Fun_People Archive
3 Jun
CWD--Crypto Gets A Nuke


Content-Type: text/plain
Mime-Version: 1.0 (NeXT Mail 3.3 v118.2)
From: Peter Langston <psl>
Date: Mon,  3 Jun 96 22:24:51 -0700
To: Fun_People
Subject: CWD--Crypto Gets A Nuke

From: brock@well.com


CyberWire Dispatch // Copyright (c) 1996 //

Jacking in from the "One that Got Away" Port:

Washington, DC -- President Clinton call your spooks, get FBI Director Louis
Freeh on the phone.   Tell them to order in pizza.  Bill, it's going to be
a long night.   All your plans to hold the U.S. crypto market hostage have
just been fucked... and you didn't even get kissed.

A virtual tactical nuke was hurled into the arcane subculture of encryption
technology Monday when RSA President Jim Bizdos revealed that his company's
Japanese subsidiary had developed a monster chipset capable of scrambling
voice and data real time with a so-called "key length" of up to 1024 bits.

That key length stuff is just so much gibberish to those playing without a
scorecard, so let me drill down on it for you.  Basically, the longer the
key length, the harder it is for a message to be broken by "brute force"
automated attacks.  Current U.S. laws prohibit the export of any encryption
device with a key length longer than 40-bits, or roughly the equivalent of
Captain Crunch decoder ring. For hardcore math types, I'm told that a
1024-bit key length is 10 to the 296th power more difficult to break than
40 bits.

Bizdos, speaking during lunchtime at the Electronic Privacy Information
Center (EPIC) 6th Cryptography and Privacy conference, told how his Japanese
based company, Nihon-RSA, developed a set of two chips capable of scrambling
messages at a level that will make the spooks in the Puzzle Palace (the
National Security Administration) cough up hair balls that would make the
First Cat Socks envious.

Bizdos seems to have found crypto's magic bullet;  a legit way to
essentially give the finger to U.S. export laws for crypto product. For
years now the White House has been locked into a kind of crypto war.  The
Administration insists that strong encryption products must not be exported
for fear that "terrorists, child pornographers, and drug barons" and a rabble
of assorted "bad guys" would snag the technology and proceed to plot the
destruction of the "World As We Know It"... or at least Western Democracy,
if the inbred Iranians got in line first.

The White House crypto-fascist team, led by the NSA, FBI, and assorted
military hawks, have offered braindead compromise plans, including three
versions of the "Clipper Chip."  This is a plan whereby you can buy strong
locks for your data with the simple caveat that when you buy and use the
products, you have to put the decoding key "in escrow." This way if a law
enforcement agency ever has the need to unscramble any of your messages --
without you knowing it -- they can simply ask for these escrowed keys and
have them handed over.  Yes, even your local sheriff's department can ask
for the keys.

Now, the government promises it will use this power only for good and never
for evil.  Honest, that's what they say.  Of course, the Justice Department,
in writing the rules for getting the keys, totally absolves any law
enforcement agency of all harm if this power is abused in any way. Oh.. and
if that power is abused, the sheriff or the FBI or fucking Park Police for
that matter,  can still use any "evidence" they gin up on you.  Honest, I'm
not making any of this stuff up.

So the battle has raged.   The industry has been loath to develop such
products only for the American market because the cost of producing
essentially duplicate products for domestic and foreign markets just
wouldn't be cost effective.

So, you and I are stuck having to use some pretty tedious encryption
technologies, such as PGP (Pretty Good Privacy), which is great, but tough
to use.  Or we can use the Captain Crunch Decoder ring equivalents available
off the shelf. In the meantime, other countries are happily making and
distributing robust encryption technologies, at a possible loss of up to
$60 billion for U.S. companies.

In fact, it's a crime even to put a program like PGP on your laptop and go
overseas.   The State Department calls that "exporting."  The government
recently dropped a case against Phil Zimmermann, the inventor of PGP, after
putting him through several hellish years in which they threatened to toss
his ass in jail.  There Phil would  no longer be a threat to society
at-large, but instead become a "girlfriend" for a 265 pound felon named
Spike.   Phil's "crime"?? That somehow his PGP app had been uploaded on to
the Internet and whisked around the world.  Phil didn't do it, but the U.S.
government cried "export violation," anyway, eventually telling him, "Oh,
never mind."

So Bizdos, tired of fighting the wars here, enlisted the help of the
Japanese.   After setting up his Japanese unit, he hired a crack team of
Japanese crypto experts who essentially "reverse engineered" the company's
own U.S. crypto product, according to Kurt Stammberger, RSA director of
technology marketing.  It was a brilliant move.   Bizdos can't be slammed
by the State Department for violating crypto export laws because, well, he
didn't export a damn thing, except some U.S. greenbacks, which of course,
could have gone to U.S. cryptographers, but let's not quibble about jobs.

Anyone want to kick around the subject of global competitiveness?

What's happened here is the Japanese have now trumped the entire world on
the crypto market.   What's more, Clinton's brain-dead allegiance to the
FBI, et al., has now allowed the Japanese government, which still owns a
large share of NTT, which owns a minority share of RSA's Japanese
subsidiary, to have a lock on the world's strongest encryption technology.
Can you say "Remember the VCR"  or "Remember the Semiconductor" or how about
"Thanks, Bill.  We're fucked."

The boys in the Pentagon made a stink a few years ago when a Japanese
company made a play for Fairchild, a top defense contractor.  It was feared
that the Japanese, by swallowing up the U.S. company, would also gain access
to technologies vital to the U.S. military.   The deal was squashed.
Natch... now it looks like the G.I.'s with the stars on their shoulders have
just put their spit-shined combat boots up their own ass by supporting
Clinton and his continued ban on crypto exports.

"We truly have ceded this market to Japanese companies," Bizdos said.  "It's
almost too late to turn it around."  Some 15 COUNTRIES have already placed
orders for these chips, Bizdos said, adding that the Japanese will not build
the chips with a key escrow function.

EPIC Director Marc Rotenberg said he was told by a Japanese representative
that the country's constitution wouldn't allow key escrow because it doesn't
allow wire-tapping.  Umm... maybe the Japanese just don't have *really* bad
guys like the FBI assumes we have here.

What's more, Bizdos says the deal with NTT is "no coup."  He says the
Germans and French "aren't far behind" in developing similar technologies.
The RSA bombshell "fuels the argument that this stuff can't be contained in
our own borders," said PGP's Zimmermann.

Just how the relationship between NTT and RSA works out isn't set, Bizdos
acknowledged.  "They'll pay us a royalty for the chips they sell," he said.
"We're working it all out."

Meanwhile, from my office window here in DC I've already counted 17 Domino's
Pizza delivery bikes go screaming by on their way to the White House.
Through my telescope I can see the White House balcony;  it looks like Bill
is sick, like he's just heard some "really bad news." And behind him, just
inside the double-doors, on a persian rug placed there by Warren G. Harding,
I think Socks the Cat has just coughed up a hairball... or maybe it was
Louis Freeh.  From this angle, I just can't be sure.

Meeks out...

------------

Additional reporting by Declan McCullagh (declan@well.com)


prev [=] prev © 1996 Peter Langston []