1993-09-24 - Front Line Dispatch -or- Conspiracy Theories on the PTB

Header Data

From: “L. Detweiler” <ld231782@longs.lance.colostate.edu>
To: cypherpunks@toad.com
Message Hash: c4ec603413813cc6e69fb2815760311b4aacc6e502304dad96f8c1e2f52cfb42
Message ID: <9309240110.AA16875@longs.lance.colostate.edu>
Reply To: N/A
UTC Datetime: 1993-09-24 01:14:02 UTC
Raw Date: Thu, 23 Sep 93 18:14:02 PDT

Raw message

From: "L. Detweiler" <ld231782@longs.lance.colostate.edu>
Date: Thu, 23 Sep 93 18:14:02 PDT
To: cypherpunks@toad.com
Subject: Front Line Dispatch -or- Conspiracy Theories on the PTB
Message-ID: <9309240110.AA16875@longs.lance.colostate.edu>
MIME-Version: 1.0
Content-Type: text/plain


Here is an update on recent and past developments.

- Why PRZ was not subpoenaed
- Clarifications on the NYT article - simultaneous serve dates?
- The Grady Ward PGP connection
- the Scarlet Letter
- Conclusion
- EFF and *your* support

PRZ unsubpoenaed so far
----

First, in the message I posted to the cypherpunk list that PM
transformed into one of the most side-splittingly hilarious, foaming,
delirious flames I've ever had the joy to experience, there were some
misleading comments, and I'm rather surprised that no one has noticed
and chastised me for them, publicly or privately. (In this way PM
succeeded precisely in his intent of distracting attention from the
actual contents, in a rather pitiably desperate way.) However, I do
have to admit that it was probably my weakest posting here on the
affair -- nevertheless, I was actually quite dazzled by the ensuing
fireworks, which IMHO comprise the most spectacular flame war I've ever
seen on the list, and I'd *not* have done anything differently knowing
this in retrospect! (And this characteristically prolix commentary is
my tribute in response!)

Anyway, I've been relying on `cyberspatial connections' (email & the
phone, and *many* key people) *intensely* lately as a tool to
crystallize my thoughts and further The Cause. Let me post some clarifications.

First, I said, 
>What is the significance that PRZ was not actually
>cited in any subpoena so far? This is very puzzling. It seems to
>contradict the theory that the investigation is primarily PGP oriented.

Actually, what I meant was this: why do the subpoenas ask
representatives to appear who have very little personal knowledge of
the situation: ``how could they *not* query PRZ if they are inquiring
on PGP''? The Austin Code Works one is not even directed to anyone in
particular (!) but to the `custodian of records'. And as I noted the
ViaCrypt one is directed to the president, Leonard Mikus -- who of
course would be extremely knowledgeable of the recent ViaCrypt deal,
but virtually *entirely clueless* as to the original PGP distribution
(happening over 2 *years* ago!).

The ViaCrypt subpoena of course *does* mention PRZ repeatedly. Here are
the two side by side for comparison. I got this from Current Underground Digest:

[Viacrypt]
>"Any and all
>correspondence, contracts, payments, and records, including those
>stored as computer data, involving international distribution related
>to ViaCrypt, PGP, Philip Zimmermann, and anyone or any entity acting
>on behalf of Philip Zimmermann for the time period June 1, 1991 to the
>present."  

[Moby Crypto]
>Any and all correspondence, contracts, payments, and record,
>including those stored as computer data, relating to the
>international distribution of the commercial product "Moby
>Crypto" and any other commercial product related to PGP and RSA
>Source Code for the time period June 1, 1991 to the present.

The letter I quoted in my own, from the person describing grand jury
investigations, erroneously implied that Phil Zimmermann was
subpoenaed, which regrettably my own report above it confused as well.
Phil Zimmermann, to this point, has *not* been subpoenaed.

I think the simple answer to this curiosity is as follows, and is not
idle speculation but cuts to the core of the case and the intentions of
those behind it. As indicated, I have heard  indications that the
subpoenas are only the latest development in a customs investigation
that perhaps extends up to many months or even over a *year* in span.
Very likely PRZ has been contacted on a previous occasion. The primary
focus of these subpoenas is *records*, not *testimony*. Possibly, the
investigation has already exhaustively uncovered testimony short of
written records. In fact, this suggests a model `ladder of severity' of
an investigation of this type, of which there appears to be almost no
historical precedent, but this might serve as in the future:

(1) start with queries to people involved, with no warrants. Maximize
the information obtained. track down all leads to people mentioned freely.
(2) When this has been exhausted, possibly, attempt to gain any records
available without a warrant.
(3) If no directly incriminating evidence has been obtained to this
point, but there is still some prod to go further (more on this later),
convene the grand jury.
(4) subpoena (a) documents and (b) witnesses. 

Now, in (4), if significant oral accounts had already been obtained
*freely*, the former (a) is more important than the latter (b) at that
stage. Or, it might be that the investigators thought that a mere
subpoena for records would be less explosive than one for documents.
Also, it is definitely less of a burden on some people (the Austin Code
Works `records custodian' notwithstanding). These are all plausible
conjectures of the inquiry situation at this point in the case.

NYT article & the simultaneous date?
---

From the CuD account, I have pieced together the following, which forms
part of a letter I hope will be accepted by one of the premier online
electronic computer journals (watch for it!):

>As reported in many places, such as Current Underground Digest, New
>York Times (Sept 21) and on AP, subpoenas were served on
>representatives from the companies ViaCrypt and Austin Code Works for
>materials related to a grand jury investigation in California
>associated with the U.S. Customs Office. Both warrants are dated 9
>Sept., but were served and received two days apart (contrary to the NYT
>account), with the ViaCrypt on Tues 14 Sept and ACW on Thur 16 Sept [...]

I've talked to J. Markoff (the NYT writer) and he's indicated that the
following statement in the article

>The
>grand jury subpoenas, which the companies *received* Sept. 9

(my emphasis) was based on the date *on* the subpoenas, not their
actual `serving time'. (Note: subpoenas are delivered by government
agents, not the post office.)

Markoff also misspelled Zimmermann's name with one 'n', a pitfall I
must confess my own guilt on occasion! Finally, I have to admit now
that theories about a `coordinated simultaneous attack' in expectation
of the `cyberspatial reaction' are not supported by this datum. This is
not to say it was not on the minds of `the powers that be', which I
will henceforth coin the PTB, and let it serve as the hypothetical TLA
responsible for all *unsolved* conspiracies in existence. (Note that
the expression is not my own but the abbreviation is.)

The PGP connection
---

Finally, I also wrote, an eternity ago in cyberspatial time (EA in CT):

>Rumor: Moby Crypto was targeted because G. Ward intended to include PGP
>on distribution disks. The investigation is primarily PGP oriented, and
>G. Ward is just a bystander who got caught up. PRZ & PGP is the essential target.

G. Ward has just confirmed this to me directly. Since he's referring to
public Usenet postings, I'm going to quote him:

Date: Thu, 23 Sep 93 05:50:13 -0700
Message-Id: <9309231250.AA17688@netcom6.netcom.com>
>I believe that I did announce on sci.crypt that my
>Moby Crypto tutorial was to contain a full source
>to PGP as an excellent example of a full crypto and
>digital signature application.
>
>Because I do not have a license from PK partners, I
>was careful to document their patent rights and to only
>publish the source (and I got two patent attorneys opinions
>that source is not infringing as long as it wasn't
>just an attempt at evasion).

also, I asked cypherpunks to find this message. so far, no bites. I
would figure it would have *really* stood out, but no one seems to
remember it. This is *prime* material for us to pore over. We can
determine how fast someone may have reacted if we know the date of his message.

Now, call me a conspiracy theorist, but personally, this statement,
taken along with the subpoenas and the glaring NSA pokes G. Ward has
been the butt end of as reported on Usenet crypto groups and alluded
here, is all perhaps the strongest indication I've ever seen that the
NSA (the most common PTB) is directly monitoring newsgroups -- not only
monitoring, but beginning to respond directly to taunts.

The Scarlet Letter
---

I'll have much more to say about the latest letter bestowed on Grady
later. The major point I want to make here is to tie it in with the
current investigation. First of all, it now implicates fairly high
levels of the State Department and the Office of Defense and Trade
controls as being engaged in all this as well. Secondly, it gives us
some EXTREMELY valuable intelligence on which of our interpretations of
the ITAR are relevant, and how the PTB (synonymous with The Enemy here)
interprets them. There are *direct references* of sections, and I'm
just salivating for the next H. Finney posting to rebut their fantasies:

>Further,
>the exemptions listed in 22 CFR # 125.4 for technical data do
>not apply to cryptographic software and source code. 

The most EXTRORDINARY section, upon which Grady Ward bases his claims
that this appears to be a DOMESTIC CONSTRICTION of cryptographic
knowledge dissemination:

>We take this opportunity of advise you that any company or
>individual who engages in the United State in the business of
>either manufacturing or exporting defense articles or
>furnishing defense services is required to register for a fee
>with the Office of Defense Trade Controls (DTC) pursuant to 22
>U.S.C. # 2778(b)(1)(A) and 22 C.F.R. Part 122. 

The apparent claim is that mere *U.S. `manufacturing' alone* (*not* any
trans-border condition such as export or import) requires `registration
for a fee' -- this is tantamount, in the case of cryptography, to
PRIVACY LICENSES. HORRORS!

This appears to be an extraordinarily audacious, egregious, and perhaps
a WHOLLY UNTENABLE interpretation of the ITAR by the PTB. Here G.
Ward's comical vision of Cereal Decoder Ring Registration reaches the
depths of irony and absurdity -- and the heights of our anxiety and apprehension.

BTW, I've come to the conclusion that we could not have *wished* for
better `victims' in a lifetime. If we are going to win anything for
`the cause' from all this, Phil Zimmerman and Grady Ward are the
greatest shining heroes we have to offer in this affair, which is going
to turn out, desperately hopefully, as the Two Davids vs. Goliath, and
not the latest human sacrifice to the PTB.

Conclusion
---

What does all this mean to the spread of cryptography? Its far too
premature to comment authoritatively. Instead I wrote the `Schneier
Satire' because I'm *extremely* concerned by all these recent
developments. I think they respresent a desperate struggle by the NSA
to minimize the *future* spread of cryptographic ideas and
implementations through any government agencies available, particularly
in the *domestic* U.S. arena. PGP to this point has been `out of the
bag' but not in a potentially enormous *commercial* way.

Apparently, the ViaCrypt agreement shifted the `institutional paranoia'
into high gear of the extraordinary future potential of PGP and public,
widespread cryptography.  This represents a fundamental policy change
from `benign neglect' to `active harassment' and perhaps, more
melodramatically, *attack*. The Zimmermann-Ward affair is going to be a
critical keystone to future developments in cryptographic freedom, in
either limiting and checking this latest alarming manifestation of the
severe, constricting, repressive influence of the NSA, or in heralding
a new, basic, bold expansion of it.


EFF and *your* support
---

It greatly pains me to have to bring this up, but I've received
multiple top confirmations that EFF is `less than fully engaged' on
this for a variety of practical reasons. In particular, it is not
possible for them to provide attorneys or financial support at this
early stage. I fully believe they are wholly committed to the overall
battle, but have talked to key observers who are disenchanted and even
alienated by their lukewarm response so far. I hope something
beneficial to everyone and "The Crypto Cause" can stabilize as soon as
possible. In the meantime, I'm going to close with H. Kennedy's
beconing call in Current Underground Digest:

===cut=here===

Date: Tue, 21 Sep 1993 05:36:08 GMT
From: hugh@GARGOYLE.UCHICAGO.EDU(Hugh Miller)
Subject: File 1--Phil Zimmerman Comments on Encryption Flap

Phil asked me to forward this to the Digest.  It points up the
problems of keeping _ANYTHING_ secret in the electronic world (unless,
of course, it is SECURELY encrypted \;-}).

    It is more or less self-explanatory.  Let me square his remark at
the end, though: whatever happens, Phil is facing some pretty vast
legal bills.  Now is the time for all of us who favor crypto for the
masses to pony up and put our wallets where our mouths are.  I pledge
$100 NOW, and challenge every one of you to match or exceed me.  I'll
keep it up until Phil's out of the hole.  ($100 on a regular basis is
a lot of money on an assistant professor's salary with 3 kids.)

    Examine your conscience and write that check.  Pronto.

    Hugh Miller
    Asst. Prof.
    Dept. of Philosophy
    Loyola University Chicago


Date--Sun, 19 Sep 1993 13:38:44 -0500
From--Philip Zimmermann
Subject--Zimmermann statement on PGP investigation

[...]

I understand that
the issues involved in this investigation are of the greatest
importance and transcend my personal interests.  Even so, I would
rather not turn an investigation into a full-scale federal
prosecution.  I ask that everyone keep in mind that the government's
resources are limitless and that mine are not.

Speaking of resources, many of you have offered help, and I am
grateful.  Those wishing to contribute financially or otherwise
should contact either me or Philip L. Dubois, Esq., at dubois@csn.org
or by phone at 303-444-3885 or by mail at 2305 Broadway, Boulder, CO,
80304.  Mr. Dubois has just got on the Internet and is still learning
how to use it.  Donated funds will be kept in a trust account, and all
contributions will be accounted for.  If this whole thing somehow goes
away with money left in the account, the balance will be refunded to
contributors in proportion to the amounts of their contributions.





Thread