From: declan@well.com (Declan McCullagh)
To: cypherpunks@toad.com
Message Hash: bdd154b94b807b54e2b6ff54caddf936925bfed845e77c4d450bdc5685be58be
Message ID: <v01510105add95b2fda0a@[204.62.128.229]>
Reply To: N/A
UTC Datetime: 1996-06-04 06:25:51 UTC
Raw Date: Tue, 4 Jun 1996 14:25:51 +0800
From: declan@well.com (Declan McCullagh)
Date: Tue, 4 Jun 1996 14:25:51 +0800
To: cypherpunks@toad.com
Subject: CWD: "Jacking in from the "One that Got Away" Port
Message-ID: <v01510105add95b2fda0a@[204.62.128.229]>
MIME-Version: 1.0
Content-Type: text/plain
(By Brock Meeks / brock@well.com / Archived at http://www.cyberwerks.com/)
CyberWire Dispatch // Copyright (c) 1996 //
Jacking in from the "One that Got Away" Port:
Washington, DC -- President Clinton call your spooks, get FBI Director
Louis Freeh on the phone. Tell them to order in pizza. Bill, it's
going to be a long night. All your plans to hold the U.S. crypto
market hostage have just been fucked... and you didn't even get kissed.
A virtual tactical nuke was hurled into the arcane subculture of
encryption technology Monday when RSA President Jim Bizdos revealed
that his company's Japanese subsidiary had developed a monster chipset
capable of scrambling voice and data real time with a so-called "key
length" of up to 1024 bits.
That key length stuff is just so much gibberish to those playing
without a scorecard, so let me drill down on it for you. Basically,
the longer the key length, the harder it is for a message to be broken
by "brute force" automated attacks. Current U.S. laws prohibit the
export of any encryption device with a key length longer than 40-bits,
or roughly the equivalent of Captain Crunch decoder ring. For hardcore
math types, I'm told that a 1024-bit key length is 10 to the 296th
power more difficult to break than 40 bits.
Bizdos, speaking during lunchtime at the Electronic Privacy Information
Center (EPIC) 6th Cryptography and Privacy conference, told how his
Japanese based company, Nihon-RSA, developed a set of two chips capable
of scrambling messages at a level that will make the spooks in the
Puzzle Palace (the National Security Administration) cough up hair
balls that would make the First Cat Socks envious.
Bizdos seems to have found crypto's magic bullet; a legit way to
essentially give the finger to U.S. export laws for crypto product. For
years now the White House has been locked into a kind of crypto war.
The Administration insists that strong encryption products must not be
exported for fear that "terrorists, child pornographers and drug
barons" and a rabble of assorted "bad guys" would snag the technology
and proceed to plot the destruction of the "World As We Know It"... or
at least Western Democracy, if the inbred Iranians got in line first.
The White House crypto-fascist team, led by the NSA, FBI and assorted
military hawks, have offered braindead compromise plans, including
three versions of the "Clipper Chip." This is a plan whereby you can
buy strong locks for your data with the simple caveat that when you buy
and use the products, you have to put the decoding key "in escrow."
This way if a law enforcement agency ever has the need to unscramble
any of your messages -- without you knowing it -- they can simply ask
for these escrowed keys and have them handed over. Yes, even your
local sheriff's department can ask for the keys.
Now, the government promises it will use this power only for good and
never for evil. Honest, that's what they say. Of course, the Justice
Department, in writing the rules for getting the keys, totally absolves
any law enforcement agency of all harm if this power is abused in any
way. Oh.. and if that power is abused, the sheriff or the FBI or
fucking Park Police for that matter, can still use any "evidence" they
gin up on you. Honest, I'm not making any of this stuff up.
So the battle has raged. The industry has been loathe to develop such
products only for the American market because the cost of producing
essentially duplicate products for domestic and foreign markets just
wouldn't be cost effective.
So, you and I are stuck having to use some pretty tedious encryption
technologies, such as PGP (Pretty Good Privacy), which is great, but
tough to use. Or we can use the Captain Crunch Decoder ring
equivalents available off the shelf. In the meantime, other countries
are happily making and distributing robust encryption technologies, at
a possible loss of up to $60 billion for U.S. companies.
In fact, it's a crime even to put a program like PGP on your laptop and
go overseas. The State Department calls that "exporting." The
government recently dropped a case against Phil Zimmermann, the
inventor of PGP, after putting him through several hellish years in
which they threatened to toss his ass in jail. There Phil would no
longer be a threat to society at-large, but instead become a
"girlfriend" for a 265 pound felon named Spike. Phil's "crime"??
That somehow his PGP app had been uploaded on to the Internet and
whisked around the world. Phil didn't do it, but the U.S. government
cried "export violation," anyway, eventually telling him, "Oh, never
mind."
So Bizdos, tired of fighting the wars here, enlisted the help of the
Japanese. After setting up his Japanese unit, he hired a crack team
of Japanese crypto experts who essentially "reverse engineered" the
company's own U.S. crypto product, according to Kurt Stammberger, RSA
director of technology marketing. It was a brilliant move. Bizdos
can't be slammed by the State Department for violating crypto export
laws because, well, he didn't export a damn thing, except some U.S.
greenbacks, which of course, could have gone to U.S. cryptographers,
but let's not quibble about jobs.
Anyone want to kick around the subject of global competitiveness?
What's happened here is the Japanese have now trumped the entire world
on the crypto market. What's more, Clinton's brain-dead allegiance to
the FBI, et al., has now allowed the Japanese government, which still
owns a large share of NTT, which owns a minority share of RSA's
Japanese subsidiary, to have a lock on the world's strongest encryption
technology. Can you say "Remember the VCR" or "Remember the
Semiconductor" or how about "Thanks, Bill. We're fucked."
The boys in the Pentagon made a stink a few years ago when a Japanese
company made a play for Fairchild, a top defense contractor. It was
feared that the Japanese, by swallowing up the U.S. company, would also
gain access to technologies vital to the U.S. military. The deal was
squashed. Natch... now it looks like the G.I.'s with the stars on
their shoulders have just put their spit-shined combat boots up their
own ass by supporting Clinton and his continued ban on crypto exports.
"We truly have ceded this market Japanese companies," Bizdos said.
"It's almost too late to turn it around." Some 15 COUNTRIES have
already placed orders for these chips, Bizdos said, adding that the
Japanese will not build the chips with a key escrow function.
EPIC Director Marc Rotenberg said he was told by a Japanese
representative that the country's constitution wouldn't allow key
escrow because it doesn't allow wire-tapping. Umm... maybe the
Japanese just don't have *really* bad guys like the FBI assumes we have
here.
What's more, Bizdos says the deal with NTT is "no coup." He says the
Germans and French "aren't far behind" in developing similar
technologies. The RSA bombshell "fuels the argument that this stuff
can't be contained in our own borders," said PGP's Zimmermann.
Just how the relationship between NTT and RSA works out isn't set,
Bizdos acknowledged. "They'll pay us a royalty for the chips they
sell," he said. "We're working it all out."
Meanwhile, from my office window here in DC I've already counted 17
Domino's Pizza delivery bikes go screaming by on their way to the White
House. Through my telescope I can see the White House balcony; it
looks like Bill is sick, like he's just heard some "really bad news."
And behind him, just inside the double-doors, on a persian rug placed
there by Warren G. Harding, I think Socks the Cat has just coughed up a
hairball... or maybe it was Louis Freeh. From this angle, I just can't
be sure.
Meeks out...
------------
Additional reporting by Declan McCullagh (declan@well.com)
Return to June 1996
Return to “Gary Howland <gary@systemics.com>”