Crypto Gets A Nuke

From: "Craig A. Johnson" <caj@tdrs.com>
To: "Multiple recipients of list cyber-rights@cpsr.org" <errors@snyside.sunnyside.com>
Subject: cr> CWD--Crypto Gets A Nuke
X-Listprocessor-Version: 9.1 -- List Server by Sunnyside Computing, Inc.
X-Comment:  CPSR Cyber Rights Working Group
X-Info:  For listserv info write to listserv@cpsr.org with message HELP
X-Message-Id: <968169560784.LTK.025@cpsr.org>

Date sent:        Mon, 3 Jun 1996 22:00:16 -0400
Send reply to:    brock@well.com
From:              brock@well.com
Subject:          CWD--Crypto Gets A Nuke

CyberWire Dispatch // Copyright (c) 1996 //

Jacking in from the "One that Got Away" Port:

Washington, DC -- President Clinton call your spooks, get FBI Director
Louis Freeh on the phone.   Tell them to order in pizza.  Bill, it's
going to be a long night.   All your plans to hold the U.S. crypto
market hostage have just been f**ked... and you didn't even get

A virtual tactical nuke was hurled into the arcane subculture of
encryption technology Monday when RSA President Jim Bizdos revealed
that his company's Japanese subsidiary had developed a monster chipset
capable of scrambling voice and data real time with a so-called "key
length" of up to 1024 bits.

That key length stuff is just so much gibberish to those playing
without a scorecard, so let me drill down on it for you.  Basically,
the longer the key length, the harder it is for a message to be broken
by "brute force" automated attacks.  Current U.S. laws prohibit the
export of any encryption device with a key length longer than 40-bits,
or roughly the equivalent of  Captain Crunch decoder ring. For
hardcore math types, I'm told that a 1024-bit key length is 10 to the
296th power more difficult to break than 40 bits.

Bizdos, speaking during lunchtime at the Electronic Privacy
Information Center (EPIC) 6th Cryptography and Privacy conference,
told how his Japanese based company, Nihon-RSA, developed a set of two
chips capable of scrambling messages at a level that will make the
spooks in the Puzzle Palace (the National Security Administration)
cough up hair balls that would make the First Cat Socks envious.

Bizdos seems to have found crypto's magic bullet;  a legit way to
essentially give the finger to U.S. export laws for crypto product.
For years now the White House has been locked into a kind of crypto
war. The Administration insists that strong encryption products must
not be exported for fear that "terrorists, child pornographers and
drug barons" and a rabble of assorted "bad guys" would snag the
technology and proceed to plot the destruction of the "World As We
Know It"... or at least Western Democracy, if the inbred Iranians got
in line first.

The White House crypto-fascist team, led by the NSA, FBI and assorted
military hawks, have offered braindead compromise plans, including
three versions of the "Clipper Chip."  This is a plan whereby you can
buy strong locks for your data with the simple caveat that when you
buy and use the products, you have to put the decoding key "in
escrow." This way if a law enforcement agency ever has the need to
unscramble any of your messages -- without you knowing it -- they can
simply ask for these escrowed keys and have them handed over.  Yes,
even your local sheriff's department can ask for the keys.

Now, the government promises it will use this power only for good and
never for evil.  Honest, that's what they say.  Of course, the Justice
Department, in writing the rules for getting the keys, totally
absolves any law enforcement agency of all harm if this power is
abused in any way. Oh.. and if that power is abused, the sheriff or
the FBI or fucking Park Police for that matter,  can still use any
"evidence" they gin up on you.  Honest, I'm not making any of this
stuff up.

So the battle has raged.   The industry has been loathe to develop
such products only for the American market because the cost of
producing essentially duplicate products for domestic and foreign
markets just wouldn't be cost effective.

So, you and I are stuck having to use some pretty tedious encryption
technologies, such as PGP (Pretty Good Privacy), which is great, but
tough to use.  Or we can use the Captain Crunch Decoder ring
equivalents available off the shelf. In the meantime, other countries
are happily making and distributing robust encryption technologies, at
a possible loss of up to $60 billion for U.S. companies.

In fact, it's a crime even to put a program like PGP on your laptop
and go overseas.   The State Department calls that "exporting."   The
government recently dropped a case against Phil Zimmermann, the
inventor of PGP, after putting him through several hellish years in
which they threatened to toss his ass in jail.  There Phil would  no
longer be a threat to society at-large, but instead become a
"girlfriend" for a 265 pound felon named Spike.   Phil's "crime"??
That somehow his PGP app had been uploaded on to the Internet and
whisked around the world.  Phil didn't do it, but the U.S. government
cried "export violation," anyway, eventually telling him, "Oh, never

So Bizdos, tired of fighting the wars here, enlisted the help of the
Japanese.   After setting up his Japanese unit, he hired a crack team
of Japanese crypto experts who essentially "reverse engineered" the
company's own U.S. crypto product, according to Kurt Stammberger, RSA
director of technology marketing.  It was a brilliant move.   Bizdos
can't be slammed by the State Department for violating crypto export
laws because, well, he didn't export a damn thing, except some U.S.
greenbacks, which of course, could have gone to U.S. cryptographers,
but let's not quibble about jobs.

Anyone want to kick around the subject of global competitiveness?

What's happened here is the Japanese have now trumped the entire world
on the crypto market.   What's more, Clinton's brain-dead allegiance
to the FBI, et al., has now allowed the Japanese government, which
still owns a large share of NTT, which owns a minority share of RSA's
Japanese subsidiary, to have a lock on the world's strongest
encryption technology.   Can you say "Remember the VCR"  or "Remember
the Semiconductor" or how about "Thanks, Bill.  We're f**ked."

The boys in the Pentagon made a stink a few years ago when a Japanese
company made a play for Fairchild, a top defense contractor.  It was
feared that the Japanese, by swallowing up the U.S. company, would
also gain access to technologies vital to the U.S. military.   The
deal was squashed.  Natch... now it looks like the G.I.'s with the
stars on their shoulders have just put their spit-shined combat boots
up their own ass by supporting Clinton and his continued ban on crypto

"We truly have ceded this market Japanese companies," Bizdos said.
"It's almost too late to turn it around."  Some 15 COUNTRIES have
already placed orders for these chips, Bizdos said, adding that the
Japanese will not build the chips with a key escrow function.

EPIC Director Marc Rotenberg said he was told by a Japanese
representative that the country's constitution wouldn't allow key
escrow because it doesn't allow wire-tapping.  Umm... maybe the
Japanese just don't have *really* bad guys like the FBI assumes we
have here.

What's more, Bizdos says the deal with NTT is "no coup."  He says the
Germans and French "aren't far behind" in developing similar
technologies.   The RSA bombshell "fuels the argument that this stuff
can't be contained in our own borders," said PGP's Zimmermann.

Just how the relationship between NTT and RSA works out isn't set,
Bizdos acknowledged.  "They'll pay us a royalty for the chips they
sell," he said. "We're working it all out."

Meanwhile, from my office window here in DC I've already counted 17
Domino's Pizza delivery bikes go screaming by on their way to the
White House.  Through my telescope I can see the White House balcony;
it looks like Bill is sick, like he's just heard some "really bad
news." And behind him, just inside the double-doors, on a persian rug
placed there by Warren G. Harding, I think Socks the Cat has just
coughed up a hairball... or maybe it was Louis Freeh.  From this
angle, I just can't be sure.

Meeks out...


Additional reporting by Declan McCullagh (declan@well.com)


Visit The Cyber-Rights Library, accessible via FTP or WWW at:


You are encouraged to forward and cross-post list traffic,
pursuant to any contained copyright & redistribution restrictions.


Even Yet Another