From: farber@central.cis.upenn.edu (David Farber)
Date: Fri, 18 Feb 94 10:11:11 PST
To: eff-staff@eff.org
Subject: CERT/Whitehouse/Clipper link - smoking gun...
Message-ID: <199402181733.MAA08763@linc.cis.upenn.edu>
MIME-Version: 1.0
Content-Type: text/plain


Posted-Date: Fri, 18 Feb 1994 12:28:53 -0500
Path:
netnews.upenn.edu!msuinfo!agate!howland.reston.ans.net!pipex!uknet!demon!an-
teallach.com!gtoal
Newsgroups: comp.org.eff.talk
From: gtoal@an-teallach.com (Graham Toal)
Subject: CERT/Whitehouse/Clipper link - smoking gun...
X-Fax: +44 31 662 4678
X-Organisation: An Teallach Limited
Date: Fri, 18 Feb 1994 16:48:15 +0000
Sender: usenet@demon.co.uk
Lines: 55
Apparently-To: farber@pcpond.cis.upenn.edu

By God, I knew there was something fishy about that latest CERT
release (the one that referred to things that happened last
November and didn't actually say anything new, but somehow
managed to hit the *WORLD* press extensively within 24 hours)...

Well, here's the smoking gun...

>From: CERT Advisory <cert-advisory-request@cert.org>
>Date: Thu, 3 Feb 94 21:14:40 EST
>To: cert-advisory@cert.org
>Subject: CERT Advisory - Ongoing Network Monitoring Attacks
>Organization: Computer Emergency Response Team : 412-268-7090

>=============================================================================
>CA-94:01                         CERT Advisory
>                               February 3, 1994
>                      Ongoing Network Monitoring Attacks

Note the date.

The next day, we see this Whitehouse release:

:THE WHITE HOUSE                                 CONTACT: 202 156-7035
:OFFlCE OF THE PRESS SECRETARY

:EMBARGOED UNTIL 3 PM (EST) FRIDAY, February 4, 1994

:STATEMENT OF THE PRESS SECRETARY

:Information Infrastructure. A digital signature standard will enable
:individuals to transact business electronically rather than having to
:exchange signed paper contracts. The Administration has determined
:that such technology should not be subject to private royalty
:payments, and it will be taking steps to ensure that royalties are not
:required for use of a digital signature. Had digital signatures been in
:widespread use, the recent security problems with the Internet
:would have been avoided.

Note the reference to 'recent security problems with the Internet'.
This is obviously referring to the highly publicised stories in
the press *that day* which were engendered by the CERT report.  Yet
the whitehouse press release was written days before - see the 'embargoed
until Feb 4th' warning at the top.  So the Whitehouse had *prior
knowlege* of the CERT release, and the fact that it would get extensive
press coverage.

I say CERT actively collaborated with the Whitehouse on the pro-clipper
propoganda front, and I challenge them to deny it in a simple unequivocal
statement.

G
PS The statement is also false: digital signatures would have no effect
on network sniffing attacks; but it's just more FUD to strengthen the
Whitehouse hand in a release that was buried in a flood of releases
that day on Clipper.