1996-11-26 - Re: Netscape working with the NSA.

Header Data

From: Greg Broiles <gbroiles@netbox.com>
To: Tim Tartaglia <tag@silvix.sirinet.net>
Message Hash: 298ed3d6728dfdb32c346d4a33637f9930b155f7f37a54e24b6e18dc8eb14a76
Message ID: <3.0.32.19961126003002.006e0328@ricochet.net>
Reply To: N/A
UTC Datetime: 1996-11-26 08:20:16 UTC
Raw Date: Tue, 26 Nov 1996 00:20:16 -0800 (PST)

Raw message

From: Greg Broiles <gbroiles@netbox.com>
Date: Tue, 26 Nov 1996 00:20:16 -0800 (PST)
To: Tim Tartaglia <tag@silvix.sirinet.net>
Subject: Re: Netscape working with the NSA.
Message-ID: <3.0.32.19961126003002.006e0328@ricochet.net>
MIME-Version: 1.0
Content-Type: text/plain


At 05:34 AM 11/26/96 +0000, Tim Tartaglia wrote:
>
>Check out the following:
>http://www-tradoc.army.mil/dcsim/browser.htm
>
>Here's an excerpt:
>
>> ...Netscape has been working with NSA...Their proposed solution is based
>> on the use of Fortezza card technology.  In November NSA expects to
>> certify Netscape Navigator 3.0 for "unclassified but sensitive" use...

The NSA has two main tasks: gathering [foreign] signals intelligence
("SIGINT") and making it difficult/impossible for other parties to get
signal intelligence from the US ("INFOSEC").

Given the context of the information you found, it looks like they're
negotiating with Netscape and Microsoft to evaluate the strength of their
browsers to that the browsers can be used for "unclassified but sensitive"
tasks; that is to say, NSA is operating in their "protect domestic data"
mode, not their "wiretap everything" mode.

Certifying the browsers (or other domestic privacy tools) as safe if
they're not (or if they've got designed-in weaknesses) would play a very
dangerous game - the NSA would gain little and risk a lot. They could (and
probably do, or will soon) mandate the use of GAK crypto for official
"sensitive" applications; so adding hidden weaknesses (which are
essentially stealth GAK) doesn't give them much they don't have already,
but it does create the potential that a third party will learn of the
hidden weakness (through careful study or exploiting a traitor or whatever)
and then have access to information the gov't would like to keep private
for an unknown period of time - followed by a sudden expensive & disruptive
switch of crypto tools when the discovery of the weakness became known. 

So it seems unlikely that there's anything bad going on here; it doesn't
make much sense for the NSA (or other TLA) to intentionally weaken a crypto
app and then certify it as secure for government use. They want to keep the
good stuff for themselves, and make us use the weak software. They don't
seem to be especially shy about telling us when they want to spy on us. 

I suppose it's possible to see government contracts as a foot in the door
to economic "incentivization", e.g., if Netscape and Microsoft want the
govt's money/approval badly enough, they'll switch over to the dark side.
But this danger is pretty much unavoidable; and the government's got enough
ways to coerce folks (cf. Jim Bidzos and the guys who want to run him over
in the parking lot) that this seems mild by comparison. If the government
chooses to apply some pressure to incentivize a corporation, they'll find a
way. 

So far, it appears that they played fair when they certified DES as secure
- and folks on the outside have been banging away on DES for almost 20
years, without finding any trapdoors. The balance of risks suggests that
they'll probably keep playing fair when certifying privacy tools; not
because they're nice guys, but because it's in their best interests to do so. 

--
Greg Broiles                | US crypto export control policy in a nutshell:
gbroiles@netbox.com         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.
                            | 





Thread