Interesting People mailing list archives
Re: CIA needs secure computers, but NSA kills attempts to make them
From: gnu () toad com <gnu () toad com>
Date: Sun, 11 Jul 93 18:40:56 -0700
Quote from Information Week:
Computer networks have not proven themselves to be absolutely secure, so the creation of an electronic system vulnerable to compromise goes very much against the grain of senior officers. But the need for quicker processing is apparent, as is the need for absolute security. It is a big problem not easily resolved. In fact, resolution may depend upon software yet to be developed, possibly by a new generation of programmers who will be offered well-paying jobs by private enterprise at a time when government research dollars are being absorbed by current program needs.
Private industry has been trying to build secure computers and secure networks for many years. Each attempt is rebuffed by the US Government, which relies on the ability to break into computers and monitor network transmissions. The National Security Agency's policies on export of cryptography caused Digital Equipment Corporation to cancel its multi-year, multi- million dollar `Secure Systems Group'. They would've never been allowed to deploy the resulting secure operating system to their customers. Apple and Microsoft both wanted to put cryptographic security features deep inside their operating systems. Both were threatened by the National Security Agency. Eventually, Microsoft persuaded one of the Congressmen from Washington State to modify an export control bill to remove NSA's authority over mass-market software. This provision was passed by the House of Representatives, but the Administration threatened to veto the whole export control bill if it wasn't removed in resolving the differences between the House and Senate versions of the bill. The eventual compromise was that NSA permitted a crummy encryption code to be exported -- but it's so poor that nobody would claim they had built a "secure" system using it. (Neither Apple nor Microsoft has deployed it.) The National Institute for Standards and Technology wanted to define standards for cryptographic signatures and for public directories of encryption keys. Pressure from the NSA caused them to propose a poor standard for signatures, which industry has not adopted and which has sparked a patent fight. This standard was selected because it would ONLY allow signatures, and would not allow encryption keys to be exchanged. Building privacy into commercial computers requires both functions -- but NIST has been unable or unwilling to ignore the NSA pressure to compromise domestic security and privacy. AT&T, using technology from RSA Data Security and from the federal Data Encryption Standard, started producing easy-to-use telephone privacy devices last year, at $1300, a new low in prices for such gear. This spooked the government so much that it twisted AT&T's arm to stop production, then announced the `Clipper Chip' initiative, which attempts to force the adoption of a standard (for DOMESTIC telephony) that the government could break into without trouble. This initiative has been roundly criticized by industry and civil liberties organizations, and shows little chance of eventual success. The incompetent government contractors who they hired to produce the chips can't even get them to work. Meanwhile, AT&T isn't selling secure phones anymore. I could go on, but I think you're getting the drift. The so-called `intelligence' community is shooting itself in the foot, time after time. The CIA now can't modernize, because NSA has been preventing the development of the tools CIA needs. John Gilmore
Current thread:
- Re: CIA needs secure computers, but NSA kills attempts to make them gnu (Jul 11)