NSA Turns To Commercial Software For Encryption
Tim May
timcmay at got.net
Sun Oct 26 20:39:05 PST 2003
On Sunday, October 26, 2003, at 07:37 PM, Neil Johnson wrote:
> I dunno know. It comes down to which of the following slogans you
> believe.
>
> ECC: "Our algorithm is so good it has been licensed by the NSA".
>
> or
>
> RSA: "Our algorithm is so good that the NSA tried to prevent it's
> publication,
> had it classified as a munition and export controlled, tried to get the
> government to ban it in favor of a key escrow system, arrested and
> harassed a
> programmer for implementing an program using it, etc."
>
> Depending on the orientation of your tin foil hat, either one can mean
> the
> algorithm is good or has a backdoor. Oh, the fodder for conspiracy
> theorists.
>
> Other theories:
>
> It's always in NSA's interest to make sure that the current "in vogue"
> crypto
> system require licensing even if it is a commercial license. At least
> it
> limits it's use in Open Source and Free Software.
>
Or my theory:
Part of outsourcing.
I hear yawning. But there's more to outsourcing than simplistic notions
that outsourcing lets the Pentagon (and NSA, CIA, etc.) save money:
-- outsourcing puts the Beltway Bandits into the loop
-- outside suppliers are a place for senior NSA cryptographers and
managers to go when they have maxed out their GS-17 benefits
("sheep-dipping" agents is another avenue for them to work in private
industry)
-- outside suppliers are less accountable to Congress, are insulated in
various well-known ways
This is not just something out of a Grisham thriller, with a Crystal
City corporation funneling NSA money into a Cayman account...this is
the Brave New World of hollowing out the official agencies and moving
their functions to Halliburton, Wackenhut, TRW, TIS/NAI, and the legion
of Beltway Bandit subcontractors all around D.C.
(When I left the D.C. area in 1970 the practice was in full swing, and
even my father went to a Bandit in Rockville when he left the U.S.
Navy, doing the same job but both better paid and less accountable. And
he wasn't even a spook.)
Put it this way, if Dick Cheney had worked for the NSA before going
into private practice for his 8 years out of government, he'd want to
go to a place like Certicom. And then return to government and help
mandate that his former company's products be the Official Standard.
Follow the money.
--Tim May
More information about the cypherpunks-legacy
mailing list