Declan wrote:
[Various quality information elided]
> What I found most interesting was what Attorney General Reno said
> about the
> government's cryptanalysis abilities. When asked if she can break strong,
> >64 bit equivalent crypto, she said, "We have carefully looked at this and
> think it's possible," and declined to add details.
Sure. With an n-billion dollar budget, breaking 64 bits is real-time. In
addition, the USG has been leaning heavily on hardware manufacturers to add
backdoors to the underlying hardware. God only knows what they worked out
with some OS vendors. Anybody exploring this gets leaned on even harder.
Just ask a certain Australian university professor how things went for him
after he began talking about some very curious, very complex, very
undocumented instruction he discovered in late-model CPU's. Instructions
that will put the processor into a mode that makes OS protections
irrelevant.
I could give a few more examples, but I am under informal NDA on them. I am
working on demonstrating some of the claims. [The problem here is that I
have limited time and resources. The feds and manufacturers can spend
millions on inserting backdoors. There is no budget and no paying
constituency for exposing these backdoors. So the fight is between millions
of dollars and hundreds of engineers vs. a few of us and our spare time.
Which makes it impossible to expose all the backdoors that exist]. And when
one finds such a backdoor, even some of the more clueful won't believe it is
a deliberate backdoor without an accompanying video tape recording of the
NSA rep discussing the insertion of the backdoor with the manufacturer.
"NSAKEY"? "Oh, no, that couldn't possibly be the NSA's key. It is just a
backup key with an unfortunate name". If well-known crypto experts are that
trusting, what would convince the public or the press?
What I found most interesting about today's announcement was not that it was
largely content-free with respect to crypto export regulations and the fifth
or sixth such content-free "crypto deregulation" announcement that I can
remember causing the exact same predictable reactions by the press and the
less operationally savvy. No, what I find interesting is that so far
everybody missed the one paragraph in the announcement that actually offered
new information about the USG's insidious objectives.
I presume this oversight on part of the analysts is due to the fact that
most readers didn't understand what the paragraph I am referring to was
saying. Or perhaps they were too psyched about the "crypto deregulation"
lead-in to read to the end of the document.
" Protect sensitive investigative techniques and industry trade secrets
from unnecessary disclosure in litigation or criminal trials involving
encryption, consistent with fully protecting defendants' rights to a
fair trial."
Having just read the proposed bill, what this paragraph refers to is that
under the proposed bill, LE will be able to enter evidence gathered by means
of factory-installed backdoors, intrusion, and other means without needing
to disclose to the defense or the Jury how this evidence was obtained. All
it takes is for the prosecutor to convince the judge (in the absence of the
defendant and his counsel) that disclosing the means of obtaining the
evidence would endanger future investigations or national security.
Shouldn't be too tough, given how effective The Briefing has been in the
past.
Suddenly, we have legal situation in which a defendant is no longer allowed
to even *mention* in the court room that the plaintext evidence presented by
the prosecution may be questionable.
"Officer, would you please explain to the Jury how you determined that the
random gibberish on the defendant's hard drive decrypts to "I sold 5 kg of
cocaine"?
"Counsel, you are out of order! Members of the Jury, you will ignore the
question".
This from an attorney I bounced my analysis off:
"They want to be protected from being forced to reveal holes
or techniques as part of criminal or civil trials - e.g., defense attorneys
can't cross-examine prosecution witnesses about the source of their
evidence, it will simply appear before the jury without explanation or
authentication. An LEO will appear and announce that "the defendant sent
this message, which says he wanted to do terrible things" without
disclosing whether the message (which had been sent encrypted) was turned
into plaintext by the feds because they'd compromised the local machine, or
by compromising the software at the manufacturer, or by a brute-force
crack, or [...] whatever."
That's the real, and only, news in today's announcement. Under the
Whitehouse proposal, FISA-court rules will apply to any trial involving
decrypted evidence or any other evidence obtained by means of backdoors or
system compromises. If that isn't scary to supporters of a society based on
the rule of law, then I don't know what is.
--Lucky
