From: jim bell <jimbell@pacifier.com>
Date: Mon, 7 Oct 1996 05:35:05 +0800
To: "Timothy C. May" <cypherpunks@toad.com
Subject: Re: "Drift net fishing," GAK, FBI, and NSA
Message-ID: <199610061907.MAA23619@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:07 AM 10/6/96 -0800, Timothy C. May wrote:
>Some convincing evidence was presented
>that the moving force behind GAK is *not* the NSA, but is rather the *FBI*.
>Specifically, even 40-bit keys are probably too long for massive "drift net
>fishing," in that the cost per break is probably still too high. The cost
>for a "focussed attack" (I can't think of a fishing parallel...maybe "spear
>fishing"?) 

How about "DuPont-lure fishing"?

is of course low. The speaker at SAFE pointed out that the FBI
>is pushing for the 40-bit keys (and now is accepting the 56-bit keys?)
>because for focussed attacks, e.g., on the communications of a person under
>observation, they can call on other agencies to break the ciphers for them
>(even if they don't yet have their own such machines).
>
>In a nutshell, almost any level of encryption above, say, 30something bits,
>is too much when millions of messages per day are to be "drift-netted" is
>too much. (The exact number that is "too much" depends on a lot of factors,
>including the cost of the cipher-breaking machines, the number of messages
>to be read per day, etc. This number will change with time.)

You should also factor in the government's ability to store what they can't 
immediately decrypt, which drastically changes the playing field with 
regard to encryption.  It was at least five years ago when I first read 
about a system to record data on so-called "digital paper," which was 
actually a plastic with a photo-writable layer similar to write-once CD's.   
 It could be formed in any configuration, but perhaps one of the more 
intriguing (due to the large writable area) is on large reels similar to 
1/2" magtape.  As I recall, they claimed that such a reel could hold 1 
terabyte of data.

Sure, such a capacity is small compared with the total Internet traffic, but 
I assume that most traffic could be excluded from recording if its source 
was known, etc.  They'd exclude anything from "probably-okay" web pages, they'd 
trim space-hogging graphics, etc.  "Just the facts, ma'am."     Call the 
whole thing "retroactive-selective-drift-net-fishing," if you will.

Once this data is stored away the government would determine (perhaps years 
after the fact?) which data they want to decrypt, possibly based on crimes 
committed long after the data was recorded.  This information might reveal 
contacts, etc.   Obviously they have no prayer of doing real-time analysis.  
Even so, it makes it far more practical to do the equivalent of drift-net 
fishing if they can exclude 99.9999%+ of the traffic from their decryption 
attempts.  56-bit encryption doesn't look so ominous to them in this case.



Jim Bell
jimbell@pacifier.com