From: Anonymous User <nobody@soda.berkeley.edu>
To: chuckles@MCS.COM
Message Hash: c534333900768b83ce8edba1d504c83b7c273d0d8f35794673427efe8c978fd0
Message ID: <199407081547.IAA25671@soda.berkeley.edu>
Reply To: N/A
UTC Datetime: 1994-07-08 15:47:25 UTC
Raw Date: Fri, 8 Jul 94 08:47:25 PDT
From: Anonymous User <nobody@soda.berkeley.edu>
Date: Fri, 8 Jul 94 08:47:25 PDT
To: chuckles@MCS.COM
Subject: (fwd) New ITAR Indictment
Message-ID: <199407081547.IAA25671@soda.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain
Are you serious?
(fwd)
From: chuckles@MCS.COM (Jason Skiles)
Newsgroups: alt.security.pgp,comp.org.eff.talk,comp.org.cpsr.talk
Subject: New ITAR Indictment
Date: 8 Jul 1994 01:02:56 -0500
Reprinted with permission from the Chicago Sun-Tribune, 5 July 1994:
From Sun-Tribune Wires
Washington, D.C.-
In a Rose Garden press conference early this morning, Justice
Department spokesmen announced the indictment of a Washington, DC.
computer bulletin board system (BBS) operator, one Mr. Gil Bates, for
violation of ITAR munitions export laws in connection with the operation
of the infamous 'We got yer nudes here' BBS.
According to federal authorities, many of the graphics files, or
'gif' files, named for their storage format, contained, when examined with
a common hex editor, the value 0xAAAA, which can be used to encrypt data
in such a way as to make it extremely difficult for intelligence and law
enforcement agencies to recover the encrypted data.
"0xAAAA first came to our attention a few weeks ago," explained
Deputncrypted] file, by
using a complicated algorithm known as 'exclusive or' and a 'mask' or
encryption key, of, for example, "0xAAAA."
Agents were stunned. "It's an entirely new and sinister turn of
events in the field," said Miller. "We'd be helpless against such an attack."
Miller went on to explain just how secure such a scheme would be. "When
we need to crack some encrypted data, for example, email someone sends to
his lawyer that we think may contain incriminating evidence," we usually
just hand it to thenstitutional issues
involved there, but we're working on it." He refused to elaborate.
Once the technique was known, news spread quickly throughout the
law-enforcement community. "This was a shot across the bow, a real
wake-up call for us," said one Justice Department source. "We moved
immediately, meeting with the vice-president and a professor from Georgetown.
They were reluctant at first, but we mentioned organized crime and terrorists
and they came around to our point of view."
But why forbid the 'mask' or 'key' instead of the algorithm itself,
the 'exclusive-or' technique? "That's sort of a funny story," explained
Miller. "We were going to at first, but it turns out that the Clipper
and Capstone chips [part of a government-designed key escrow system] make
use of the algorithm in places. Of course, there were a few 0xAAAA's too,
but the NSA assures us they've got a workaround."
Bates loudly proclaims his innocence. "This is stupid, really stupid.
It's just a 16-bit value, like any other. They can't restrict it. I'm...
I'm at a loss. This is just too stupid to comment on."
The case got weaker late this afternoon when it was revealed that the
file in question didn't actually leave the country, but was retrieved by
an FBI agent in Virginia.
"Obviously this compromises our case somewhat," admitted Miller,
"since Virginia isn't a foreign country. But someone in another country
could have done the same thing, easily. That should count for something."
Schneider noted that "Even though we'll probably have to drop the ITAR case,
we did come up with something. He had a copy of PGP [a 'guerilla freeware'
encryption package popular with subversives and criminals] and some files
he'd protected with it." "We think they were maybe lists of children he
an FBI agent in Virginia.
"Obviously this compromises our case somewhat," admitted Miller,
"since Virginia isn't a foreign country. But someone in another country
could have done the same thing, easily. That should count for something."
Schneider noted that "Even though we'll probably have to drop the ITAR case,
we did come up with something. He had a copy of PGP [a 'guerilla freeware'
encryption package popular with subversives and criminals] and some files
he'd protected with it." "We think they were maybe lists of children he
abused, or something," says Schneider. "Yeah, or something," added Miller.
[Pre-flame apologies go out to those who object to the inclusion of 'serious'
groups in the newsgroups list. If you know any silly ones where this would
be more welcome, feel free to send it along.]
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
| Jason "Chuckles" Skiles | <Insert a clever quotation here.> |
| chuckles@mcs.com | - <misattribute it here> |
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
| Any opinions I express are also those of every single school, company, |
| and organization I've ever been in any way associated with. Honest. |
++++++++++++++++++++++++++finger for PGP public key+++++++++++++++++++++++++
------------
To respond to the sender of this message, send mail to
remailer@soda.berkeley.edu, starting your message with
the following 8 lines:
::
Response-Key: ideaclipper
====Encrypted-Sender-Begin====
MI@```%ES^P;+]AB?X9TW6\8WR:2P&2%`$A:^X<=%.A'J%;"Y7E2J[QT=&)]L
M0`F:L=MI*O?R!?N6/E3TTZ6WF^B=ZP9][Y)B)J)4PF/%M3XOVYT^Y;!E*9Y9
$\U3XF@``
====Encrypted-Sender-End====
Return to July 1994
Return to “Anonymous User <nobody@soda.berkeley.edu>”
1994-07-08 (Fri, 8 Jul 94 08:47:25 PDT) - (fwd) New ITAR Indictment - Anonymous User <nobody@soda.berkeley.edu>