At 03:48 PM 05/23/2000 -0700, John Gilmore wrote:
>Rick Smith wrote:
>> If the NSA approaches Microsoft to acquire their support of NSA's
>> surveillance mission, then the information will have to be shared
>> with a bunch of people inside Microsoft, and they're not all going
>> to keep it secret.
>
>Two people in Microsoft would need to know. Bill Gates, and the lead
>programmer on the part of the product ...
I'm not sure anyone, not even the richest man in the world, can make
software do something tricky just by ordering a single person to do it.
It's never worked that way in my own experiences with software development.
If Bill wants to do something simple (and somewhat detectable) he can send
his minion after the RNG, or better, order the RNG maintainer to break it.
If their security group isn't particularly sophisticated (i.e. if
experienced people like Lipner have been reduced to PR mouthpieces) then
such a hack would succeed with minimal exposure. But outsiders can detect
the hole by analyzing RNG output.
If Bill goes for a more complicated and functional backdoor, like "Joshua"
from "WarGames," or Thompson's invisible login hack, then there'll be a lot
more people involved. They'll want something that doesn't spring open when
Matthew Broderick makes a few guesses (maybe it requires Sandra Bullock
with the magic diskette). That'll require a design that affects several
different components in the system, which in turn requires buy-in from
other developers.
>The US Government was doing such things as early as 1919, when they
>approached the head of Western Union. A messenger picked up all the
>telegrams of the last 24 hours, daily, brought them to Herbert
>Yardley's "Black Chamber", and returned them by the end of the day.
>The entire operation was completely illegal. The same was done with
>the Postal Telegraph company in 1920. (Puzzle Palace, pg. 11-12.) I
>doubt very many employees were in on the secret.
Actually, I think the Western Union experience proves my point. Naturally
they didn't share this information with everyone, but there had to be a
number of people who knew that telegrams were being intercepted. At
minimum, the top manager of the central office had to be in on it, and
there had to be 2 or 3 clerks that made the copies of the intercepted
telegrams. Given that the activity persisted for some time, one or two
layers of management above the office manager had to be involved, too,
since someone had to keep things going when new office managers came in.
Over time, others in the office would have known about it, since there had
to be an explanation for allocating the clerks to that work, plus their
workspace for that activity, and whatever equipment they needed. And of
course different people would get the job as interception clerk over time.
I wouldn't be a bit surprised if it was an open secret in the office, given
the casual attitudes towards secrecy that prevailed at the time. ("A secret
is something you tell people one at a time.")
Secrecy isn't too hard if you have a one time event you need to protect. I
believe it's easy to put in a temporary back-door or Trojan to, say, crash
the Iraqi air defense system at the beginning of a major attack. But it
gets incredibly hard to keep such mechanisms secret as time goes on. Loose
ends keep slipping out and making the secret more visible, like torn
threads around a hole in your shirt.
>I have a well-founded rumor that a major Silicon Valley company was
>approached by NSA in the '90s with a proposal to insert a deliberate
>security bug into their products.
It would be interesting to know just how widespread that knowledge needed
to be within the company in order to make it work.
Also, in the early '90s, NSA was convinced that they'd be able to meet US
vendors' demands for strong crypto ("in just a few more years") with their
own Skipjack/Tessera/Fortezza "products." So I'm sure they didn't worry
about weak US products playing a part in our national defense. But that's
where we are today.
>Turning down the offer on verifiability grounds left them wondering
>whether they really would have done it if it'd been possible to keep
>the whole thing secret. The quid pro quo offered by NSA would be that
>their products would have no trouble getting through the (at the time)
>draconian export controls. Of course, there was no way to enforce the
>deal either; "blowing the whistle" if NSA refused export permission
>would have revealed the company's security products as untrustworthy,
>probably kicking it out of the security market.
Or, for that matter, NSA could have leaked this unfortunate fact once their
Fortezza stuff was offered for sale, knocking out a competitor and leaving
them a larger base of potential customers.
But the Silicon Valley company resisted, and the Fortezza work withered.
Maybe we could do a bad made-for-TV movie on this.
Rick.
