[117980] in Cypherpunks
RE: more re Encryption Technology Limits Eased
daemon@ATHENA.MIT.EDU (Lucky Green)
Fri Sep 17 00:58:21 1999
From: "Lucky Green" <shamrock@cypherpunks.to>
To: "Declan McCullagh" <declan@well.com>
Cc: "Cryptography@C2. Net" <cryptography@c2.net>,
"cypherpunks@Algebra. COM" <cypherpunks@Algebra.COM>
Date: Thu, 16 Sep 1999 21:36:35 -0700
Message-ID: <NDBBIFGOKODBCKDGJDKLEEPACGAA.shamrock@cypherpunks.to>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In-Reply-To: <19990916211526.UUWX17922@alaptop.hotwired.com>
Reply-To: "Lucky Green" <shamrock@cypherpunks.to>
Declan wrote:
[A bunch of quality info elided]
> What I found most interesting was what Attorney General Reno said
> about the
> government's cryptanalysis abilities. When asked if she can break strong,
> >64 bit equivalent crypto, she said, "We have carefully looked at this and
> think it's possible," and declined to add details.
Sure. With a n-billion dollar budget, breaking 64 bits is real-time. In
addition, the USG has been leaning heavily on hardware manufacturers to add
backdoors to the underlying hardware. God only knows what they worked out
with OS vendors. Anybody exploring this gets leaned on even harder. Just ask
a certain Australian CS professor how things went for him after he began
talking about some very curious, very complex, and undocumented instruction
sets he discovered in late-model Intel CPU's. Which will put the processor
into a mode that makes OS protections irrelevant...
I could give a few more examples, but I am under informal NDA on them. I am
working on demonstrating some of the claims. [The problem here is that I
have limited time and resources. The feds and manufacturers can spend
millions on inserting backdoors. There is no budget and no paying
constituency for exposing the backdoors. So the fight is between millions of
dollars and hundreds of engineers vs. a few of us and our spare time. Which
makes it impossible to expose all the backdoors that exist]. And once you
find such a backdoor, even the more clueful won't believe it is a deliberate
backdoor without an accompanying video tape of the NSA rep discussion the
insertion of the backdoor with the manufacturer. "NSAKEY"? "Oh, no, that
couldn't possibly be the NSA's key. It is just a backup key with an
unfortunate name". If well-known crypto experts are that gullible, what
about the public?
What I found most interesting about today's announcement was not that it was
largely content-free and the fifth or sixth such content-free "crypto
deregulation" announcement that I can remember causing the exact same
predictable reactions by the press and the less operationally savvy. What I
find interesting is that so far everybody missed the one paragraph in the
announcement that actually offered new information about the feds' insidious
goals.
I presume this is due to the fact that most readers didn't understand what
the paragraph was saying. Or perhaps they were too psyched about the "crypto
deregulation" lead-in to read to the end of the document.
" Protect sensitive investigative techniques and industry trade secrets
from unnecessary disclosure in litigation or criminal trials involving
encryption, consistent with fully protecting defendants' rights to a
fair trial."
Having just read the proposed bill, what this paragraph says is that LE
would be able to enter evidence gathered by means of factory-installed
backdoors, intrusion, and other means without needing to disclose to the
defense or the Jury how this evidence was obtained. All it takes is for the
prosecutor to convince the judge (in the absence of the defendant's
attorney) that disclosing the means of obtaining the evidence would endanger
future investigations or national security. Shouldn't be too tough, given
how effective The Briefing has been in the past.
Suddenly, we have situation where a defendant is no longer allowed to even
*mention* in the court room that the plaintext evidence presented by the
prosecution may be questionable.
"Officer, would you please explain to the Jury how you determined that the
random gibberish on the defendant's hard drive decrypts to "I sold 5 kg of
cocaine"?
"Counsel, you are out of order. Members of the Jury, please ignore the
question".
This from an attorney I bounced my analysis off:
"They want to be protected from being forced to reveal holes
or techniques as part of criminal or civil trials - e.g., defense attorneys
can't cross-examine prosecution witnesses about the source of their
evidence, it will simply appear before the jury without explanation or
authentication. An LEO will appear and announce that "the defendant sent
this message, which says he wanted to do terrible things" without
disclosing whether the message (which had been sent encrypted) was turned
into plaintext by the feds because they'd compromised the local machine, or
by compromising the software at the manufacturer, or by a brute-force
crack, or [...] whatever."
That's the real, and only, news in today's announcement. Under the
Whitehouse proposal, FISA-court rules will apply to any trial involving
decrypted evidence or any other evidence obtained by means of backdoors or
system compromises. If that isn't scary to any supporter of society based on
the rule of law, then I don't know what is.
--Lucky
