IP: A cryptographer's (no longer) secret FBI file

[Dave Farber <farber () cis upenn edu>]

> Date: Thu, 18 Nov 1999 19:00:04 -0500
> To: politech () vorlon mit edu
> From: Declan McCullagh <declan () well com>
>
>
> [I've known William for a number of years. He's a longtime privacy
> proponent and has been participating in IETF crypto-related working groups
> since the early 1990s. Recently he has been active in opposing wiretapping.
> I'm told OADR (keep reading) means Originating Agency Determination
> Required. --DBM]
>
> *******
>
> Date: Thu, 18 Nov 1999 13:37:46 -0500
> From: William Allen Simpson <wsimpson () greendragon com>
> To: raven () ietf org
> Cc: ietf-ppp () merit edu, ipsec () lists tislabs com
> Subject: [Raven] FBI secret police
>
> [snip for clarity-DBM]
>
> Wonder of wonders, I just received a portion of my FBI Freedom of
> Information records yesterday.  Apparently, their very existance was
> classified "SECRET", by "G-3", and was supposed to be "declassified on:
> OADR".  Any idea what that means?
>
> However, most of the contents were still classified secret again by
> 60267NLS/BCE/JMS for reason 1.5(C), on May 25, 1999, to be declassified
> on "X.1".  So, virtually the entire documents are blacked out, labeled
> "b1".  The included handy reference guide lists "(b)(1)" as:
>
>   "(A) specifically authorized under criteria established by an
>   Executive order to be kept secret in the interest of national defense
>   or foreign policy  and (B) are in fact properly classified pursuant
>   to such Executive order"
>
> These records are from 1991, 1992, and 1993.  The "predication for this
> investigation" is secret.  The "Basis of the Investigation" is secret.
> The "Objectives of the Investigation" are secret.  The "Status of the
> Investigation" is secret.
>
> Other smaller sections are blacked out with labels (b)(2):
>
>   "related solely to the internal personnel rules and practices of
>   the agency"
>
> and (b)(7)(D):
>
>   "could reasonably be expected to disclose the identity of a
>   confidential source, including a State, local, or foreign agent or
>   authority or any private institution which furnished information on
>   a confidential basis, and, in the case of records or information
>   compiled by a criminal law enforcement agency in the course of a
>   criminal investigation, or by an agency conducting a lawful national
>   security intelligence investigation, information furnished by
>   confidential source"
>
> It is particularly amusing that the latter is used to black out
> records of contact with my own parents (who refused to talk with them),
> copies of email that I sent, and my vehicle title (where I have the
> original copy).  Somebody had a very heavy hand in the censorship.
>
> (Also amusing, the FBI was still using all cap teletype in '92 :-)
>
> What is less amusing is that the FBI spent over a year going to each
> place that I had email access and tried to convince them to revoke
> my access.  They were successful in (at least) two places.
>
> They interviewed at least 11 people out of their Albuquerque, Boston,
> Detroit, Minneapolis and San Francisco offices.
>
> Apparently, they investigated my IETF activities at Santa Fe, San Diego,
> Boston and Washington DC.  They quote the Santa Fe and San Diego
> proceedings.  They direct agents to IETF meetings, "to ascertain if
> subject came to any notice at the PPPWG meetings."  They make specific
> reference to CHAP and DES.
>
> Various clear sentence fragments indicate a concern that the PPPWG
> meeting was taking place sponsored by Los Alamos, and that "these
> meetings attract interested persons worldwide."  Another fragment
> indicates a concern that my PPP software was distributed by servers
> at White Sands Missile Base and mirrored at various universities.
>
> The most legible interview, still mostly blacked out, gives a hint as
> to the questions that were being raised:
>
>   <black>
>
>   "<black> stated that he believes the PPP is legal technology.  However,
>   if the government is attempting to restrict the dissemination of
>   authentication protocols, he believes it is too late.  It is like
>   locking the barn after the horse has escaped (per <black>).
>
>   <black>
>
>   "In summary, <black> does not believe Simpson has engaged in breaking
>   United States export laws regarding the export of cryptographic
>   devices or is interested in violating such laws at the behest of a
>   foreign power."
>
> The name blacked out appears to occupy 3 letters.  My thanks to Karl Fox
> or Craig Fox!
>
> The instigator of the investigation appears to have a surname of 4 or
> maybe 5 letters.  Thus, it is probably not "Atkinson".  Perhaps it's
> the former IAB member that required the removal of the PPP LCP
> encryption option, refused to publish CHAP, and refused to grant the
> IPSec charter....  When the NomCom replaced the IAB, he was first
> against the wall.
>
>   "Sources whose identities are concealed herein have furnished
>   reliable information in the past except when otherwise noted."
>
> Gentlefolk, we have a stool pigeon in the roost, whose interests are
> contrary to the interests of the IETF and the Internet as a whole.  It
> is a male.  And he is regularly reporting IETF member activities for
> secret investigation.  Beware.
>
> WSimpson () UMich edu
>     Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32
>
>
>
>
> --------------------------------------------------------------------------
> POLITECH -- the moderated mailing list of politics and technology
> To subscribe: send a message to majordomo () vorlon mit edu with this text:
> subscribe politech
> More information is at http://www.well.com/~declan/politech/
> --------------------------------------------------------------------------