[118350] in Cypherpunks
Fwd: Re: security risk [re: post by Doug R Calvert]
daemon@ATHENA.MIT.EDU (Jean-Francois Avon)
Sat Sep 25 19:05:48 1999
Message-Id: <199909251839.OAA27167@cti06.citenet.net>
From: "Jean-Francois Avon" <jf_avon@citenet.net>
To: "Cypherpunks" <cypherpunks@toad.com>
Date: Sat, 25 Sep 1999 14:37:07 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Reply-To: "Jean-Francois Avon" <jf_avon@citenet.net>
==================BEGIN FORWARDED MESSAGE==================
>From: "Jean-Francois Avon" <jf_avon@citenet.net>
>To: "Kevin & Michelle Boland" <kevmich@cadvision.com>
>Cc: [snip]
>Date: Sat, 25 Sep 1999 14:35:58 -0700
>Subject: Re: security risk [re: post by Doug R Calvert]
On Sat, 25 Sep 1999 11:12:21 -0600, Kevin & Michelle Boland wrote:
>All electronic communications - regardless point of origin are scanned
>by one (or more) of several intelligence gathering services - the
>largest (and most well know) is the NSA out of Ft. Meade Maryland, both
>they and the US DIA have a budget 100x the CIA and most is earmarked for
>sigint. Having several sites outside of the USA like the UK and
>Australia (in order to side step pesky commonwealth privacy laws, the
>sites are US ) However, we Canadians are also in the game CSE (probably
>the only competent CDN military establishment) all have these
>capabilities for interception tracking and analysis. All messages are
>intercepted - decrypted if necessary - scanned by one of several Cray2
>super computers in microseconds and based on the number of points either
>ignored or sent to human analysis - And further if the point value is
>quite high.
Decrypted? What gets decrypted? "export allowed" RSA in browsers? 128 bits
RSA in "domestic secure" browsers?
2048 bits RSA and IDEA in PGP 2.x.x ?
1024/4096 DSS/DH in PGP 6.x ?
Did they screw up with the code to leak key information somewhere in
subliminal channel (like in a DSS signature?) Did they spread snooping code
using a discrete virus?
>In short if I write Doug saying "lets bury the AK-47's" it is picked up
>and scanned
>I have no idea the priority of 'AK-47' but lets assume it is trivial
>If I write Doug (and all you others) saying lets move the bomb to
>Washington, and mention Clinton etc. it would have a much higher (like
>people in black nomex w/ MP-5's visiting)
>Now I would not be to worried - the computers are highly sensitive and
>programed to look for certain word strings etc. ) So unless you are
>planning to topple a gov't by email I would not worry about it coming to
>anyone's (human) attention
I find this a bit simplissistic.
If I choose to say "I got the candy for halloween this week" and "We'll go on
excursion next sunday and drop a cake to Uncle Willie while on the way"
It could be interpreted in a lot of ways... Darn, drug dealers have been
eluding the war on drug just by using "coded" phone numbers on pagers and
that's enough to run the most profitable distribution network on the planet!
I do not say that such an action by the military doesn't exist. They are well
enough deluded and so many contractors in dire need of govt money to dream up
such a delusion.
But now, in the context of Doug's posting, that's an other thing. Doug is an
active RFC member. He's politically active and hangs around politically
active people. The NFA and other snoops doesn't only work for the military
intelligence or "anti-terrorism" but also for implementing political
rectitude. It is well known that the Cypherpunks forum is monitored by the
NSA. Also, the RCMP and DoJ monitors the Canadian Firearms Digest, for this
is a hot topic (potato) here.
I think that the pretext of preventing terrorism for doing communication
intercepts is, while legitimate in itself, only a small part of the true
reason why they do it. Any well organized terrorist group could devise ways
to hide their intentions within innocent text. They could use encryption.
They could use steganography (to embed a text within another fild
inconspicuously. When the text is encrypted, i.e. looking random, it is
impossible to say if there is something embedded in the file. Usually, the
lowest significant bits of a picture or a sound file are used to carry the
information)
Ciao
jfa
===================END FORWARDED MESSAGE===================
