29 April 1998
[Note: This is taken from a thread on the UK's recent issue of documents on electronic commerce and encryption policy, a strand of which deals with the government's premise that tight controls on strong encryption are required to prevent its use by criminals.] To: ukcrypto@maillist.ox.ac.uk Subject: Crypto, drugs and the NSA (was: Criminals and strong encryption) Date: Wed, 29 Apr 1998 10:33:22 +0100 From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk> Carl Ellison: > Perhaps because this is a UK list, I'm reminded of Miss Marple who was fond > of saying one should ignore the words and look at the actual events. What > if we assume that your statement is equally obvious to the proponents of > GAK. That would imply that the real targets of these proposals aren't > criminals but rather the law abiding. If that were true, a number of > apparent illogical things would melt away No need for a conspiracy theory, Carl. It's quite straightforward: (1) The NSA knows that once systems are fielded, security upgrades are so expensive that they are almost never done. The GSM network will remain vulnerable to recently published attacks, not because they are difficult to prevent but because 80 million units have been deployed. The global ATM network will remain vulnerable to some of the attacks described in `Why Cryptosystems Fail' because replacing 400,000 cash machines at $70,000 each would cost more than the fraud does. (2) The NSA observes that we are probably at the peak of networked system design and deployment. Protocols such as SSL and SET, as well as more specialised stuff like SWIFT and CREST, are likely to be around for a long time. Even standards for cordless phones, wireless LANs, domestic appliance control and burglar alarms are of interest to the NSA, whose leaders see the present time as one of `unprecedented opportunity'. (Source: Bob Morris' invited talk at Crypto 96.) (3) Current developments also mean that only large agencies will be able to keep up; small countries' spooks are being steadily dealt out of the game. (Source: conversation with a small country spook.) (4) The NSA concludes that almost any investment made in introducing vulnerabilities in systems today will bring enormous returns in the future, both in absolute terms and in terms of its competitive advantage over FAPSI, SCSSI, etc. The economics are made especially attractive by the fact that most of the costs can be externalised. (5) In the past, vulnerabilities were introduced automatically by designers who didn't know what they were doing. All that was necessary was to humour these guys and keep them at it. (I know of cases.) (6) Once designers stopped being completely clueless, pressure was brought on them to introduce trapdoors deliberately. This could be a condition of export licensing, or of research funding, or even of ITSEC approval. (See the trapdoor in Sesame; there are others.) (7) However most design work is now being done outside the cozy complex of phone companies and defence contractors, so other means are needed. GAK is one of those other means. Every year that GAK pressure can be kept up means maybe twenty or thirty networks that will be accessible for generations - and not usually through escrow agents; in many cases the designers just say `to hell with it, use 40 bits'. (8) Seen in this light, everything makes sense. NSA doesn't care that Barbara Roche makes a fool of herself: that's a neatly externalised cost. NSA doesn't care if the deployment of e-commerce is held up; they reckon (maybe correctly) that this is a lot of hype. The real target is the hundreds of embedded and specialised systems that use most of the deployed crypto and which provide most of the sexy targets. (9) In any case, US crypto policy is now the result of several years of politicking between the NSA and the US IT industry, so is getting optimised to serve US commercial as well as defence interests. For example, the export controls on CAPI prevent European software houses from competing with US ones. Crypto export controls also mean that it makes more sense for NEC to have its non-Japanese research lab at Princeton, NJ, rather than Cambridge, England. (10) Y2K will also have some curious effects. For example, although BT is spending 500 million on Y2K, most Asian phone companies are spending nothing. They can't both be right. Motorola reckons it will clean up, as its `Iridium' satellite phone system will be what people in many Asian countries will have to use once the land network breaks. So Motorola gets its $7 a minute, and when the Malaysian attorney general wants to know what a colleague is saying on the phone, she will have to grovel to the US embassy for a transcript of the traffic. (11) This seems all hunky-dory for the USA but there's a problem which should be clear to any Brit (or Frenchman or Spaniard or Turk). If you design the global infrastructure to the advantage of the top dog country, then once you are no longer the top dog country you will get shafted by it. So watch out for China in (say) 2020. (12) For Britain to help the American GAK effort also harms our trade interests, our defence interests, our consumers, the independence of our professions, and the resistance of the public generally to state power grabs under the banner of `lawn order'. It is significant that the cover traffic chosen by Labour for its U-turn was a gabfest on drugs. Anyone who has read Gibbon on how the late Roman Empire suffered from increasing civil service power and corruption which people embraced as they became steadily more docile and risk averse, would oppose GAK on this ground alone, Ross