1997-09-25 - Re: Why the White amendment is a good idea (fwd)

Header Data

From: Declan McCullagh <declan@well.com>
To: Lizard <lizard@dnai.com>
Message Hash: c2f1c03316ddd77be28fae7678c94ce5473b0cb417b226d44eb2142904e19347
Message ID: <Pine.GSO.3.95.970925110922.1676D-100000@well.com>
Reply To: <>
UTC Datetime: 1997-09-25 18:57:19 UTC
Raw Date: Fri, 26 Sep 1997 02:57:19 +0800

Raw message

From: Declan McCullagh <declan@well.com>
Date: Fri, 26 Sep 1997 02:57:19 +0800
To: Lizard <lizard@dnai.com>
Subject: Re: Why the White amendment is a good idea (fwd)
In-Reply-To: <>
Message-ID: <Pine.GSO.3.95.970925110922.1676D-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain

Lizard, you're missing the point. 

First, the NETcenter was sold to the Commerce cmte yesterday as a way to
perform successful cryptanalysis on enciphered documents. The rhetoric was
all about keeping codebreakers up to date with codemakers. To anyone with
a glimmering of a clue about modern cryptography, this is complete
bullshit. Industry lobbyists on Monday also tried to push this line at a
press conference; I called them on it and they said, no, I was wrong, this
center would let the FBI keep up with the times. Yeah right.

Second, the NSA already performs these duties. Whether they should be
allowed to or not is a different argument. 

Third, there's no funding appropriated for the NETcenter. It's useless
without it. Again, it's bullshit.

Fourth, even industry lobbyists admitted to me privately yesterday that
NETcenter was a scam designed entirely to head off Oxley.


On Thu, 25 Sep 1997, Lizard wrote: 

> At 10:33 AM 9/25/97 -0700, Tim May wrote:
> >Once the NETCenter failed to decypt the first several dozen 
> instances of
> >PGP or 3DES thrust before it, I rather expect enthusiasm will wane.
> But it doesn't have to decrypt it. It has to tell the cops:
> "OK, you need to send a guy in there when he's not home and look for 
> a file called 'mykey.gkr' on his computer...it will probably be in 
> c:\pgp. Then you need to plant a video camera to watch him type his 
> passphrase. Then we can read his mail, no sweat."
> I don't know why I keep making this point, but the weak point in 
> crypto is NOT the length of the key, it's the human factor. Go after 
> the HUMAN USING THE CRYPTO via traditional spy/police methods, and 
> smeg the key length.
> But to do that, you see, you'll need warrents, reasons for 
> suspiscion, and, becuase of the effort involved, you'll only do it 
> for serious crimes with a strong liklihood of conviction. *That* is 
> the 'stauts quo' law enforcement *claims* to want.