[410] in cryptography@c2.net mail archive
Re: NSA responds to criticism over weakening cellular crypto
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Fri Mar 21 15:10:17 1997
To: cryptography@c2.net
In-reply-to: Your message of "Thu, 20 Mar 1997 15:51:53 PST."
<Pine.GSO.3.95.970320155122.27273H-100000@well.com>
Reply-To: perry@piermont.com
Date: Fri, 21 Mar 1997 15:06:25 -0500
From: "Perry E. Metzger" <perry@piermont.com>
> >Date: Thu, 20 Mar 1997 17:35:44 -0500
> >From: Clinton Brooks <cbrooks@romulus.ncsc.mil>
> >To: banisar@epic.org
> >CC: "Brooks, Clinton" <cbrooks@romulus.ncsc.mil>
> >Subject: Cellular Phone Flaw
> >
[...]
> > We have released the following statement:
> >
> > "NSA had no role in the design or selection of the encryption
> >algorithm chosen by the Telecommunications Industry Association (TIA).
[...]
> >NSA provided the TIA with technical advice on the exportability of these
> >devices under U.S. export regulations and processes."
In other words, if I might be blunt in paraphrasing...
"NSA did not openly tell TIA not to use strong crypto in the digital
phone standards, and wasn't directly involved in the decision about
which uselessly weak cryptographic system in particular they should
select. However, we did intentionally pressure them into their
decision to use uselessly weak cryptographic methods by advising them
that their members would never export any cellphone equipment again if
they put any remotely worthwhile encryption into the phones. Their
desire to remain in business got us what we wanted, without our having
to directly involve ourselves in their technical decisions."
One wonders if the NSA cares about the billions of dollars lost by
businesses each year because they lack strong cryptographic protection
for their communications and computer systems, largely because of NSA
pressure exerted via mechanisms such as the export control
laws. Presumably, though, this bleeding wound on our economy isn't a
"National Security" issue.
Perry
