Russia Intercepts US Military Communications?

John Gilmore gnu at toad.com
Mon Mar 31 13:44:35 EST 2003 

> I'm amazed at their claims of radio interception.

1.  "Look for plaintext."  This was rule #1 stated by Robert Morris
Sr.  in his lecture to the annual Crypto conference after retiring as
NSA's chief scientist.  You'd be amazed how much of it is floating
around out there, even in military communications.

2.  Wars are great opportunities to learn what other folks are doing
for communications security.  Whether or not you are a belligerant in
the war, you clearly want to be focusing your interception
capabilities on that battlefield and its supply and command trails.
Besides operational errors made under stress, which can compromise
whole systems, you just learn what works and what doesn't work among
the fielded systems.  And what works or not in your own interception
facilities.  Wars are much better than sending probe jets a few miles
into an opponent's territory, to show you how their electronics work.

>                                                 One would 
> expect that all US military communications, even trivial ones, 
> are strongly encrypted, given the ease of doing this.

Given the ease of writing strong encryption applications, I'm amazed
that civilian communications are seldom -- very seldom -- encrypted.
Deployment and interoperability without introducing major
vulnerabilities is much harder than just designing algorithms and
writing code.  It involves changing peoples' habits, patterns, and
practices.

Remember, the cypherpunks cracked Clipper and DES, deployed the
world's most widely used email encryption, secured any Web traffic
that chooses to be secure, built a lot of the most popular network
encryption.  We beat back NSA's controlling hand, and encouraged a
global spread of encryption expertise.  We secured most of the
Internet's control traffic (using ssh - thanks Tatu) to make it harder
to break into the infrastructure.  We're the A-team.

But our cellphones are still trivial to track and intercept; the vast
majority of email, web, and IM traffic is totally unencrypted;
ordinary phone calls are totally wiretap prone; our own new
technologies like 802.11 have no decent encryption and no likelihood
of a real fix that works everywhere by default; we know the government
IS TODAY wiretapping tons of innocents in a feeding frenzy of
corruption; the US government has mandated Stasi-like wiretap
capabilities in every form of new communication (even where the law
gives them no power, they arrogate it and largely succeed); the
wiretappers have largely built an international consensus of cops to
track and wiretap anybody anywhere; practical anonymity has
significantly shrunken in the last decade; and even more traffic is
moving onto wireless where legal or illegal interception is
undetectable.  We still fight endless intra-community battles that
delay or derail deployment of existing encryption.  The most
widespread large-scale hard-to-crack systems are being deployed
AGAINST the public interest -- by the copyright mafia.

If *we*, the victors in the crypto wars, couldn't get decent
encryption deployed, even among ourselves, why would you expect that a
government bureacracy could do it among itself and its clients?

	John


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list