12 February 1998: Add call from Graff
29 January 1998: Add message on Graff calls
28 January 1998: Add message on Jon Graff's version
28 January 1998: Add responses
28 January 1998: Add messages on Cylink employees
27 January 1998: Link to news,
"Online Stock Talk
Fuels Lawsuit"
27 January 1998: Link to
informative
online Cylink investor thread
27 January 1998: Add Steve Schear messages
26 January 1998: Add other Cylink messages from William
Payne
26 January 1998
Date: Mon, 26 Jan 1998 07:35:54 -0800 From: bill payne <billp@nmol.com> To: kalliste@aci.net, jy@jya.com CC: George.Breznay@hq.doe.gov, Ann.Augustyn@hq.doe.gov, Federico.F.Pena@hq.doe.gov Subject: Jon Graff Monday 1/26/98 7:19 AM John Young J Orlin Grabbe I spoke with Jon Graff on Sunday night. Graff is concerned that someone might get sued by Cylink for release on Internet of the information linking Cylink to organized crime through Ademco. When I bought about six CY 1024 crytpo chips for over $1,000 each for Sandia, I though there was something fishy. Graff later supplied me the information about Lew Morris and the ties of Cylink to Ademco and organized crime.[See note] Graff told me last night that most of Morris cronies had been removed from Cylink. Cylink, Graff told me, has gone public. Graff is concerned that information I relayed on the net might hurt Cylink stock. I commented to Graff that it might be a good idea to get this matter settled. Bet the word speads Later bill
Date: Wed, 14 Jan 1998 07:33:55 -0700 From: bill payne <billp@nmol.com> To: jy@jya.com, j orlin grabbe <kalliste@aci.net> CC: miles.smid@nist.gov, edward.roback@nist.gov Subject: Miles Smid, Jon Graff and Cylink Wednesday 1/14/98 7:03 AM John Young J Orlin Grabbe Jon Graff WORKED for Cylink. Graff is a buddy of Miles Smid and Elaine Barker of NIST. Graff is responsible for sending me a copy of my paper on RSA cryptography which is posted at jya.com. The paper I DID NOT SEND to Fushimi at U Tokyo. Graff got fired from Cylink with urging from NSA. Graff told me about the Cylink - mob link. Cylink is owned by Ademco, who also owns Pitway - First Alert, the smoke detector people. John Foster, the director of research at Ademco in New York, visited, along with two of his subordinates, me at Sandia. Foster gave me several motion detectors Ademco manufactured. Lew Morris at Cylink, I was told by Graff, was the New York mob representative which watched over Cylink. I had breakfast with Jim Omura, President of Cylink [who also got a copy of my SAND report now seen at jya.com], and Morris in Sunnyvale. I was impressed how careful Omura was about what Omura said during our breakfast conversation. Morris had a stroke and is no longer at Cylink, Graff told me. I read yesterday that Cylink got approval from the government to export crypto gear. I wonder if it is spiked? Lets all hope for settlement of the unfortunate matter before it gets WORSE. bil
Date: Monday, 26 January 1998 To: Gene Carozza <carozza@cylink.com> From: John Young <jya@pipeline.com> Subject: Cylink and organized Crime? cc: billp@nmol.com,kalliste@aci.net, George.Breznay@hq.doe.gov,Ann.Augustyn@hq.doe.gov, Federico.F.Pena@hq.doe.gov,cypherpunks@toad.com Mr. Gene Carozza Security Public Relations Cylink Corporation Dear Mr. Carozza, We have received two recent e-mail messages concerning Cylink's alleged links to organized crime. The messages may be seen on the Web at: http://jya.com/cylinked.htm This is a serious charge. Could you provide information to answer it? Sincerely, John Young
Date: Mon, 26 Jan 1998 09:52:06 -0800 To: John Young <jya@pipeline.com> From: Gene Carozza <carozza@cylink.com> Subject: Re: Cylink and Organized Crime? Cc: billp@nmol.com, kalliste@aci.net, George.Breznay@hq.doe.gov, Ann.Augustyn@hq.doe.gov, Federico.F.Pena@hq.doe.gov, cypherpunks@toad.com Dear John, Thanks for your inquiry. These "serious charges" are completely inaccurate. Regards, Gene C.
Added 26 January 1998 after receipt of Mr. Carozza's message. Other Cylink messages from William Payne: Tuesday May 13, 1997 06:45 John Young, On Sunday I got a call from a fellow in California. The guy worked for Cylink. Cylink builds crypto units - and has also been in litigation with RSA. Jim Omura, president of Cylink, also received a copy of my whistleblowing SAND report. Omura kindly sent back to me copies of the DRAFT I sent to Fusimi and the RSA paper I wrote, but didn't sent to Japan. The fellow told me that Cylink's 'financial' head, Lew Morris, had a stroke and is no longer involved with Cylink. There is some stuff I would like to tell some reporters about Cylink, its ties to Pittway, parent company Ademco [in NY] and organized crime. The smoke and CO detector, I understand, business is largely penetrated by the mob. And, naturally, the crypto business is also appealing to organized crime. Later, bill
Wednesday May 14, 1997 12:17 John, I sent by snail mail a copy of RSA Encryption. RSA Encryption is the 'senstive' paper Sandia accused me of sending to Japan. I DID NOT. RSA Encryption was written in about 1986 at the request of my Sandia supervisor, John Holovka [a phd chemist] and my project leader Jim Durham [a ee ms] to explain public key to them. Sandia cryptographer, Gus Simmons, was trying to sell management on the idea of using public key for treaty verification. This paper had an intent to discourage Simmons' idea. NSA employees Mark Unkenholtz and Ed Georgio were also against public key. Sandia had a horrible experience with public key. Simmons, Ernie Brickell, and Mike Norris [now dead] pushed Sandia to build hardware public key chips. Two of them. I enclose a copy of an article written by Whitfield Diffie about the Sandia slow speed chip. The Sandia high speed chip has a very nice byte parallel interface. The Cylink cy1024 has a terrible synchronous serial interface. The horror story is that Sandia's Center for Radiation Microelectronics had vast problems building any kind of chips. Sandia's chips were placed in the nuclear arsenal. They had a 100% failure rate over several years. It cost $300,000 each to bring the nukes back to Pantex to repair Sandia's failing chips, weapons component supervisor Jerry Allen told me. Sandia/NSA, I learned from Ron Kulju, who was doing bomb work using the cy1024, [we cooperated - Kulju designed the cy 1024 oscillator, I did the test software], was busy removing ALL public key from the weapons systems. The cy1024, which I used for a Bureau of Printing and Engraving and tagging project, cost more than $1,000 each! Only the government had the bucks to buy the chips. Ademco, Pittway, Cylink, I have been told, are tied to organized crime. Later, bill
John, I just read, 28 May 1997, Business Wire: Cylink Corporation elects former Secretary of Defense William J. Perry to board of directors Sunnyvale, Calif. -- Cylink Corporation, a leading provider of comprehensive information security solutions for the enterprise and Internet markets, today announced that it has elected William J. Perry, Ph.D. to its Board of Directors. Dr. Jon Graff who worked for Cylink and who I sent the envelope containg the ieee reviews of RSA Encryption told me about the Cylink organized crime link. The Cy1024 cost over $1,000 each to just compute a+b, a*b, and a^b mod m. Sounded suspicious to me. But I did buy about 6-8 Cy1024 chips to use in a bureau of printing and engraving and electronic tagging projects when I was at Sandia. best regards, bill
[June, 1997] Andrew Veturbi is one of the principles in QUALCOMM. Verturbi was educated at MIT. Here is the connection of Veturbi and the stuff you posted. Jim Omura, president of Cylink [Ademco - and the MOB!] and Veturbi co-authored a book on coding. Omura is a prolific book writer. Omura sent me the RSA encryption paper and RSA is Easy to Break since Sandia confiscated my copies. Omura also received a copy of the SAND report you posted. Scott Shane of the Baltimore Sun asked me for a name of someone I though might talk about NSA spiking crypto units in the USA. I gave Shane only one name and phone number. Jim Omura. Later, bill
Monday August 18, 1997 07:02 3umoelle@informatik.uni-hamburg and John Young, Dr. Jon Graff [408-262-9577] is a chemist by education. Graff worked for Cylink on cryptographic protocols. Jim Omura, president of Cylink, gave Graff a copy of the RSA Encryption paper posted at jya.com. I sent Graff the unopened envelope containing ieee reviews Ted Lewis sent me. Graff also told me about Cylink's link to US organized crime. I must admit that I was somewhat suspicious of Cylink's more than $1,000 per chip CY1024 public key crypto chips great cost. Lewis submitted the RSA encryption paper to one of the ieee journals. Graff sent me the copy of the RSA Encryption paper which John Young posted. Sandia confiscated all of my crypto papers. I spoke with Graff on Wednesday August 13 at 21:43. I explained the problem with algorithmic cryptography to Graff. I asked Graff if he had seen any similar criticisms of algorithmic cryptography. Graff responded that he may have. Graff gave me the reference, The Handbook of Applied Cryptography and referenced an article by Peter Wayner. Later, bill
Return-Path: <billp@nmol.com> Date: Wed, 14 Jan 1998 08:54:20 -0700 From: bill payne <billp@nmol.com> To: jy@jya.com, j orlin grabbe <kalliste@aci.net> Subject: Cylink Wednesday 1/14/98 8:15 AM John Young J Orlin Grabbe INFOWORLD January 5, 1998 page 48 Cylink gets permission to export Triple DES standard Company to sell bank consortium By Rebecca Sykes CYLINK HAS WON permission from the U.S. government to export hardware that works at the Triple DES level, or three times that of the 56-bit Data Encryption Standard. ... Sykes article does not appear to have been posted at inforworld.com yet. Note the word HARDWARE. After the NSA spy sting bust, we all must assume that if a crypto key is going into a chip, it is coming out of that chip. My two public key crypto projects at Sandia were 1 electronic tagging for treaty verification 2 bureau of engraving and printing bill anti-counterfeiting. I hooked the Cylink 1024 chip up to an 8031 micrcontroller using Mode 0 synchronous serial communications. I only bought about 6 CY 1024 chips since I was prototyping. The CY 1024 cost MORE THAN $1,000 each. It did not take a rocket scientist to figure out what was going on. A scam. The US government was buying, and probably was the only one who could afford, CY 1024 chips. Note at cylink.com that William Crowell, recently retired from NSA, and referenced in Morales and my lawsuit with NSA, is now working at Cylink! Lets hope this unfortunate matter get settled before it gets FAR WORSE - for the US government, of course. Later bill
Date: Mon, 26 Jan 1998 18:04:30 -0800 To: John Young <jya@pipeline.com>, cypherpunks@cyberpass.net From: Steve Schear <schear@lvdi.net> Subject: Re: Cylink and Organized Crime? I worked at Cylink as Manager of Business Development from April 1992 - April 1994. I reported directly to both Lew Morris (CEO) and Jim Omura (CTO) and know Jim socially, as well. I know of no instance in which I suspected Cylink had criminal ties (other than our own govenment ;-) I heard that NSA people from the Fort (Meade) did request that Cylink supply 'special' crypto devices to drug cartele clients. I don't believe they were accomodated (probably not enough lead time or Cylink was offered too little money). Ademco is a major stockholder, as are Jim and Lew (~20% combined) and Renaissance Capital. --Steve
Date: Mon, 26 Jan 1998 18:28:24 -0800 To: John Young <jya@pipeline.com> From: Steve Schear <schear@lvdi.net> Subject: Re: Cylink and Organized Crime? John Young wrote: >Steve, > >Bill Payne's been sending me notes about Cylink since May 1997 >after getting a call from Jon Graff who made the allegations. I've >just added several of them to the URL posted today, one of which >included Graff's phone number. I've left a message this evening >for Graff to call me. Do you know him? No. He must have joined after I left. --Steve
Date: Tue, 27 Jan 1998 07:18:53 -0800 From: bill payne <billp@nmol.com> To: armoral@sandia.gov CC: jy@jya.com, George.Breznay@hq.doe.gov, Federico.F.Pena@hq.doe.gov Subject: cylink Art I am almost afraid to click on cylinked.htm Cylinked to Organized Crime? I bought about six CY 1024 publick key crypto chips for a bit over $1,000 each for SANDIA NATIONAL LABORATORIES for a Bureau of Engraving and Printing and treaty verification electronic tagging project. Let's hope this mess gets settled! bill
Date: Tue, 27 Jan 1998 14:11:27 -0500 To: John Young <jya@pipeline.com> From: Subject: Re: Cylink and Organized Crime? (Personal) (Personal) John, jya stand for certain values, with your impassioned data gathering. I'm proud to be an addicted reader. I'm no fan of Cylink, nor it's past execs -- but this sort of malovelent rumor-mongering doesn't belong on your site. Not unless Bill Payne could offer some much more substantive than he has so far. This is embarassing. Please consider removing it. Regards, --------
Excerpt source: http://www3.techstocks.com/~wsapi/investor/reply-486113 November 26, 1996 Yes, and it appears that he is not 'tainted' by former affiliation
with the NSA. I was reading the recent and very popular book
"Applied Cryptography" by Bruce Schneier, and in a section describing
an algorithm developed by Cylink, he advised approaching it with
caution because Cylink is 'tainted' by affiliation with NSA. One
must wonder whether this type of commentary by experts in the field
scares off potential customers. Unfortunately, the author may not
be worth suing for this kind of baseless claim. Excerpt source: http://www3.techstocks.com/~wsapi/investor/reply-780436 February 7, 1997 As a result of Cylink's reorganization the company received a demand letter from attorneys representing seven of Cylink's former employees alleging wrongful termination and related damages stated to be approximately $34 million. Cylink firmly believes that the termination of these employees was in the best interest of the company, the manner of their termination was lawful and their claims are without merit. Excerpt source: http://www3.techstocks.com/~wsapi/investor/reply-1109978 April 1, 1997 You are right about turnaround, and maybe Sarrat is just what this company needs. They were run extemely poorly by some Stanford scientists, who knew encryption (recently settled with RSA as you know) but not business. When Morris suffered his stroke last year, the appalling lack of coherent business plan sunk the stock. Morris's son was no help (he may be one of the pending lawsuits). ---------- Note: See recent investor comments on Cylink: http://www.techstocks.com/~wsapi/investor/Subject-2944
Applied Cryptography, Bruce Schneier, 2nd Edition, pp. 215-16: Algorithms for Export Algorithms for export out of the United States must be approved by the U.S. government (actually, by the NSA--see Section 25.1) It is widely believed that these export-approved algorithms can be broken by the NSA. Although no one has admitted this on the record, these are some of the things the NSA is rumored to privately suggest to companies wishing to export their cryptographic products: - Leak a key bit once in a while, embedded in the ciphertext. - "Dumb down" the effective key to something in the 30-bit range. For example, while the algorithm might accept a 100-bit key, most of those keys might be equivalent. - Use a fixed IV, or encrypt a fixed header at the beginning of each encrypted message. This facilitates a known-plaintext attack. - Generate a few random bytes, encrypt them with the key, and then put both the plaintext and the ciphertext of those random bytes at the beginning of the encrypted message. This also facilitates a known-plaintext attack. NSA gets a copy of the source code, but the algorithm's details remain secret from everyone else. Certainly no one advertises any of these deliberate weaknesses, but beware if you buy a U.S. encryption product that has been approved for export. ----- For more on Applied Cryptography see Bruce Schneier's Web site: http://www.counterpane.com
From: "Rich Ankney" <rankney@erols.com> To: <jy@jya.com> Subject: Jon Graff vs. Cylinked Date: Wed, 28 Jan 1998 15:06:27 -0500 John, I've been exchanging Email with Jon for the past few days, following up on some topics we discussed at the ANSI X9F meeting last week. I mentioned the "Cylinked" posting on Cryptome (incidentally my new favorite site), and he's a bit concerned that the context isn't quite complete (i.e. the rumor is hearsay and he has no knowledge of its veracity. His version of the facts: "Jon Graff related in a private conversation to Bill Payne a rumor that was widely circulated among the long term employees at Cylink that alleged association of the Mafia with Cylink. During that conversation, Jon emphasized that this rumor was hear-say and he had no knowledge to evaluate the veracity of the rumor." Incidentally, Jon was with Cylink back in the early '90's. I had suggested that he post this, but he would prefer not to spread his Email address around given the current flurry of activity. Perhaps you could just add this message to the Cylinked "thread" on Cryptome. Best regards, Rich Ankney
JYA Note: We appreciate this clarification from Rich Ankney and Jon Graff, both of whom are distinguished cryptographers. See, in addition to their participation in ANSI X9F, Mr. Ankney's paper "Introduction to Cryptographic Standards," and Mr. Graff's participation in NISSC 97 where he was a panelist on Debate Track D, "Technology Around The Next Corner: The Future of INFOSEC" Chair: Hilary Hosmer, Data Security Inc. Panelists: Emmet Paige, OAO Kathy Kincaid, IBM Jon Graff, KPMG, Peat, Marwick, LLP Ruth Nelson, Information Systems Security
Date: Thu, 29 Jan 1998 11:10:35 -0800 From: bill payne <billp@nmol.com> To: kalliste@aci.net CC: jy@jya.com Subject: Postcard Graff phoned. Graff is getting NASTY phone calls. Latest: Cylinked to Organized Crime? But you know about hints such as the horse head in the bed. I read your stuff. I haven't yet mustered the courage to read about Cylink. Later bill
February 4, 1998 Jon Graff returned JY call. Confirmed e-mail message sent via Rich Ankney. Has not received threats for remarks posted here. Will let JY know if there are any.