into commercial computers requires both
functions -- but NIST has been unable or unwilling to ignore the NSA
pressure to compromise domestic security and privacy.

AT&T, using technology from RSA Data Security and from the federal
Data Encryption Standard, started producing easy-to-use telephone
privacy devices last year, at $1300, a new low in prices for such
gear.  This spooked the government so much that it twisted AT&T's arm
to stop production, then announced the `Clipper Chip' initiative,
which attempts to force the adoption of a standard (for DOMESTIC
telephony) that the government could break into without trouble.  This
initiative has been roundly criticized by industry and civil liberties
organizations, and shows little chance of eventual success.  The
incompetent government contractors who they hired to produce the chips
can't even get them to work.  Meanwhile, AT&T isn't selling secure
phones anymore.

I could go on, but I think you're getting the drift.  The so-called
`intelligence' community is shooting itself in the foot, time after
time.  The CIA now can't modernize, because NSA has been preventing
the development of the tools CIA needs.

        John Gilmore