From: lethin@ai.mit.edu (Rich Lethin)
To: cypherpunks@toad.com
Message Hash: 2001d973787bb7d0c9752710760c2c539f480a10e1d7fb4c4f41a6552aa7c5fb
Message ID: <9411212113.AA05023@kiwi>
Reply To: N/A
UTC Datetime: 1994-11-21 21:14:30 UTC
Raw Date: Mon, 21 Nov 94 13:14:30 PST
From: lethin@ai.mit.edu (Rich Lethin)
Date: Mon, 21 Nov 94 13:14:30 PST
To: cypherpunks@toad.com
Subject: Admiral Inman
Message-ID: <9411212113.AA05023@kiwi>
MIME-Version: 1.0
Content-Type: text/plain
[Hi, below are some class notes for your use. Probably many flaws,
spelling errors, etc, but time to get back to work...]
(Retired) Admiral Bobby Inman, the former director of the NSA, Deputy
directory of the CIA, and Director of Naval Intelligence spoke at Hal
Abelson's MIT class today about Clipper, export regulations and
cryptography. He was impressive with respect to the clarity of his points,
the even-handedness, and the precision with which he addressed questions
from the class.
He began his talk addressing the beginnings of the export control debate as
arising with mid-80's intelligence from the French disclosing a Soviet
"shopping list" of technologies to acquire from the West, starting with
overt purchases, and moving to covert purchases and theft if necessary.
The government was particularly alarmed at the size of the figure for the
number of Rubles that the Soviets saved. The resulting internal government
reaction started by working to reclassify technologies that were previously
public, but then moved to discuss how to structure the ground rules for
business in order to prevent sensitive technologies from being exported in
the future.
The mentioned the myth in the press about the value of technical
intelligence as not providing information about intentions, instead
providing only information about configurations and positions. While
that's true for imagery, communications intelligence does provide
information about intentions. He said that while he can't provide specific
cases, in the last 20-30 years comint has provided significant information
about intentions, and in cases where the military was employed. This
relates to the export of cryptography because cryptography, because there
were some cases where they were able to gain access but unable to go
further because of the employment of cryptography.
He mentioned that he was involved in the decision to declassify the work
related to Magic and it's successes against the Japanese. In that, even
though much of the material was 40 years old there was much resistance to
declassification because in many other instances, adversaries have employed
extremely dated encryption technology, so it was felt that in all cases,
the less said about cryptography publicly, the better.
He touched on the mid-70's debate about public cryptography which led to
the establishment of voluntary peer review with a 30-day response from the
NSA. He felt that this system worked for about 10 years, and finally broke
down when commercial opportunities for cryptography started to arise, so
that economic incentives instead of publishing incentives started to frame
the debate.
He said something about the extensive, nonpublic, dialogues between
commercial companies and the government which eventually became public. I
didn't quite follow this; he seemed to be censoring himself as he said it.
Something about both parties or one party regretting this becomming public.
Coupled with this was an "evolution of concern" about white-collar crime,
which he said was a recent (since Watergate) phenomenon. This evolution of
concern was the fact that the FBI has become "totally dependent" on
wiretaps for enforcement against white collar crime. When asked later
about the proportion of concern within the government between the various
white-collar crimes, such as drugs, organized crime, terrorism, etc., he
replied that the governmental concern about wiretaps was and is primarily
and unambiguously about narcotics.
Therefore, the driving concern with regard to public disclosures about
cryptography were not primarily related to the export of this technology,
but instead, related to the domestic use. This led to the technological
solution, Clipper, which he termed a mini-disaster.
He said that people inside the government miscalculated the depth of
ditrust of government which led to the anti-clipper groundswell. He felt
that this was simply a "blind spot" in those people; it's not that they
have bad motives, it's just that they can't comprehend why someone wouldn't
trust the government. By proposing clipper (which is technologically
sound) with it's government-entity escrow, he said that they fed the
spectre of Big Brother, when it would have been better to deal with it from
the start.
One of the ways that they could have dealt with it was via commercial or
nongovernmental escrow, specifically citing the companies in Boston and NY
which deal with stock certificate transactions. However, he was skeptical
whether nongovernmental escrow had any political future, given the initial
blunder.
From a public policy standpoint, he felt that given the single-issue voting
in the recent election, regarding crime, the public's equivalence of crime
with drugs, and the essential nature of the wiretaps as the sole source of
leads in combatting narcotics, that arguments *to the public* about privacy
would be ineffective. Most of the public do not see wiretaps as
threatening them. He felt that if one wanted to fight for privacy in the
public domain, the only chance was to link it with another issue that the
voting public feels strongly about: namely, Big Government, Bureaucracy.
Throughout his talk, this theme was reiterated several times: the public
does makes governmental policy by the way they vote. The public cares
about crime. Crime and Drugs are the same thing (in the public eye).
Arguments about privacy will not fly. The argument must be PACKAGED in
terms that links it to an issue that the public cares about, and the public
cares about and opposes Big Government.
He suggested that the alternatives to government wiretap abilities to
combat drugs might be random uranalysis of the public, specifically to
combat the demand side of the drug trade since enforcement against the
supply side is so terribly unsuccessful. Note: he wasn't advocating this
action by the government, just pointing out that there are implications to
extreme positions on any issue, largely related to the public's current
concerns.
Back to Narcotics. He gave the statistic that 90% of the narcotics leads
related to money laundering come from domestic wiretaps. He claimed that
international wiretaps are less valuable, because of the trail of the money
which generally travels this route:
Small US Bank <1> Large US Bank <2> Canadian Bank <3> Cayman Island <4> Columbia
He claimed that the only valuable link wrt to enforcement is link <1>
because this identifies the individuals subject to law enforcement, while
scanning links <2> and <3> is illegal due to treaty clauses which preclude
surveilance of companies located in friendly-nation intelligence allies
(e.g. Canada) while scanning link <4> is not worthwhile because it's too
far removed and difficult to identify with specific individuals in the US.
When asked about the often rumored "you spy on my citizens, I'll spy on
yours and we'll exchange what we get" cooperation that would allow the US
to subvert restrictions on unauthorized wiretapping of citizens, he said
that that would be illegal because of that treaty clause preventing such
spying and it doesn't happen; he claimed that the intelligence sharing that
goes on is motiviated by cost considerations, rather than trying to subvert
laws in the form that this rumor alleges.
He suggested that most companies are not willing to spend money on strong
cryptography and that in order to get companies more interested in strong
cryptography, there must be one or two well-publicized cases where
companies experience actual losses due to some sort of ether-sniffing.
Inman made the point that when governments are faced with problems that are
too big, they often just throw up their hands and don't deal with it.
Someone else in the class followed on this by pointing out that the logical
implication of that argument is that redoubling efforts for the adoption of
PGP or the like would effectively make the problem a big one for the
government.
Inman was surprised by the looming introduction of VoicePGP, and said that
that would be a big problem, particularly with the advent of mobile
computers that supported VoicePGP, since much of the dealer-level narcotics
enfocement relies on such surveilance. He pointed out, though, that
current cellular phones are difficult to monitor because "there's no
technology that can sweep up and sort out phone conversations" despite very
large investments in this. He drew an analogy to a case where he had to
inform President Carter that an insecure dedicated private land-line to the
British Prime Minister had been compromised -- he told him that the nature
of the phone system, with its huge volume and unpredictable switching would
have made using a pay phone more secure.
Inman, when asked about foreign export restrictions felt that the best way
to remain ahead technologically was not to restrict export, but speed the
pace at which you advance domestically. The current global economic system
is very different from the days when export constraints were first
proposed, and that they're probably not applicable.
Many of you might remember the controversial hearings regarding Clinton's
nomination of Inman for DCI about a year ago; it was rumored in the press
that William Saffire of the New York Times and Senator Dole had worked out
a pact, whereby Dole would sink Inman if Saffire would sink Clinton. This
rumor was never substantiated, but Saffire's scathing editorial about Inman
stemming from an incident in which he felt that Inman has lied to him
helped scuttle Inman's nomination.
In class today, Inman mentioned that his privacy had been invaded during
the nomination process; when asked for elaboration, he cited cases of the
press going around asking questions about his wife and sons. So Inman
seems sensitive to issues of privacy, but in this case, they seem to be
primarily associated with invasions of privacy by the media rather than by
the government.
In all, Inman gave a balanced talk in which he advocated very few opinions,
rather, he was concerned with clarifying the motives of the different
players (the govt and the public) to make some coherent sense of
complicated issues.
Return to November 1994
Return to “lethin@ai.mit.edu (Rich Lethin)”
1994-11-21 (Mon, 21 Nov 94 13:14:30 PST) - Admiral Inman - lethin@ai.mit.edu (Rich Lethin)