From: John Young <jya@pipeline.com>
Date: Mon, 3 Mar 1997 16:37:19 -0800 (PST)
To: cypherpunks@toad.com
Subject: NSA Sued by Cryptographer
Message-ID: <1.5.4.32.19970304003033.006ac3a8@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


We've received from Anonymous a copy of a February 28, 
1997, complaint against NSA by an ex-Sandia cryptographer:

   http://jya.com/nsasuit.txt  (41K)

The cryptographer, William Payne, was:

   project leader for the Missile Secure Cryptographic Unit 
   [MSCU] at Sandia between about 1982 and 1986.  The 
   MSCU was funded by NSA.  Payne designed and built 
   the hardware/software data authenticator for the US/USSR 
   Comprehensive Test Ban Treaty for Sandia between 
   1986 and 1992. Payne held SECRET clearance when 
   Payne worked for the Navy, DOE Q clearance, crypto and 
   SCI access while at Sandia.

The document says that Payne was a source for the Baltimore 
Sun story on NSA's "spiking" deal with CryptoAG*, and other 
stories, after he was fired in 1992 for attacking the quality of 
NSA's cryptography.

It includes descriptions of agreements between Sandia and 
NSA, algorithms, critiques and procedures. A sample:

   Payne revealed to the public the value 31. "The algorithm 
   required stepping two of its internal registers at a rate many 
   times the data rate."  

   NSA believes that 31 is classified.  Payne believes that this is 
   classification abuse.

   Therefore, Payne issued a FOIA to NSA crypto-mathematician Brian 
   Snow also on June 10, 1996.

     	I found no evidence that NSA possesses any special 
	crypto skills, and apparently hides its deficiencies 
	behind the veil of classification abuse.  

     	To the contrary, I discovered generic deficient 	
	crypto work. 

     	We brought this to the attention of NSA.  Sandia even      
	offered to help NSA fix its deficient crypto work.  
	And NSA attempted to correct its deficient crypto 	
	work.

     	Therefore, under 5 USC 522b I request access all 	
	technical documentation on, 

     	1    Benincasa's original NSS/USO algorithm,
     	2    Benincasa's revision of 1,
     	3    The Unkenholtz - Judy GRANITE algorithm,
     	4    Your MSCU algorithm,
     	5    the clipper algorithm,
     	6    the STU III algorithms.       

     	I feel that published analyses of the above 6 	
	algorithms will show the Clinton administration, 	
	congress, and the public that NSA possess no superior 
	knowledge of crypto matters. 

   Payne received no response from NSA.

----------

* "Cryptographic units were 'spiked' so that the crypto key was 
transmitted ['covert channel'] with the cipher text."

For more on the CryptoAG story see:

   http://jya.com/cryptoa2.htm