From: owen@autodesk.com (D. Owen Rowley)
Date: Tue, 23 Nov 93 11:04:10 PST
To: baum@newton.apple.com
Subject: Re: Can NSA crack PGP?
Message-ID: <9311231843.AA28497@lux.YP.acad>
MIME-Version: 1.0
Content-Type: text/plain



  > From: baum@newton.apple.com (Allen J. Baum)
  > But, there is one thing that is true about NSA's ability to crack it:
 >  they won't give you cause to know whether they can or not.

This statement, like the following, is like a rich vein of 
valuable insight into the extra-technical aspects of the issue.

I found myself reading this next part over several times, and each pass
I found that I associated what I understood to other unspoken questions I have.

 > e.g., if they can, and they read some mail of yours that you REALLY don't
 > want them to read, they won't act on that information in such a manner that
 > you can determine that they cracked the code for your message. They
 > couldn't use it on a warrant, & they couldn't testify as to its contents in
 > court. To do so would advertise their capabilities, which is a no-no for
 > them. (they might, of course, use that information to point people in the
 > right direction so they can attribute information to an anonymous tip, but
 > they have to be careful even there)

and thus revealing that if you become a target of genuine scorn from that
corner, it will operate from a position which is beyond accountability itself.

I think that Doug Barnes hit the nail on the head by pointing out
that sheer volume of stuff to filter through has the potential of 
affording us an edge.

 > Even now, when it's pretty certain they could crack DES, you won't
 > find them doing it for a law enforcement agency that asks; it gives away
 > too much.
 
Anything you are *required* to keep secret, is more valuable to the 
*requiring agency* than to you.

Anything you are expected to accept on faith, can't be proven.


LUX ./. owen