1996-01-12 - Shimomura on BPF, NSA, Crypto

Header Data

From: John Young <jya@pipeline.com>
To: cypherpunks@toad.com
Message Hash: aeb6b5c95fb1fc241f05e593f49d6e3f18f5694da51eec4394b1630bfa9a511b
Message ID: <199601120029.TAA28014@pipe3.nyc.pipeline.com>
Reply To: N/A
UTC Datetime: 1996-01-12 11:52:59 UTC
Raw Date: Fri, 12 Jan 1996 19:52:59 +0800

Raw message

From: John Young <jya@pipeline.com>
Date: Fri, 12 Jan 1996 19:52:59 +0800
To: cypherpunks@toad.com
Subject: Shimomura on BPF, NSA, Crypto
Message-ID: <199601120029.TAA28014@pipe3.nyc.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


   Shimomura on BPF, NSA and Crypto:

   One of the tools I modified for my work was a sophisticated
   piece of software called the Berkeley Packet Filter. ...
   Unlike the original BPF, my version was designed to bury
   itself inside the operating system of a computer and watch
   for certain information as it flowed through the computer
   from the Internet. When a packet from a certain address, or
   for that matter any other desired piece of information
   designated by the user flashed by, BPF would grab it and
   place it in a file where it could be kept for later
   viewing.

   I had developed my initial version of the faster BPF in the
   expectation that I would receive additional research
   funding for the work from the National Security Agency. The
   Agency had begun supporting my work under a Los Alamos
   National Labs research grant in 1991, and had promised to
   extend their support for my work, but the funding was never
   forthcoming. I developed the tool, but after I completed
   the work, in early 1994, the bureaucrats in the agency
   reneged on funding.

   The idea of working with the NSA is controversial in the
   community of security professionals and civil libertarians,
   many of whom regard the NSA as a high-tech castle of
   darkness.

   Libertarian by inclination or by the influence of their
   colleagues, the nation's best computer hackers tend to
   possess a remarkable sensitivity to even the slightest hint
   of a civil liberties violation. They view with deep
   distrust the work of the National Security Agency, which
   has the twin missions of electronic spying around the globe
   and protecting the government's computer data. This
   distrust extends to anyone who works with the agency. Am I
   contaminated because I accepted research funding from the
   NSA? The situation reminds me of the scene in the movie Dr.
   Strangelove where General Jack D. Ripper is obsessed by the
   idea of his bodily fluids being contaminated. I think the
   idea of guilt by association is absurd.

   My view is very different. First of all, I don't believe in
   classified research and so I don't do it. The work I was
   undertaking on packet-filtering tools was supposed to be
   funded by the agency for public release. The tools were to
   be made widely available to everyone, to use against the
   bad guys who were already using similar tools to invade
   people's privacy and compromise the security of machines on
   the Internet.

   But even more to the point, I believe that the agency,
   rather than inherently evil, is essentially inept. Many
   people are frightened of the NSA, not realizing that it is
   like any other bureaucracy, with all of a bureaucracy's
   attendant failings. Because the NSA staff lives in a
   classified world, the government's normal system of checks
   and balances doesn't apply. But that doesn't mean that
   their technology outpaces the open computer world; it just
   means they're out of touch and ponderous.

   In any case, I feel strongly that tools like BPF are
   absolutely essential if the Internet is to have real
   security, and if we are to have the ability to trace
   vandals through the Net. If people are concerned that
   individual privacy is at stake, they should probably worry
   less about who should have the right to monitor the
   networks, and instead focus their efforts on making
   cryptographic software widely available. If information is
   encrypted it doesn't matter who sees it if they can't read
   the code. Cryptography is another example of my point that
   a tool is just a tool. It was, after all, used primarily by
   kings, generals, and spies until only two decades ago. Then
   work done by scientists at Stanford, MIT, and UCLA, coupled
   with the advent of the inexpensive personal computer, made
   encryption software available to anyone. As a result, the
   balance of power is dramatically shifting away from the NSA
   back toward the individual, and toward protecting our civil
   liberties.

   ["Takedown," pp. 102-04]














Thread