NSA crippling of crypto makes Congress vulnerable to attack

15 January 2002

Date: Tue, 15 Jan 2002 17:27:25 -0800
Subject: NSA crippling of crypto makes Congress vulnerable to attack
From: Tim May <tcmay@got.net>
To: cypherpunks@lne.com

On Tuesday, January 15, 2002, at 11:31 AM, Eric Murray wrote:

> Probably not. I haven't seen the spec so I'm not 100% sure, but
> this is the info I dug up after 10 minutes of googling.
>
> http://www.counterpane.com/crypto-gram-9904.html
>
> "And the Mobitex protocol used by ARDIS and RAM mobile for wireless
> email is another example of something that is complex for error correction and
> robustness but has essentially no security. And software for monitoring
> this circulates around the net as well. ARDIS does use XORing with a
> 32 bit constant of the day to provide some fig leaf of security, but
> obviously determining the constant is trivial..."
>
> Sad, isn't it?

Something that's sad is that the National Security Agency has abdicated its role in helping to secure communications critical to these United States. To wit, its COMSEC role. Part of the charter of the NSA is to provide COMSEC for critical communications, including ensuring strong ciphers. Because it has spent much of the past decade trying to slow down strong encryption and introduce back doors into commercial products, the very consumer products that are now being bought in droves by Congressmen and other employees typically have extremely weak crypto in them.

Blueberries and similar devices are now being given to Congressmen and other government employees and officials as a means of communicating with them in times of national emergency.

Laptops with kiddie-grade disk security ("Datawhack uses a proprietary virtual one time pad which uses a secret algorithm to encrypt your disk") are the norm.

Cellphones are easily interceptable.

And this is, not surprisingly, what those inside the Beltway (and outside, actually, as the effective radius has pushed way out into the sprawl of Virginia and Maryland former horse country regions) are buying at their local Circuit City and Best Buy stores. Thank the NSA and folks like Dorothy Denning for stunting the implementation of good crypto in consumer products.

Good to know that Al Quaida knows the ARDIS hacks and will have them ready to go when they strike next: Blueberry Emergency Alert to Rep. Barney Frank: "Rep. Frank, report soonest to this [isolated] location in the woods [where our agents can kill you]. signed, Agent Farr [Abdullah Al Ragheda]."

--Tim May, Occupied America

"They that give up essential liberty to obtain a little temporary safety
deserve neither liberty nor safety." -- Benjamin Franklin, 1759.