Forgot your password?
typodupeerror
This discussion has been archived. No new comments can be posted.

U.S. Using Key Escrow To Steal Secrets?

Comments Filter:
  • by Anonymous Coward
    I USED to be proud to be an American. Now I'm not so sure. When our leaders do what Clinton has done, and when our Government steals not only from other Governments, but from independent companies and it's own people, (That means you and me and the guy next door), it's WAY past time to get back to where we started. Get government back where it's supposed to be. Upholding the Constitution, and out of my wallet, and off my computer.
  • by Anonymous Coward
    >Records of access to the site show that every morning it is visited by a bot from
    >NSA's National Computer Security Center, which looks for new files and makes copies
    >of any that it finds.

    I want to know what subnet this beast emerges from so I can filter it out. Nah. It probably reappears on all sorts of IP addresses including ones already assigned to others. Since when does the NSA follow rules?

    Instead, I think I'll just have some huge files in a directory called high_yield_warheads that actually contain the output of /dev/urandom. That ought to keep their supercomputers busy for a while. :)
  • by Anonymous Coward
    speaking as an aerospace engineer:
    corners are bad from an aerodynamic (flow separation) and structural (pressurization and optimum volume/weight) standpoint. For radar reflection (not my area btw.) i hear that the angled panels were an easy way to control the direction that a signal was returned. The compromise was between aerodynamics wanting smooth curves and stealth wanting plates. of course, throw enough math at the problem and you can get a nicer compromise.
  • by Anonymous Coward
    Echelon? That's actually a project to create the world's most potent fla-vor-ice. They've got computers there that you wouldn't BELIEVE! Calculating sugar densities, and the proper combinations of red dye #5 to inject. They heard about some guys who ate a whole box of 'em and lived to tell the tale, and have realized that they're not makin' 'em stronge enough. They're actually going to line the plastic baggies with a mixture of caffeine, epinepherine, and speed. Put THAT in your crack pipe and smoke it!
  • by Anonymous Coward
    I know you're onto me! Don't think you can tease me with your fake stories about government conspiracies! You're just trying to see if you can push me ONE MORE STEP over the line! You want to see if I'm schizophrenic? I'll show you schizo! Arrrrrggght! They're here! Somone, quick! Call the People's Free Militia! They'll save me from this terrible government plot! Hurry! Oh my god! It's actually "the man" this time! I never thought I'd actually get to meet him face to face! What? Oh my god! He's NAKED! The Man is NAKED! Oddly, he looks like Alex Trebek! Oh no! He's pointing his mind control device at my...

    Hah hah, just kidding everyone. I was just playing a joke! You see, I was only being sarcastic about my true opinions on my federal government. You see, the government is really just misunderstood. They're here to protectt us and... DON'T LISTEN! THEY'VE STOLEN MY MIND! ARRRRRRGGGGGHHHH! Hah hah. Just playing aroud again. The US government, as I was saying, is made up of people who are really out for our best interests. Every bit of information we have is available via the freedom o finformation act of... BULLSHIT! NO! THEY'VE TAKEN ME TO THEIR SUBMARINE! OH MY GOD! ALL OF THAT DATA... IT'S ALL HERE! Terabytes and terabytes of usenet messages, all containing pictures of Pamela and Tommy Lee! And it's all stored on Travan TR-1 cartridges! UNGHT... Just playing around again. So, yo see, the government loves us! I invite anyone who feels differently to join me in an open forum with several important congressmen and a few HIT MEN! I'M TRYING TO SAY HIT MEN... this weekend. Come to
    314 15th street. It's an old warehouse, but don't worry, there's cookies and juice inside. DOn"T DRINK THE JUICE! IT'S GOT THEIR MIND CONTORL ENZYME IN IT! WHEN IT WEARS OFF, YOUR MIND WILL BE LIKE OATMEAL! Thank you for your time.
  • by Anonymous Coward
    Yep, and all of USA's farmers are non subsidized???

    Wankers, how can us australians sell good beef/food thats non contaminated like usa' to other countries, when usa farmers are subsidiezed to the teeth and sell well below at our lowest cost price. Yep, thats fair.

  • by Anonymous Coward
    Try learning a few facts - the problems that NZ and Oz have in selling stuff to the US (steel, meat, fruit, rice etc....)are widespread - if we make it cheaper, your govt slaps penalty tarrifs on, or puts up trade barriers. Then you dump subsidised produce on our markets. The EU is no better, but at least they're up front with it.
  • by Anonymous Coward
    Wow, there were just MOUNTAINS of supporting evidence in that story. Like, er... uh... and, uh... wait a second. No, there was NONE. This sounds to me like one of those lame paranoia articles that the nuts put up on their web pages so the internet equivalent of check-out-line efficianados can have something to talk about when the X-Files hits a commercial. Come on! Doesn't it bother anyone that there's NO supporting evidence named in this story WHATSOEVER? Not even a SHRED! Not even a "Yeah, I heard from bob that the government is stealing corporations' secrets. What's that? Bob? Oh, he works for the government. What branch? Well, actually... the post office. Yeah, I ran into him while he was putting mail into my box yesterday, and he told me." There are real issues out there, people, and this (and CPUIDs,) isn't one of them!





    Anonymous, and proud of it. Bite me.
  • by Anonymous Coward
    I've read about this recently. Basically, the 128 bit security in most domestic browsers is crippled to 40 bits. That's the part of the story that everyone knows.

    What people *don't* know is that the way this is implemented is by still performing 128 bit encryption, but supplying a "help field" which contains the remaining 88 bits of key encrypted with the NSA's public key. This means that the NSA can easily break the (for them) 40-bit encryption, but for anyone else(such as the european governments), they face the encryption full strength at 128 bit.

    I'm probably a bit inaccurate on the details (I don't have a link handy), but that's the gist.

  • by Anonymous Coward on Tuesday May 18, 1999 @11:36AM (#1887689)
    For some reason I felt it necessary to log out to make this comment. Like it really matters.

    They do it because the big aerospace co's make their hardware. They protect or help out these co's by telling them the European's competitor's bid, and then the US co. bids lower to get the job.


    Intercepting international communications [mcmail.com]


    Privacy Rights: Echelon and the UKUSA [miningco.com]


    go and do a search in your favorite search engine and type in the 3 letter acronym and echelon. See what you get. Very educational.

    just don't say the word echelon out loud.

    but hey they're only covering "foreign" non-domestic communications right? um. uh. hmm.

  • Naaa... Phil Zimmerman says there are no backdoors or key escrow ``features'' in PGP. It also no longer uses RSA except for backwards compatability. PGP is exported using lots o' books of source code (with nifty checksums and stuff to aid in scanning) and is available for peer review...

    Anyway, GPG isn't a bad idea, either.

  • Ever wonder why the F-117 (the "stealth fighter") is composed of flat panels, all at odd angles? For purposes of stealth aircraft, corners are bad ju-ju. Yet the F-117 has tons of them.This is a statement without justification. Can you support it? If you can't support this, why should we believe you? Are you an areonautical or radar engineer? What are your qualifications to make such a statement? And can we translate your level of qualifications on this statement to your other comments in this message?

    Right now, without more back-up for your comments, I'm afraid we'll have to file your message under the "Wishfull Thinking" department.


    ...phil
  • The "help fields" are their to 'leak' part of the key, to make the encryption easier to break.


    ...phil
  • If you want to read more about NSA's fun and games with foreign crypto (and the comprimising thereof), try reading this [mediafilter.org].


    ...phil
  • If you want to read more about NSA's fun and games with foreign crypto (and the comprimising thereof), try reading this: http://mediafilter.org/caq/cryptogate"


    ...phil
  • Boy, I don't know how that happened.


    ...phil

  • I wrote:
    reduced from 128 bits to 40 bits is by sending 40 bits of the key in the clear

    Math is hard, let's go shopping. 128 - 40 = 88 bits sent in the clear.

  • by Jamie Zawinski (775) <jwz@jwz.org> on Tuesday May 18, 1999 @09:08PM (#1887697) Homepage
    What people *don't* know is that the way this is implemented is by still performing 128 bit encryption, but supplying a "help field" which contains the remaining 88 bits of key encrypted with the NSA's public key. This means that the NSA can easily break the (for them) 40-bit encryption, but for anyone else(such as the european governments), they face the encryption full strength at 128 bit.

    This is demonstrably nonsense.

    It's true that the way the key strength is reduced from 128 bits to 40 bits is by sending 40 bits of the key in the clear. Everything you wrote beyond that is fantasy.

    Things encrypted using the exportable version of Communicator can be easily decrypted by anyone with equal ease. It really is 40 bits.

    Furthermore, the article itself said:

    The report offered evidence that [...] deals had been struck with Microsoft, Lotus, and Netscape to alter their products for foreign use.

    Um, hello, there's no deal involved here. The only deal is that the US Government has made it illegal to export strong crypto. The deal is, alter your product to use weak crypto in the export versions, or go to jail. Everyone who hasn't been living under a rock for the last six years knows this already.

  • >how much work would _you_ get done sitting in a darkened room with 900GB of pr0n?

    Hey! How do you know where I am?
  • So Rob, how often does the NSA send a bot to /.?

    I find it amazing that the NSA would be foolish enough not to spoof its own IP address if it was gathering information for illegal purposes. They actually work in secrets. They would know about web page logs.

    Something else is going on here. But I'm not paranoid enough to really care.
  • when, precicely, did isriel steal our nuclear technology

    I belive it is widely held that we _gave_ it to them
  • Concorde was a joint British-French venture, but anyway...

    That there was Russian interest in the blueprints was "discovered" by the "security services", and so some modified plans were drawn up and subsequently copied by the KGB spooks.

    The resulting aeroplane was the Tupelov TU-144, affectionatly known as "Concordski" - a 2/3 scale replica of a Concorde that couldn't fly . . . or at least not for very long :)

    (bastard netscape 4.6 screwed my login, hence the previous ac post)
  • Told ya so!

    They said I was paranoid, they said I was crazy. I am not the one who is crazy. It is YOU who are crazy! I am just sane in a mad world!

    Now we need to find the evidence that the US used this technology to give Intel and MS an advantage.




    "The number of suckers born each minute doubles every 18 months."
    -jafac's law
  • by jafac (1449)
    If I remember correctly (from The Learning Channel) - didn't the Russian Govt. spy on the French company that built the Concorde?

    "The number of suckers born each minute doubles every 18 months."
    -jafac's law
  • I think that's why it used to have the nickname, in the 1980's, of: "The Wobbly Goblin".

    Supposedly it has 100 times the radar cross-section of a B-2, a plane several times it's physical size.

    Also, the reason it was shot down was because it was flying at a low enough altitude for optically sighted AAA to get it. Some AAA gunner fired at a dark patch in the sky and got lucky. This was supposedly part of the "tactic" that the Iraqi's taught to the Yugoslavs for shooting down American "LO" planes (Low Observable).




    "The number of suckers born each minute doubles every 18 months."
    -jafac's law
  • At the very least, I would consider it my civic duty to print out and mail a copy of this article to every one of my elected representatives.

    Anyone have any luck with that "report" link? It keeps giving me a 500 Server Error.

    "The number of suckers born each minute doubles every 18 months."
    -jafac's law
  • by Chexum (1498) on Tuesday May 18, 1999 @12:24PM (#1887708) Homepage
    A few more point to the crypto-crippled exportable "secure" browser topic: the export versions are the most easily available for most of the world, I guess even mostly in the U.S too because of the awkward registrations to get it. You can however make Netscape at least talk stronger crypto with the help of Fortify [fortify.net].

    Second: all these inconveniences to get a secure browser to hide your communications are mostly useless considering the fact that only sites of very commercial nature let you use https (secure http via SSL/TLS). Of course, the point is not that "they" can see what we are talking about something on slashdot. They can see what we are talking about anything on anywhere.

    U.S. is still pretty much driving the internet communications, protocols, applications and implementations, and when at every point we are limited to non-encrypted traffic, the bad guys still can get the whole picture (see, the bad guys even have the habit of defining the bad guys..). It's important do anything to get the U.S. lift those crypto controls, the regulations are not there for you! We would be in a much safer world where encryption would be ubiquitious, including even protocols like DNS, SMTP, POP3, HTTP. Maybe they would be a bit slower, but there would finally be another reason to get faster CPU's other than to run Bloatware version N+1 from MS. :)

  • It's true. A stealth aircraft reflects radar about as much as a duck. All you have to do is track the ducks that fly at mach 1...

    perl -e 'print scalar reverse q(\)-: ,hacker Perl another Just)'
  • Oh, you mean like Boeing, Lockheed Martin, Hughes and the rest of the (corporate) welfare leeches? Defence Research Contracts (and NASA contracts, of which I have personal experience) are a licence to print money. For example, Hughes/Raytheon is/was contracted to build the information system (DIS) for the EOS [nasa.gov] series of satellites. The DIS nver worked and has effectively been scrapped but Hughes never paid a cent back to the US taxpayer. Why? Because they owned the congressional committee who drafted the contracts. Happens every day. US defence/research contractors would go tits-up in a month if they had to compete in a real market rather than just live off US government handouts. Yup, that YOUR money folks.

    Nick

  • That's what it sounds like. Besides, the "terabyte of storage" for "90 days" of Usenet doesn't sound right. How much storage does Dejanews need?

    Kids, this smells like a reporter didn't use his critical facilities...
  • Yes, it's pretty hypocritical of the frogs (je suis grenouille, moi, et j'en suis fier), but it's pretty hypocritical of the gringos too, as a pretty perfunctionary check of the literature would reveal.

    What makes this different is that for the last 20 years, the US, among others, has been pushing for all manner of global trade rules so that US firms could feel secure in Europe and Asia, and, unsurprisingly, those Europeans and Asians have demanded the same kind of treatment here. A lot of global trade rules can be summarised in one statement: you can't do to foreign companies what you don't do to your own.

    Now, back in the Cold War, spying on the Russian or Chinese governments and their interests wasn't seen as any big deal. After all, it's hard to imagine the KGB suing in federal court for it's right to privacy. And of course, the shoe went on the other foot. If the USSR stole some commercial technology from Boeing or IBM, there wasn't any way they could go to market and compete with them. There might be patents, or not, either way the USSR wasn't going to pay any attention to them.

    Now we have the odd sight of companies suing foreign governments in their own courts for violating their privacy. After all, civil law in the US recognises companies as persons and accords them rights. If the US subsidiary of Bull-Thompson can show it's been damaged by the NSA snooping on their faxes without a warrant, the law makes no distinction between them and somebody like Apple Computers.

    Yes, the NSA spies. That's what they get paid for, but allowing them to spy on behalf of US firms introduces a lot of issues of conflict of interests. The US has agreed, in treaty after treaty, to honour the rights of foreign commercial interests in the USA. Whether or not that's a very good idea is a different issue, those treaties are presently US law.

    Unfortunately, US law tolerates the government doing all manner of otherwise illegal things in the name of "national security." The US is nominally forbidden from spying on Canadians, Australians, NZ'ers, and UK citizens (but is well known to have done so on at least a few occasions - Gerhard Bull's case comes to mind) but can spy on Japan or France to their hearts content. EU countries aren't supposed to be allowed to spy on each other. This has lead to the UK asking the US to spy on French and German companies on behalf of British firms. (At least it's fairy credibly rumoured that this happens - it certainly isn't a surprise.)

    If the dogma of free trade is to be preserved, you can't use government to spy on your competitors, even foreign ones. The French do certainly do it, and the US does, and in all likelihood every country with a foreign espionage service does it at least sometimes. (Neatly excluding Canada - a country that really doesn't seem to take its economic security too seriously.)

    But it is also quite clearly illegal and something that you can sue for. What is to happen if a federal judge subpeonas the CIA to testify about espionage against foreign companies, or the NSA to describe in court its signal intelligence operations? The US recently dropped a case against the owner of the pharmaceuticals factory in Sudan that Clinton bombed last year, after he sued in US federal court. In this case, it was probably because the US didn't actually have any evidence against the guy, but the Justice department claimed that it was better to drop the case than "reveal its espionage sources." Is this a precedent for things to come? If so, the US might as well get out of the commercial espionage business altogether,or else it'll be tied up in court in perpetuity, settling espionage claims.
  • I think you mean Menwith hill.

    ;-)
  • ...the book by Neal Stephenson.

    In the book, they were talking about the black ops situations where they would create "reasons" that they could use the intelligence gained from the cracked codes by, say, flying a spyplane over a convoy that was already known about, or faking a merchant ship crossing near a Milchow (supply submarine) or a spy post that supposedly had been in the middle of Italy for 10-12 months previously...
  • The resulting aeroplane was the Tupelov TU-144, affectionatly known as "Concordski" - a 2/3 scale replica of a Concorde that couldn't fly . . . or at least not for very long :)

    Actually the TU-144 could fly quite well. So well that NASA bought one or more of the planes!

    It was taken out of service because a TU-144 crashed under odd circumstances at the Paris Airshow. Apparently a French Mirage was flying in the clouds when the TU-144 was doing its demonstration flight. This is a serious no no during said airshow because the risk of collision is very high is strictly against the rules of the airshow.

    Anyway, the crash was most likely due to the Russian pilot reaction or over reaction to the presence of the french plane in its airspace. The story goes that the Russian nosed the plane down hard from a full throttle climb to avoid the Mirage, thus overstressing the airframe and causing structural failure. Everyone on board was killed and some innocent civilians too.

    Neither French nor Russian governments would come to a satisfying conclusion of what happened. The above was gleaned by watching the same TLC show the previous poster noted.

  • There are plenty of things doing the same, for example small missile boats designed the same way.

    They are completely (well from most angles) invisible to normal RADARs and show only lightly in stronger military RADARs.

    The idea is that the whole ship is shaped so that the radarwaves are not reflected back to it, but instead somewhere else.

    Round shapes are _bad_ since a round shape always has a part which reflects right back. Corners are bad because they are usually small round shapes.

    So what you do is fill all the coners with radarwave eating materials and keep roundness, invard edges and corners to a minimum.

    Like all really great stuff, the principle is simple and elegant..
    --
    Pirkka

  • re: f117 develpoment.

    get the book "skunk works" by the ex-chief of lockheed development. it details all this. he's perfectly correct. good book.

  • I suppose it doesn't matter now since my old company was left to rot then disbanded by Rupert..

    But when I worked QA for News Internet, the web hosting arm of News Corp, we were analyzing the web logs of FoxNews.com as part of a test. We found that every 30 minutes every page on the site was pulled down by none other than whitehouse.com.

    Our guess is they were running a real-time analysis of the stories with some kind of bot. Nothing super-secret or anything, but still scary that the media is "monitored" in such a way.

    Reminds me of the urban tale how the US' "No Such Agency" could use computer speech recognition to scan for "keywords" on pay telephones.

    That WAS an urban legend, right?? :-D
  • Yes! Another tasteless joke at someone else's expense! I kill me.

    Now, for those of you able to read beyond a tasteless joke......

    I really see no reason why anyone should be surprised if the government reads your mail. They've been doing it for years.

    For those of you old enough to have grandparents in the second world war, ask your grandmother about receiving messages from grandpa with whole sections blacked out through both sides of the paper.

    Key Escrow is just a Bad Idea{TM}. It doesn't make catching criminals any easier, since they merely don't use the aforementioned encryption schemes. It doesn't make catching foreign powers in malicious acts any easier, since they've got THEIR OWN encryption.

    It DOES open up holes that foreign powers can exploit. It DOES enable the government to spy on nobody BUT THEIR OWN CITIZENS. It DOES allow the government to compromise their own home-grown corporations and steal their technology.

    Get wise people. Start screaming at your elected officials. If they don't jump fast enough, replace the bastards. If THEY don't jump fast enough, replace them with someone who WILL. They work FOR US. Not vice-versa


    Chas - The one, the only.
    THANK GOD!!!

  • He supports the US gov.'s asinine encyption policies like the clipper clip.
  • FWIW:

    The freedom to bare arms hasn't been contested anywhere I've seen. Short sleeve shirts, T-shirts, and halter tops are all still A-OK. The right to bear arms, on the other hand, has been debated lately. (And not of the ursine variety)

    On a related thread, fire arms, though visually stunning, are not nearly as useful for defense against sundry boogeymen as are firearms.

    Have a more accurate day.

    (Asbestos undies *on*)
  • Yes. They're going to kill me. Now I'm worried!

    Oh, and all Christians, save the politians, are Good!

    Oooh. Now I'm quaking in my boots.

    Ellis, you need to stop watching the X-Files and start reading few more newspapers.
  • No, I'm not an aeronautical engineer. However, I did "study Electical Engineering in college" ;-) One of the required courses is electromagnetic wave theory.

    Basically, whenever the wavelength of the wave is less than twice the width of a "pathway", the wave disperses in a spherical wave pattern rather than as a linear wave front. The result is that you get massive nasty reflection patterns whenver an electromagnetic wave passes near a corner. As a result, you want to minimize corners if you want to reduce electromagnetic wave reflections. This is common knowledge amongst people that deal with electromagnetic wave theory. This is not new, and has something to do with electromagnetic waves acting as both waves and as particles, depending on the circumstances.

    Oh, and in case you still doubt me, please go to your local library and pour through Jane's, the military technology journal. They talk at length about the development of both the F-117 and the B-2. Although most of their information has been collected using illegal means, their information is continually confirmed when countries de-classify their military tech.
  • Is this true for Network Associates's PGP? I thought v6.x did use RSA encryption.

    At any rate, I'd still rather have source...
  • The flat pieces are fine..it's the corners I'm talking about.

    They reflect radar right back at the source. This is, in a word, Bad.

    Back when I wanted to be an aeronautical engineer, I was fascinated with this stuff. There were lots of photographs that were publicly available that show radar reflection levels of aircraft. Oddly enough, every corner and point has about several orders of magnitude the radar reflection, as seen from the radar, as the flat parts. Alas, these days are about 10 years ago, before the days of the web. I'm not aware of any such photos on the web, but I wouldn't be surprised if they are easy to find...
  • by The Mayor (6048) on Tuesday May 18, 1999 @11:34AM (#1887726)
    Better use GPG instead. PGP (post v2.6.2, at least) uses RSA libraries, and probably also escrows keys with the government. GPG, on the other hand, is completely open source. It's also completely compatible with PGP.
  • by The Mayor (6048) on Tuesday May 18, 1999 @11:31AM (#1887727)
    It seems that too many people watch X-Files, and are starting to confuse fact and fiction. This seems like a paraphrasing of the Echelon story run here about 1 1/2 weeks ago. That story, too, seemed design to confuse fact and fiction (very few verfiable sources were cited).

    The hardware and man hours required for this level of communications monitoring is simply too great. Besides, too many people would know about this if this were true. The secret would have gotten out long ago, and with many more verifiable sources.

    Ever think that Intel & Microsoft made it through clever, strategic, and downright dirty business tactics? If Intel had illegally obtained secrets from competitors, don't you think their chips would be at least as fast as their competitors? Don't you think that you, too, could do pull some pretty brutish moves if you had $20 billion cash-on-hand to use as investment capital?

    Look, maybe I'm wrong. Maybe there is a huge conspiracy. However, I usually tend to believe that the simplest explanation is also usually the correct one.

    I'm not trying to say that the US gov't doesn't have the ability to track any given piece of e-mail, or that they can't crack any widely used encryption scheme, or that they can't monitor any given phone conversation in most parts of the world. I'm just saying that they don't monitor *every* e-mail and/or http: request. They can't crack *every* encrypted message. They can't monitor *every* phone call simultaneously. There's simply too much to do for that to be possible. And, while the US does have some interesting technologies in its military and intelligence wings, these technologies are orders of magnitude better than what ordinary individuals and companies have access to.

    Ever wonder why the F-117 (the "stealth fighter") is composed of flat panels, all at odd angles? For purposes of stealth aircraft, corners are bad ju-ju. Yet the F-117 has tons of them. The reason is that the plane was designed in the early 70s, using commonly available technology during that time (not alien tech, as some suggest). They couldn't model curved surfaces on the supercomputers of their day! If they had access to some superior, ultra-fast technology, the F-117 would have looked more similar to the B-2. This isn't intended as definative proof that the US doesn't have such wonderous computing & networking tech. It is merely intended to show that the US gov't, too, proceeds at the same pace as the rest of the world, albeit with a quarter step head start. The tech required to do these sorts of things is simply too great--and I therefore reject these stories as X-Files inspired paranoia (and I hope that I am correct ;-).
  • According to the book "Skunk Works", the mathematics for computing the the radar cross-section was developed by a Soviet. Some engineer at Lockheed found it and realized it's potential. When they initially built a scaled down prototype of the F-117, they had problems measuring the radar cross-section. It turns out the pole that the scaled-down prototype was attached to was returning too big of a signal. The solution was to build a stealth pole! BTW, you're correct about the pilot's head; this was a big problem. It also gives you an idea of how small the plane's radar cross-section really is; if they have to worry about some guy's head...

    I recommend that one read "Skunk Works." The author (now deceased) worked there and was the head of the F-117 project. There are great sections in the book describing two other great Skunk Work projects, the U-2 and the SR-71.
  • This is news? Only because it concentrates on key escrow. It is known however that intelligence agencies are used to spy on foreign industry and to use the information to help local companies. They have to be of some use after the cold war has ended, after all.

    Remember ECHELON? Was on /. a few days ago. There's a sort of funny story about that. A European (would have to look up whether it was German or Netherland) firm were sued by an US company over a patent they registered earlier. When the European company asked for the paperworks on that, they got some of their own internal fax communication that was eavesdropped. The agencies didn't even bother to remove the original company logo. IIRC the European company even lost in court...
  • by Signal 11 (7608) on Tuesday May 18, 1999 @11:09AM (#1887730)
    Seems our government consists of a bunch of peeping toms. :)

    Stealing industrial secrets when nobody's looking, enabling NSA "help fields" in netscape and internet explorer, advocating "secure communications" using the clipper chip, and a multi-billion dollar system dating back to the late 1960's to listen in on the phone conversations of Pamela Anderson (Located on Meredith Hill).

    Shame on you! You've spent billions of taxpayer dollars to do do what the Drudge Reports pump out every week.



    --
  • by Signal 11 (7608) on Tuesday May 18, 1999 @12:07PM (#1887731)
    The hardware and man hours required for this level of communications monitoring is simply too great. Besides, too many people would know about this if this were true. The secret would have gotten out long ago, and with many more verifiable sources.

    It has. More than a couple former NSA and CIA employees have come forth to explain the technology, and what's been going on. The biggest conspiracy is not that they are doing this, but that people refute the truth. They prefer a comfortable lie.

    However, I usually tend to believe that the simplest explanation is also usually the correct one.

    Well, the explanation is simple: Knowledge is power.

    The FBI installs illegal wiretaps daily not because they can use it in court, but so that they can use that information to know when you are doing something.. and then have an agent able to spot that through legal means.

    There is no huge conspiracy, only huge amounts of ignorance. The question I pose to you is - why must our government hide these things from us? What is national security... really? And why are they watching OUR communications, if it is foreign powers that they are honestly concerned about?

    --
  • by lutter (8756) on Tuesday May 18, 1999 @01:26PM (#1887732)

    I'm appalled by these findings. I always dismissed stories of what the spooks are listening to as totally blown out of proportion. Not any more. After reading the technical details section in the report it seems clear that the NSA so far must be ecstatic with joy over the popularity of the Internet: less pesky voice recognition, less error-prone handwriting recognition, more digital food, easy to digest, high in information content and relatively easy to filter.

    I think the best way to make the spooks life harder is for as many people as possible to use strong crypto: the more well-encrypted messages they listen to the more resources they have to dedicate to the much harder task of breaking strong crypto rather than developing strong filters.

    If I were a company interested in keeping my stuff secret, I wouldn't buy any American software: the Lotus example in the report is ridiculous --- does the US government really need a convenient way of listening in on the Swiss governments internal dealings ?

    The only reasonable choice is Free Software. Use GPG, hit on it, beat on it, try to break it until we can believe it's reasonably secure.

    Fill the Internet with encrypted noise to get the spooks sweating. It's not important if they can break your 'Happy birthday, Mom!' message; but all those encrypted 'Happy birthday' messages might keep them from reading the stuff you really don't want anybody to read.

  • We live under an increasingly socialistic government.
    Excuse me? We live under a decreasingly socialist and increasingly industro-capitalist government. Socialism means that there are checks and balances to keep the rich from becoming increasingly so at the expense of the poor. Last time I checked, wealth in this country was becoming increasingly concentrated in fewer hands.

    Doesn't sound much like socialism to me.

    So kindly crawl back under your rock. Or at least learn what the hell socialism really means. Preferably before you make an ignoramus of yourself once more with statements like the one above.

    Thank you.

    --Z.

  • The place in North Yorkshire (in the UK) with the EXTRA LARGE golf balls.
  • Point one: Nazi Germany is just one country that bans firearms. I can point to dozens of other countries where they also have no firearms, and yet are free people.

    Point two: Your general argument makes as much sense as a claim that speed limits are just the first step towards banning cars.

  • If you're interested in learning about the history of the 3 letter acronym and some of its capabilities check out The Puzzle Palace : A Report on America's Most Secret Agency, by James Bamford.

    I'd give you the book's direct link on, but Amazon's site seems to choke so I'll just give you their main site's link - amazon.com [amazon.com] and the book's ISBN: 0140067485. Its about $12, and it was written quite some time ago, but it is a really good book if you're interested in learning about "them."

  • by Bernal KC (10943) on Tuesday May 18, 1999 @12:11PM (#1887737) Homepage
    For those that might not have dug into the stories (busted) links, check out the actual report "Interception Capabilities 2000" [mcmail.com]

    This report is a Good Thing for a number of reasons. It documents how the NSA and our "national security state" have been joined at the hip to U.S. economic interests. It corroborates various reports over the years of state sponsored economic surveillance. It debunks that argument that key-recovery is needed for law enforcement. Lots of good stuff with the authoratative imprimateur of the EU.

    But the real good news is found in both " Comint capabilities after 2000 [mcmail.com]" and in " Policy issues for the European Parliament [mcmail.com]". The cost of ComInt surveillance has proven to be prohibitive - a waste of time and money. And the rise of optical fibre networks has rendered snooping methods obsolete. But best of all, "Communications intelligence organisations recognise that the long war against civil and commercial cryptography has been lost."

    Finally, check out this recommendation:

    Consideration could be given to a countermeasure whereby, if systems with disabled cryptographic systems are sold outside the United States, they should be required to conform to an "open standard" such that third parties and other nations may provide additional applications which restore the level of security to at least enjoyed by domestic US customers.
    The bad news is this is a report by the Chief Geek at EU to the parliament. What are the chances that anyone other than geeks will pay any attention?
  • by alhaz (11039) on Tuesday May 18, 1999 @12:00PM (#1887738) Homepage
    This is obviously paranoid ramblings. But that doesn't surprise me.

    What surprises me here is that it doesn't seem to bother anyone that we've come to the point where nobody questions the assumption that our government isn't any more trustworthy than the latest despot-of-the-week.

    It surprises me that our government accepts the fact that we've grown cynical of their sincerity, and isn't worried about it.
  • The best way to keep a secret from public knowledge is to make sure it's freely available, but discredit anyone who takes it too seriously or tries to bring it to the public attention.

    This has gone so far in the USA that level-headed reporting of facts which do not fall within the narrow permissible range (i.e., hawk-or-dove, GOP, Democrat or Libertarian) is swept under the carpet. Certainly the 'serious' newspapers and TV don't carry it. Publications like west-coast tabloids, 'mad socialist' rags and e-zines can get away with it because the people who matter -- investors and, to a lesser extent, voters -- don't read or believe these 'rumours'.

    Honest reporters rarely make it to editorial positions in the decision-makers' media.

    Fluff and shit helps a lot, and many things are kept secret successfully until it doesn't matter anymore but you'll be surprised how many people refuse to believe it -- even though it's in official, declassified documents.

    Who cares *now* that the US funded and provided intelligence support to Nazi armies in the Soviet Union after the second world war was supposedly over, or that it adopted Nazi intelligence personnel and tactics in Europe?

    J
  • TAKE BACK YOUR FREEDOM by whatever means necessary including armed revolution against an oppressive government.

    Armed revolution -- armed *anything*, really -- only leads to suffering and impoverishment.

    The people in control of the oppressive government have no particular attachment to the American people as their preferred victims of oppression, and they aren't your elected officials, either. They are rather the chiefs of staff, secretaries of the executive, CEOs of defence corporations, major investors in defence corporations (which includes, not surprisingly, most of the major investors in most other major corporations too, so throw them in as well). Oh, and don't forget media magnates.

    This elite has a better track record of oppressing third-world people (particularly in Latin America) with the help of purchased military establishments and governments there. It doesn't have the same clout in the US because it depends in large part on the good-will of the US public as consumers and voters (and some as skilled workers).

    Since the 'enemy' isn't your elected officials per se but rather the estabishment, a confrontation on the grounds of force is a bit ridiculous. You'll put your life on the line, alongside millions of other Americans, to fight the PENTAGON?

    The US is not the world's only superpower for no reason. It really does have the most powerful military ever to have existed. The Pentagon and the CIA have powerful allies (purchased by cash, drugs and blood) in the establishments of all the other powerful countries. China is *not* an exception.

    So have your revolution, and enjoy the bloodbath. I don't think you'll find many to side with you, Truth and Justice against the American Way. Not if it's to be fought in the battlefield.

    But if, OTOH, you use your vote and your right of association, you might get somewhere. It's a free country, compared with most.

    J.
  • Picking up a gun is not the way to make your country better. Don't assume you have no power as a citizen beyond the threat of force; that should be your *last* resort. Realize that the you have much more potential influence over government in the US than the average person in most other countries does over theirs. Speak to your representatives about this, because someone should.

    It's about time someone said this, and now I've heard it I'll be saying it over and over myself.

    Democracy has become irrelevant in the US, thanks to the entrenched power of the Pentagon, its corporate subsidiaries and other major corporations, the two major parties

    The ridiculous individualist ideology which values guns and investment above community and the vote keeps those people who might do something to improve public policy in opposition to public policy *itself*, as though the only possible policy was fascism. This leaves the US's more subtle, less fascist fascists firmly in control.

    But the democratic institutions themselves exist! The US is, technically, a democratic country! Never mind that the Constitution (I mean the 1787 [house.gov] one, not the 1777 [hypermall.com] one) crippled the independent, radical democracy of the New England states; even Madison's document, designed to let "the people who own the country ... run the country" allows for 'the people' to influence decisions at the highest level.

    The US polity is flawed and its government (including the unaccountable corporate elite) is fundamentally serving its own interests alone. But violence is not the way to change that.

    Thanks.

    J
  • Picking up a gun is not the way to make your country better. Don't assume you have no power as a citizen beyond the threat of force; that should be your *last* resort. Realize that the you have much more potential influence over government in the US than the average person in most other countries does over theirs. Speak to your representatives about this, because someone should.

    It's about time someone said this, and now I've heard it I'll be saying it over and over myself.

    Democracy has become irrelevant in the US, thanks to the entrenched power of the Pentagon, its corporate subsidiaries and other major corporations, the two major parties

    The ridiculous individualist ideology which values guns and investment above community and the vote keeps those people who might do something to improve public policy in opposition to public policy *itself*, as though the only possible policy was fascism. This leaves the US's more subtle, less fascist fascists firmly in control.

    But the democratic institutions themselves exist! The US is, technically, a democratic country! Never mind that the Constitution (I mean the 1796 one, not the 1779 one) crippled the independent, radical democracy of the New England states; even Madison's document, designed to let "the people who own the country ... run the country" allows for 'the people' to influence decisions at the highest level.

    The US polity is flawed and its government (including the unaccountable corporate elite) is fundamentally serving its own interests alone. But violence is not the way to change that.

    Thanks.

    J
  • Intel is not mentioned in the article, and Microsoft only in the context of crippling their own software. So why do you use them as examples? While you are probably right on this and your other point, they are perpendicular to the thrust of the article. While I find it hard to believe all that is insinuated, if I had a backdoor into encrypted files and a couple million $$ worth of hardware (an amount that wouldn't even dent a government budget) I could do most of what was stated. It's not like they have to actually crack anything.
    What I find harder to swallow is that they would be so easily caught on someone's logs. On the one hand they're being made out to be almost omnipotent, and on the other hand they don't even disguise thier IP?


    It is sometimes necessary to speak.

  • Correct, the fact that Lotus has escrowed 24-bits of the International version of Notes is clearly documented. (Now is it so clear for Intl Netscape?)

    Just a small factual correction - Lotus has had a Intl (56 bit with escrow) and North American version (with no escrow, as far as anyone knows) for many years, and the new release (R5) has not changed this at all. (R5 NA does support 128 bit SSL.)

    I fail to see how 56 bits with 24 escrowed by the USG is worse than plain old 40 bit security.
    --
  • I worked in an US company which was heavily subsidized by the US federal government. Oh, wait. They don't call that subsidies, but defense research contracts. Nevermind.

    As far as I know, Airbus hasn't been subsidized since they broke even quite a while ago.
  • Actually, as far as I know, most developped countries spy on each other. It goes usually unnoticed, since matters are usually settled discreetly between the concerned governments (we are supposed to be allied, remember?). Sometimes, things don't go so smooth, and "diplomats" get expelled. For instance, a few years ago France and the USA respectively sent packing US and French spies.
  • by ge (12698)
    They can just get an AOL account :-) (nsa1234@aol.com)
  • by Carl (12719) on Tuesday May 18, 1999 @11:28AM (#1887748) Homepage
    The complete report [mcmail.com] has some nice recommendations [mcmail.com]. Such as:

    2. At the technical level, protective measures may best be focused on defeating hostile Comint activity by denying access or, where this is impractical or impossible, preventing processing of message content and associated traffic information by general use of cryptography.

    5. At the present time, Internet browsers and other software used in almost every personal computer in Europe is deliberately disabled such that "secure" communications they send can, if collected, be read without difficulty by NSA. US manufacturers are compelled to make these arrangements under US export rules. A level playing field is important. Consideration could be given to a countermeasure whereby, if systems with disabled cryptographic systems are sold outside the United States, they should be required to conform to an "open standard" such that third parties and other nations may provide additional
    applications which restore the level of security to at least enjoyed by domestic US customers.

    We could tell them that is already possible :)
  • Isn't this what DejaNews is for? Next they'll be building really fast servers which constantly scan the internet for text, logging it into an ultra-secret database which can be searched.
  • I mean, if you can't trust the US government, who can you trust? :)
    It's called PGP, folks. Download it (illegally if necessary) and use it.

    FinkPloyd


  • 1. 20 people were killed, not 40.
    2. The pilot was found guilty of destroying evidence. He was kicked out of the Marines and will go to prison.
  • weave asks:

    "Why would the US gov blow its wad on leaking confidential data to contractors to give
    them an advantage? The best part of having a secret is keeping it"

    Intelligence gathering is like collecting
    baseball cards: you acquire a lot of stuff
    you're not interested in but you keep
    it for "traders".

    How many movies have you seen where the
    hero calls an old freind in Xcorp or CIA for some
    crucial bit of info? The conversation ends
    with "I owe ya one, buddy".

    Only happens in fiction?
  • not all those panels are solid. there are chambers inside some of them which reflect the radar back and forth on absorbant materials until it's been dissipated.
  • This is probably just bad formatting. I'm guessing that it should be 10^12, which is (roughly) 1 Gig. The original probably had a superscript for the 12, which got lost somewhere.
  • If everyone even used exportable 40-bit encryption, this whole system would become useless. 40 bits won't protect you if they decide to focus their attention on you, but if we all used it this gill-net approach to intelligence gathering would not work. It would be far too much effort to scan everything.
  • Ooops. 10^12 is a Tera. 10^9 is a Gig.
  • The fact that you believe that sharp corners increase radar visibility AND belive that a plane that appears to have had all smooth curves removed in favor of sharp corners is radar invisible probably means you are wrong. Nothing personal, but these two beliefs are logically inconsistant. Either the F-117 is not really a stealth aircraft, or you don't understand how sharp edges affect radar.

    On a similar note, comparing the tech required to design a plane to the tech required to scan text is really apples and oranges. The first is pretty much computation fluid dynamics, and is primarily floating-point operations. It also doesn't parallelize very well due to the high I/O requirements between nodes. That's why scientists in the field still like big vector processing Crays instead of SMP machines.

    On the other hand, scanning text is entirely an integer problem. It is also easy to parallelize it to a massive scale. You could do it effectively using 8088 PC's if you had to. Just pass each message or packet off to a different node, and each node has it's own copy of the "dictionary" you are searching for. Easy. Note that the report does NOT claim that the NSA has been scanning phone calls for years. Only that they have been scanning text-based communications. It's really easy to build computers to scan huge amounts of text.

    So, I don't think you are correct in calling the whole Eschelon report "X-Files" stuff. It's quite resonable to think that they could have built most of this thing using off-the-shelf parts. Or that they could have had custom chips built using standard processes.

    Oh, and if you want a more reliable source, some of this stuff was discussed at US Congressional hearings back in the 1970's. At that time, a Congressman likened the NSA to a giant ear which was listening to the world. He also said that if that ear was turned inward, there would be nowhere to hide from it. And this was in the 1970's. If you really belive that the NSA is not sniffing and analyzing every bit of communication that it can get it's hands on, your not looking very hard because it's not really a secret. We are talking about the NSA. Spying on the electronic communications of foreign powers is their job. No one is accusing the Department of Agriculture of spying. It's the NSA. It's what they do. Why do people keep trying to pretend that the NSA isn't doing it's job?
  • So much for the argument that "key escrow" would be subject to warrants... this is clear evidence that the U.S. government, and Clinton administration in particular, never had any intention of obeying the laws passed by Congress (never mind the Constitution).
  • Paranoia is complete knowledge of your surroundings.
  • by garrettdm (14925) on Tuesday May 18, 1999 @11:50AM (#1887760) Homepage
    Ever wonder why the F-117 (the "stealth fighter") is composed of flat panels, all at odd angles? For purposes of stealth aircraft, corners are bad ju-ju.

    I realize that this is off topic, but I felt I had to respond...

    The f-117, and all of its flat panels are actually based on the "hopeless diamond" design. It is a very angular geometrical shape that is completely invisible to radar. The math behind it was developed by some german scientist.

    When placed in a radar test chamber, the f-117 completely disappears. In fact, one of the sticking points in the development of the F-117 was figuring out how to hide the radar cross-section of the pilot's head through the window of the plane. The solution... Coat the window with a transparent film of gold.

    So, to sum up, the F-117 design was not due to lack of computing power, but rather the mathematics of stealth.

    --David Garrett

  • Actually, I think it would be pretty cool to use fake porn as a sneaky channel for encrypted communication. Just post a "corrupted" JPEG to usenet that is really an encrypted message. Or maybe have it be a well-formed porn picture, but with low-frequency artifacts that aren't necessarily noise...

    Or go really low tech, and post Make Money Fast messages that have secret acrostics in the sentences. :-)

  • by Skinka (15767) on Tuesday May 18, 1999 @12:49PM (#1887762)
    Some people dismiss news like this as being made up by loony conspiracy-theorists. Sure, a lot of the stuff you hear about the NSA is not true, but you'd be fool to claim that it's all BS.

    The NSA budget is estimated to be around 5 billion USD - that buys a shitload hardware and bandwith, i bet the not all of that bandwith is used for reading /. and viewing porn. NSA employs ten's of thousands of people (35000-50000), i bet they aren't all gardeners.

    Here a couple of excerpts from the NSA's about-page [nsa.gov]
    - "It is said that NSA is one of the largest employers of mathematicians in the United States and perhaps the world. Mathematicians at NSA contribute directly to the two missions of the Agency: they help design cipher systems that will protect the integrity of U.S. information systems while others search for weaknesses in adversaries' codes."
    - "The NSA/CSS is responsible for the centralized coordination, direction, and performance of highly specialized technical functions in support of U.S. Government activities to protect U.S. information systems and produce foreign intelligence information."

    Now, what do you think the NSA does?
  • by Royster (16042) on Tuesday May 18, 1999 @11:34AM (#1887763) Homepage
    The document went on to detail how the agencies specifically studied Internet data. [...] it said they stored and analyzed Usenet discussions. "In the U.K., the Defence Evaluation and Research Agency maintains a 1-terabyte database containing the previous 90 days of Usenet messages."

    Ha! So I guess now they know how to Make Money Fast.
  • Corporate espionage has existed for a long time now. It doesn't have to utilize billion dollar satellites and vast interception facilities. Go to any trade show for any industry and you'll see commonly accepted espionage at work. I was just at E3, and let me tell you all the video cameras were not there just to take footage of booth babes. Companies know it happens because they do it to each other as much as they can. Granted, intelligence agencies have an upper hand, but let there be no doubt that every person who lives in a UKUSA country has been an indirect beneficiary of that intelligence gathering capability.

    Just remember that when you go buy the petrol for your cocktails that you are able to afford your purchase in part due to some intelligence-enabled arm twisting to get around OPEC's price controls.
  • You don't seem to feel the mere fact that humanity managed to survive the Cold War without blowing ourselves to kingdom come means much. How do you think arms control treaties are regulated? By mere goodwill?

    And lest you start believing that Europeans are nothing but victims in the spycraft game, Europe has far more experience in the ways of stealing secrets from their rivals. They may not have anywhere near the same technological capabilities as UKUSA, but spy cases in the US have almost always indicated that to spy on the US, all one needs is a sufficiently disgruntled employee with a high enough clearance.

    That said, nations would be hopelessly naive if they were to believe that other nation states are not out there attempting to get at their darkest secrets. Hence, the reliance on encrypted diplomatic channels, secure channels for military use, and exchange programs where they attempt to glean some information that is not generally publically available. Fact is, every nation of significance does conduct espionage. The United States is in the unique conundrum of doing it against the backdrop of our constitution. We also seem to always have the neatest gadgets and toys.

    And to address your point about domestic espionage activities: let me assure you that no matter how tempted our spy agencies may be in conducting such activity, they know full well that if caught, they would face the wrath of those who pay for their existance--namely the Congress. You may say, historically this has been little deterrent. True, but historically, we were engaged in a silent war with the Soviet Union, and our citizens claimed for a time that spying on other citizens was a small price worth paying in the face of a supposed communist threat.

    Moreover, even if the UK had dismantled its supposed echelon listening post in HK, what makes you think that the Chinese are not clever or resourceful enough to construct surveillance on their own? Singapore has singlehandedly created a vibrant surveillance culture, there is no doubt that the Chinese could easily do the same.

    The article is about European countries portraying themselves as victims in a game they play as well as any other. Do you believe everything your nation's government says? If you don't, then, my friend, you are on equal footing with many Americans in dealing with dichotomies between stated and actual policies. It's just that here in the States, the differences eventually are aired publicly.
  • Personally I think if the Clinton / Monica affair wasn't staged from the very begining they sure used it to their advantage to take the country's eyes off what Clinton was doing behind the scenes.

    While America was busy deciding the morality of a married president getting a bj by an intern they failed to notice Clinton making deals with communist china to launch U.S. satellites satellitesthat contain the same encryption technology that our long range guided missiles do so their flight path's can't be tampered with by a victim country. (funny how one of those satellites crashed during initial launch and those same circuites ended up missing from the recoverd pieces).

    Nor did anyone pay attention when Clinton was passing laws that give him absolute power to stop all government elections and usurp judicial and congressional power by calling a military state during times of a national emergency. Since he's allready stated he considers Y2K to be a national emergency I think next year is going to be a very interesting one.
  • No, the subject refers to the fact that the pun in the body of the message is off topic, though still quite funny imho.
  • No, the best way to keep a secrete is to make people think you blew it.. Only give bits and pieces of the truth and fill it with fluff and shit..
    "Windows 98 Second Edition works and players better than ever." -Microsoft's Home page on Win98SE.
  • UK readers might be interested in going to the http://www.stand.org.uk [stand.org.uk] website and "@dopting" their local MP, especially if your MP is currently in the list of unadopted MP's [stand.org.uk].
  • ...should be required reading for you, my dear AC.

    Kaa
  • I do have a problem with governments engaging in commercial espionage, though probably not as big as you do :). However all I've seen (this report included) is a lot of allegations, heavy hints, and FOAF (friend of the friend) stories. I have NOT seen any verifiable, hard-data-supported, smoking-gun accusations of commercial espionage against NSA/CIA/etc.

    In any case, the role of national intelligence agencies is in flux following the end of the Cold War and it has been repeatedly suggested that they be used for gaining economic advantage. It has also been suggested that the Japanese, as well as Taiwan, Israel, etc. etc. have been doing this for a long time. I don't see any high moral problems here, anyway. All we are talking about are trade secrets of some corporation. The objections to economic espionage tend to be on the lines of "Gentlemen do not read other gentlemen's mail" and, unfortunately, that line of argument exhausted itself in the XIX century.

    Kaa
  • by Kaa (21510) on Tuesday May 18, 1999 @11:39AM (#1887786) Homepage
    I don't like key escrow at all and have strong feelings about my own right to privacy. However the article in question is just fluff. Think about it: it is a report generated from the bowels of European bureacracy which has repeatedly proved itself to be totally clueless, and has numerous axes to grind. Basically, the report says two things:

    One, the US/UK/etc. intelligence agencies collect data from the world communications network. So? Does this surprise anybody? Didn't we hear about it a zillion times before? Would anybody expect any intelligence agency with proper capabilities to do otherwise? So the UK spooks have a terabyte of Usenet data. Big deal. If I had a terabyte of storage handy I could have it, too. DejaNews likely has much more. Usenet is public forum anyway so I don't see any problems here.

    Two, US intelligence agencies use intercepted data for commercial advantage of US companies. Again, this is old news. The report doesn't add any new hard data except some vague allegations that I (at least) have heard before. Airbus has been bitching about being spied upon for years by now.

    In any case I don't see what this has to do with key escrow. It was a bad idea, it is a bad idea and it will stay a bad idea. *Of course* the spooks love it, but that's only to be expected and has been demonstrated numerous times before.

    So I guess I don't understand what the whole noise is about.

    Kaa
  • .... and 900Gb of porn :-)
  • No need to illegally download it. Straight PGP from NAI is available to our non-US Slashdotters (and indeed anyone outside the US) at http://www.pgpinternational.com [pgpinternational.com]. This is kept in the Netherlands. Code gets there via a legal loophole in the ITAR laws. Specifically, the same encryption that is illegal to export electronically can be exported as source code printed in a book. Print the book, publish it overseas, cut the pages out, scan it, compile it.

    IIRC, there are "freeware" versions there for personal use only. These should only use Diffie-Hellman keys rather than RSA keys (and thus be backwards-incompatible, unable to talk to PGP 4.0 and below). Using DH rather than RSA avoids the RSA patent.

    Between this and GnuPG, there are now at least two vendors for legal downloads. The NAI stuff described above is sold (with RSA and other things bolted on) as payware; I can personally vouch that it is good compared to most payware. Those who know GnuPG will be able to say if GnuPG is technically better or worse.

  • The government's claim that key escrow is needed to intercept communications between criminals isn't even plausible on the surface. Basically what they are talking about is organized crime. The people running these organizations are not stupid, otherwise it wouldn't take something like the Rico Act to put a serious crimp in their style. The mob is not going to use encryption schemes that have a backdoor that the feds can get through. Neither would any other criminal organization that had a lick of sense period. The key escrow business is intended to listen in on innocent citizens like you and me, and industries as well it would seem. The people in power who are pushing this are not serving the public from whom they derive their authority, they are serving their own interests and the interests of those with enough money to buy them. When some politician starts pushing key escrow it is nothing short of a violation of their oath of office. Some claim that they are pushing key escrow because that is what law enforcement agencies want. Well that simply shows that those agencies need to be investigated themselves. Lets not forget either that our representatives were elected to represent us, not a federal agency. The whole business is a crock and is just one more example of how messed up our country has become. Government of the people by the people for the people is in grave danger mostly because the people are complacent. Don't let government officials shove crap like this down our throats, they aren't in charge, we are. They are there because we elected them, we put them there, and there are more than a few we should yank right out. This is a free country based on the principle that the rights of the individual are more valuable to good government than the powers of the state. Someone take this soap box away from me already.....

    Lee
  • The Lotus "example" is pure unsubstatianted, poorly researched garbage!!!

    I have been working with Lotus Notes since version 2 first came out, I know the product well. The entire time Lotus and now Lotus\IBM (actually IRIS) have been producing Notes the Govt. has been all over them about their encryption. The entire time Lotus has been putting out a "weaker" 40bit version of Notes to satisfy the export laws, until R5.

    Now, Lotus has come up with a compromise that they had hoped would allow them to get back to having only one code stream. That solution was to escrow 24bits (believe that's right) with NSA such that they could export Notes without major changes. This has been PUBLICLY STATED BY LOTUS in at least two VERY PUBLIC conferences dedicated to Notes that I have personally attended - and probably many others I haven't. Anyone attend Euro-Lotusphere that can comment? Folks, IT WAS NO SECRET! Period - end of story - full stop. Lotus made this known! To assert otherwise is truly funny!

    This story about the Swiss is pure BS - if they didn't know that 24bits were escrowed with NSA it was because they didn't ask - not the fault of Lotus is it? Is the US Govt. policy on encryption so secret that the Swiss never bothered to wonder how it was Lotus got a product "stronger" than 40bits out of the country? Come on - are they that stupid? Someone in Switzerland didn't do their homework, covering it up by saying Lotus did this in "secret" is pretty silly.

    If you want really bad - look at the French version of Notes. It's WEAKER than 40bits! How, Why?! Well, it seems the French Govt. wouldn't allow them to sell Notes in their country if it wasn't this weak! Yup, R5 French is weak as wet tissue and not because Lotus wanted it this way. In a security forum hosted by Lotus they publicly stated they wouldn't use the French version no matter what - it's that weak and they hate it! But, they had to satisfy the French Govt. or not sell their product. I THINK the French version is only 24bit - I'm not positive.

    Lotus is NOT a bad guy in this, stupid reporters to the contrary. Sit in on any of the security forums at Lotusphere and listen to the Lotus guys talk about how they don't think 64bit is strong enough anymore, how they intend to go 128bit or better (did R5 get this? I'm not yet using it yet), and how they do their Public Key stuff. These guys are and have been so far ahead of the X509 crap it's not even funny. These guys have had certificates for years and STILL have useful features not yet implemented in X509 (hello - cert chaining?). They did this for funsies? And then we get articles that blast Lotus for being in cahoots with the Govt or NSA? Obviously someone isn't paying attention and hasn't done any research on Lotus - their making encryption so easy to use in Notes has NOT made them the US Govt's friend by ANY stretch of the imagination!

    P.S. Know what's really funny? That someone will read an article like this or the one dealing with the Swiss and take it as gospel without ever researching it. Heh, if you want to know how it all really works Lotus has a White Paper in PDF on their site that goes DEEP into the details. I'd provide an URL but it's not handy, I'm only part way through it myself but it's damned detailed. Let's see M$ put something this detailed together about Exchange or NT! (lol)
  • Hmm. Reading... [mcmail.com] They sound just a little too paranoid to me. The reason so much European traffic is going through Vienna VIRGINIA is not the NSA, or even BGP finding empty routes through the US, exactly... it's because European long distance rates are so high it's cheaper to cross the Atlantic twice!

  • by zatz (37585) on Tuesday May 18, 1999 @11:32AM (#1887814) Homepage

    The one in the TechWeb article is slightly mangled... if you didn't figure it out, try this [mcmail.com].

    Check out the May 1999 STOA newsletter [eu.int] for a very quick summary (scroll down a bit). None of it is US authored, AFAICT.

  • by weave (48069) on Tuesday May 18, 1999 @11:17AM (#1887816) Journal
    To quote from an excellent CD by Extreme; "There are three sides to every story. Yours, mine, and the truth."

    Somehow I think this "finding" is not quite accurate. Why would the US gov blow its wad on leaking confidential data to contractors to give them an advantage? The best part of having a secret is keeping it.

  • You're right that searching "every" bit of traffic is too much ... but in addition to the other points raised ("there is proof that they do this"), I'll just highlight that the espionage agencies have had years to develop specialized hardware to not just crack ciphers, but also do high speed pattern recognition. And yes, lots of academic research has been funded in those areas for the past decades.

    That said, for the past two years I've been getting the story from folks in/around Washington DC that the spy agencies have given up on stopping crypto for purposes of national security. All the signals they really care about are too easily protected. That jives with what that report said.

    The bizarre thing ... is that the FBI and other law enforcement folk have recently begun muddying the waters. It's like they don't want to notice what their higher tech buddies have concluded ... or maybe they just have a huge case of budget envy! Look on the bright side, if they get their wish, it's a new segment of the high tech industry.

    What I found the most interesting bit in the Bernstein ruling was the observation that Fourth Amendment rights (protecting against unreasonable search and seizure) were at risk. Let it be noted that J. Edgar Hoover's organization is not noted for scrupulously obeying the law, and many folk have been noticing an alarming tendancy towards very authoritarian behavior in many police departments in the United States. What would you like to bet that members of minority communities will get more hassle for using crypto than, say, WASPs?

"A mind is a terrible thing to have leaking out your ears." -- The League of Sadistic Telepaths

Working...