From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: eay@cryptsoft.com
Message Hash: fe562226571cc0f11e271275d575dc14f620437e1549c2eb3e68542ad06e6a97
Message ID: <86718300701373@cs26.cs.auckland.ac.nz>
Reply To: N/A
UTC Datetime: 1997-06-24 20:22:28 UTC
Raw Date: Wed, 25 Jun 1997 04:22:28 +0800
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
Date: Wed, 25 Jun 1997 04:22:28 +0800
To: eay@cryptsoft.com
Subject: Re: spook pressure on crypto exports (was Re: cypherpunks coding challenge)
Message-ID: <86718300701373@cs26.cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain
Death rays from Mars made Adam Back <aba@dcs.ex.ac.uk> write:
>Bill Stewart <stewarts@ix.netcom.com> writes:
>>(Though actually SSLeay has been very useful to a lot of the
>>world's free cryptography, and has prompted the US spooks
>>to pressure the Australian spooks into restricting crypto exports,
>>just as they've pressured the NZs into restricting them for
>>Peter Gutman, and have been trying to work on the Irish...)
>Could you elaborate on these. I caught Peter Gutmann's comments on the
>hassles a company he did some work for were having with the NZ spooks. (The
>spooks intercepted their mailed disk, plus some other cloak and dagger
>spookish stuff).
Nothing was intercepted. They (the GCSB, NZ subsidiary of the NSA) came up
with some phony story about NZ customs intercepting a shipment of
military-grade encryption (or something similar) which they fed to the
Australian spooks (DSD). NZ Customs knew nothing of this, and the DSD were
apparently also considerably surprised by it. As far as I can tell it was a
very amateurish attempt to intimidate one of the companies involved
(frighteningly amateurish in fact - a single phonecall was enough to confirm
that they'd invented the whole incident themselves, the only real effect it
had was to get them a front-page story in the National Business Review and
(presumably) piss off the DSD for sending them on a wild goose chase and
risking media exposure).
>Is this still going on, was it ever resolved? Can the next version of
>cryptlib be exported legally? Or are we relying on Peters bravery?
It can be legally exported. Although the people pulling the strings are the
GCSB, the group enforcing it is the Ministry of Foreign Affairs and Trade
(MFAT)'s export control group, who are idiots (I can elaborate on this in
great detail at some point, preferably over a beer). I have several written
statements from them that I can freely export it electronically (along with
all sorts of bogosities such as a letter signed by the minister in which the
first sentence of the second paragraph says exactly the opposite of the last
sentence in the paragraph, and other, similar gems). At one point I was
firing off one letter after another to them just to see how silly they would
get, but it got boring after awhile. I'll put these letters online at some
point for people to have a laugh at.
I should also clarify a point about the online writeup of my experiences,
which imply that the NSA was active in directing the GCSB over export
controls. I'd had some feedback from a high-level US spook source that this
wasn't quite the case, but the source has some rather unusual opinions on
spooks and their activities (something along the lines of "Civilization would
collapse tomorrow if it wasn't for the fine efforts of the CIA and NSA") which
made me somewhat suspicious about the accuracy of the information. Anyway,
what this source said (and this bit I can believe) was that NZ was completely
out of its depth with this (which was obvious from the way it was handled) and
was terrified of offending the US. According to the source, the NSA was
exerting a *moderating* influence on the whole thing, and that any progress
made was because the NSA told the GCSB to back off. This would indicate an
interesting case of the NSA exerting very strong indirect influence on
determining crypto policy. The GCSB knew the NSA didn't want crypto being
distributed, and when they heard of the export they went into overdrive to
show the NSA what good boys they could be and how keen they were to help the
US by enforcing US policy for NZ crypto.
This interpretation is believable, NZ is very much a junior member of the
UKUSA alliance and really doesn't want to do anything which might offend the
other partners. They knew the US didn't want crypto being made available, so
they went out of their way to try to show the NSA that they could be trusted
to do their bit in restricting crypto (I'm certain that something as
amateurish as the NZ Customs story didn't come from the NSA, even the DSD
seemed unaware of it).
This means that it doesn't actually require any direct intervention from the
USG to control crypto policy, the mere knowledge that the NSA doesn't like
something is enough to make the local spooks (who, in NZ's case, rely on the
NSA for much of their hardware and training) do whatever they think will keep
the NSA happy. It's perfect for the NSA I guess, because they get complete
deniability (Just yell "Will noone rid me of this troublesome crypto" and sit
back and wait).
Peter.
BTW, what's happened to taz.nceye.net? The cypherpunks mail->news doesn't
seem to have been updated for more than a week.
Return to June 1997
Return to “pgut001@cs.auckland.ac.nz (Peter Gutmann)”
1997-06-24 (Wed, 25 Jun 1997 04:22:28 +0800) - Re: spook pressure on crypto exports (was Re: cypherpunks coding challenge) - pgut001@cs.auckland.ac.nz (Peter Gutmann)