From: “‘die@die.com’” <die@die.com>
To: Ernest Hua <Hua@teralogic-inc.com>
Message Hash: d99f25962b5b8c565ce8f70d03aab2191847fb9063b44e60d2489d81dd7c38bc
Message ID: <19980308205943.36290@die.com>
Reply To: <413AC08141DBD011A58000A0C924A6D50D7DC5@MVS2>
UTC Datetime: 1998-03-09 01:59:18 UTC
Raw Date: Sun, 8 Mar 1998 17:59:18 -0800 (PST)
From: "'die@die.com'" <die@die.com>
Date: Sun, 8 Mar 1998 17:59:18 -0800 (PST)
To: Ernest Hua <Hua@teralogic-inc.com>
Subject: Re: Encryption export controls are a rationalization of a "cheat"
In-Reply-To: <413AC08141DBD011A58000A0C924A6D50D7DC5@MVS2>
Message-ID: <19980308205943.36290@die.com>
MIME-Version: 1.0
Content-Type: text/plain
On Sun, Mar 08, 1998 at 01:59:53PM -0800, Ernest Hua wrote:
> today. I am not aware of what cellular spectrum chip sets are available
> via Wyle or some other distributor, but I wouldn't be surprised if the
> cost of a digital intercept equivalent gear would be much more than $300
> in parts plus a 300MHz PC (to decode the intercepted stream).
I don't think I'll bother the list with this, but a big problem
with cellphones is that people have cellphones. And cellphones are
generally not designed to be tamperproof (in many cases little or no
effort in this cost competitive market has gone into this) so making
a real cellphone serve as the front end to a snooping system has and will
be done and in fact be the easiest hack engineering solution.
>
> The question is, what is worth the potential interceptor's time and
> money to do this? It's obvious that politics is enough for the Florida
> couple (in the Gingrich case). For a college-age hacker, "because I can
> do it" plus "I work in a well-stocked University lab" is probably enough
> reason. I won't venture to guess what is worth a criminal's time and
> money, but surely existing models for analog piracy behavior is enough
> to characterize the trade-offs.
There are lots and lots of people who like to be spectators
and are keenly interested in other people's affairs. All of us are
to some degree - witness the feeding frenzy over the Monica affair -
and some guestimates have estimated that perhaps as much as 40% of
analog cell calls near large cities are being eavesdropped on by
at least one other person.
>
> In short, we violently agree on the technical plus behavioral front.
> But we are preaching to the choir. The real audience for a
> easy-to-understand summary is Congress. They need to understand that
> the assumptions 30 years ago do not apply today. And that market demand
> for more and more technically-literate engineering professionals along
> with the phenomenal downward price spiral in PC's and consumer
> electronics gear will simply make those assumptions even less applicable
> in the future.
That problem is getting worse rather than better. The media
depiction of the mysterious "hacker" long haired mad kid intent on evil
invasion of the worlds computers is helping create the illusion
that there is a separate techno criminal class. But the reality is
that more and more people are crossing the barriers that the older lawyers
in congress never tried to cross and learning something about technology
and software. And these people are the guy next door with the cute
kids, not fringe crazies. And the evil net allows information to
become available much more widely than before.
>
> Regarding my moral or ethical argument, I am using the fuzzy standard
> set by what society will accept or not accept.
From my perspective, there are deep divisions and ambivalences
in what the US people will tolerate. They hate the idea of being spied open
but buy nanny cams and gobble up spy novels and TV shows. They purchase
millions of police scanners and react in horror when Linda Tripp tapes
a conversation to protect her ass. And they expect the US government
to be on top of events around the world and have inside knowlage of
other governments and react in horror when their spies are unmasked
within our walls, and their eavesdropping gets shown on the nightly
news. And cities install more and more cameras and bosses read more
email and listen to more calls on business phones every year.
> I don't think I need to
> argue that most American citizens will be really really pissed if they
> found out that the NSA is spying here via their British counterparts, or
> that the FBI has conducted far more intercepts than they officially
> report.
Yes, its definately sausage but it tastes good...
> I am definitely not arguing that the FBI or the NSA has any
> obligation to inform the public of what weaknesses they use to gain an
> intercept advantage. What concerns most people is that they see
> (correctly) that the NSA's advantage was not based on technical
> superiority, but on the ignorance of everyone else.
That is true, and it is also sadly true that a lot of their
effort has gone into frank deception, and active determined efforts to block
those of us who have been fighting for incorperating at least minimal
crypto communications security into the infrastructure.
The Internet is ending this era, however, because it is no
longer possible to control the flow of information and news about
communications security and crypto, and slowly the holes will get
plugged.
People do get more
> intelligent over time, and the rapid public gain in the cryptography
> area has pretty much wiped out the gains the NSA has depended on over
> the last 50 years. If the average person understands that what the FBI
> and the NSA REALLY want is for you to be stupid (at least in the area of
> communications security), then there would be an uproar.
>
This is happening, and that is why Louie is grabbing desperately
for the last chance... and why congress is busily passing anti scanner
bills to solve the cellphone privacy problem that don't mention a thing
about cryptography.
Their desparate hope is if they say it solomnly enough and with
enough ceremony the public will see the emporer's clothes
--
Dave Emery N1PRE, die@die.com DIE Consulting, Weston, Mass.
PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Return to March 1998
Return to ““‘die@die.com’” <die@die.com>”
Unknown thread root