From: kqb@whscad1.att.com (Kevin Q Brown +1 201 386 7344)
Date: Fri, 8 Sep 95 15:47:10 PDT
To: cypherpunks@toad.com
Subject: GAK Hacks and Position Surveillance
Message-ID: <9509082244.AA12403@ig1.att.att.com>
MIME-Version: 1.0
Content-Type: text/plain


> GAK Hacks!
> We did it for SSL, let's do it for GAK.
> Demonstrate that superencryption (encrypting within a GAK wrapper) defeats
> GAK. And other kinds of hacks, including releasing "damaged" (inoperative)
> versions of the proposed code (when it becomes available).

Tim,
That's a start.  Superencryption can protect the _content_ of the
conversation, but it will not prevent _traffic analysis_.  That is
an important issue because, as I explain below, in our increasingly
wired world, effective traffic analysis may become a _position_
escrow system, except that there won't even be any escrow.

A GAK Hack that combines superencryption with a method to defeat traffic
analysis would raise a lot more eyebrows than superencryption alone.
Unfortunately, since we don't yet know what kind of LEAFs will be in
the next-generation GAK proposal, I can only refer to some comments
made awhile ago about Clipper-based traffic analysis:

  Date: Mon, 14 Mar 94 10:36:05 EST
  From: smb@research.att.com
  > The LEAF can be decrypted with just the family key; from what's been
  > disclosed so far, local law enforcement agents will be able to do that
  > without contacting the escrow sites.  The LEAF contains the unit id of
  > the chip, independent of what phone number it's being used from, ...

Imagine someone using a GAK/LEAF communication device while travelling
throughout the day.  Especially if the communications are wireless,
no court order will be needed to track position during his/her journeys
because a packet sniffer armed with the family key could detect any
of his/her communications automatically.  You may wonder "what packet
sniffer could track communications like that"?  Maybe I'm wrong, but
isn't that what the recent Digital Telephony legislation was for?

Now let's return to a recent message from tcmay@got.net:
> The pernicious nature of the "escrow" idea, ... is that it says that
> surveillance is not so bad after all, because the results of the escrow
> will not be looked at except when "justified." ...

Or perhaps, once a GAK system with some kind of LEAFs is in place,
no justification at all will be needed to accomplish efficient and
fully automated massive position surveillance.  Maybe key escrow is
just a red herring to distract us from position surveillance?
Of course, we can assume that these LEAFs will not be as vulnerable
to forging as Matt Blaze demonstrated for Clipper (Tessera?).

First we had:
  GAK = Government Access to Keys.
Perhaps now we have:
  GULPS = Government Unlimited License for Position Surveillance?

Frankly, I wouldn't be surprised if I have overstated the threat
and more technically knowledgeable minds on this list will expose
the flaws in my reasoning.  Please do.

                              Kevin Q. Brown
                              kevin.q.brown@att.com
                              kqb@whscad1.wh.att.com