From: rishab@dxm.ernet.in
To: cypherpunks@toad.com
Message Hash: e12865d581ad2f7f129b65b08b35b284886e818595546deb3956cc0be3cb0bc2
Message ID: <gate.3gsFmc1w165w@dxm.ernet.in>
Reply To: N/A
UTC Datetime: 1994-05-17 17:07:40 UTC
Raw Date: Tue, 17 May 94 10:07:40 PDT
From: rishab@dxm.ernet.in
Date: Tue, 17 May 94 10:07:40 PDT
To: cypherpunks@toad.com
Subject: Why dumb criminals will NOT use Clipper
Message-ID: <gate.3gsFmc1w165w@dxm.ernet.in>
MIME-Version: 1.0
Content-Type: text/plain
How to shoot yourself in the foot, or why "stupid" criminals won't use Clipper
Harshad Mehta, a Bombay stock broker who was behind a multi-billion dollar
financial scam involving a number of international banks and the Indian stock
markets, was definitely smart. He hired one of the most well-known lawyers in
the country, but encrypted his personal records with Lotus 1-2-3 (though I
believe that he had used DES for some things).
The Medellin cartel, presumably used to the methods of US intelligence agencies,
caused the assassination of Pablo Escobar by making cellular calls without
encryption.
They had the money, organization and intelligence, but were either unaware of
any need for encryption, or assumed that what was good for most US businesses
(DES) was good enough for them.
When the NSA wanted to provide an improved PK standard for governmental use, the
thing to do would have been to layer some weak PK system over a weak DES. Like
DES itself, this system would be so weak as to _not require_ key escrows.
Everyone who uses DES (including "smart" criminals) would shift to this more
convenient, but still cryptographically weak system. Most criminals would
continue not to encrypt at all, and criticism, as with DES, would be limited to
mathematical journals.
By creating an encryption standard strong enough to require escrow, the NSA has
successfully sabotaged this wiretap enabling situation. Key escrow is something
lay people who can't spell "cryptographically strong" can understand. The high
profile negative reporting on Clipper has greatly increased public perception
of the need for, and understanding of the types of encryption. After reading
these articles, if Pablo Escobar were still around, he _would_ be using
encryption, and _not_ Clipper.
Before Clipper (B.C. ;) even "smart" criminals would happily use weak
cryptography. Now, _really_ dumb criminals will continue, as always, to
communicate in plaintext; the not-so-dumb who think of encryption at all
(because of all those your-data-is-insecure stories) will know enough about it
to avoid Clipper like the plague.
Funny, I'd have thought the cloak-and-daggers familiar with Sun Tzu's advice
against frontal, visible attack. They could have got away with a weak
alternative to DES. Too lazy to spend time cracking code, greedy to "have all
the keys" (yum yum), they've shot themselves in their collective foot.
-------------------------------------------------------------------------------
Rishab Aiyer Ghosh rishab@dxm.ernet.in
Voicemail +91 11 3760335; Vox/Fax/Data 6853410
H-34C Saket New Delhi 110017 INDIA
The National Short-Sleeved Shirt Association says:
Support your right to bare arms!
-------------------------------------------------------------------------------
Return to May 1994
Return to “rishab@dxm.ernet.in”
1994-05-17 (Tue, 17 May 94 10:07:40 PDT) - Why dumb criminals will NOT use Clipper - rishab@dxm.ernet.in