John Gilmore wrote:
>There have been allegations that NSA influenced Microsoft's encryption
>support (one reason that NSA could afford to relax export controls
>could be that they've already subverted the highest volume US
>products). It's pretty well acknowledged that NSA did this to Crypto
>AG's hardware products decades ago, and has been reading the traffic
>of those who depended on those products. An eavesdropper doesn't need
>to break the encryption if they can break the user interface and make
>it lie about whether it is really encrypting.
While John may be speculating about NSA subversion of strong crypto,
specific examples of this would be very helpful. Here are a few firms
for consideration as candidates for today's Crypto AGs besides Microsoft
(meaning latest products, not those that have been suspected in the past):
Cylink
IBM
Lotus
TIS
RSA
PGP
Perhaps it would be fair to list all firms that are now exporting strong
crypto if John's speculation is accurate.
How to get any compromise out in the open is the question. Presumably,
secrecy agreements or NDAs are in effect for any complicit firm and its
employees.We've gotten a couple of anonymous letters recently about
Cylink but nothing on the others.
Duncan Campbell's exchanges with Microsoft have been squelched
by MS, but one final exchange is in the works which summarizes
what MS has publicly stated and what suspicions remain unanswered.
Similar queries in depth could be made to the other crypto exporters,
if for no other reason than to assure their foreign customers that they
can take and answer hard criticism. Otherwise, suspicions of
complicity may undermine credibility of all US crypto products.
