Regarding the following article:
>>From The Register,
>http://www.theregister.co.uk/000412-000020.html
>-
>Posted 12/04/2000 5:56pm by Graham Lea ...
> ..... The
>Register has seen an unofficial transcript of a luncheon meeting on Capitol
>Hill of the Internet Caucus Panel Discussion about the new encryption policy
>that provides some elaboration. .........
Here's the key quote:
>Weldon said that the deputy secretary of defense John Hamre had briefed him
>that "in discussions with people like Bill Gates and Gerstner from IBM that
>there would be... an unstated ability to get access to systems if we needed
^^^^^^^^^^
>it. ... if there is some kind of tacit understanding, I would like to know
>what it is." Weldon's concern was that there was a need to document this
>policy for future administrations, and he said he wondered why access to
>systems couldn't be worked out formally with industry.
Given the thin amount of context, it's hard to say what they really mean
here by "access to systems." The "obvious" interpretation from a conspiracy
standpoint is that vendors provide NSA with back-doors to "access"
individual systems. A more realistic interpretation IMHO is that the
vendors will give NSA and other government reps access to internal data
about their systems (source code, expert advice, etc.).
I'm incredibly skeptical that Microsoft, IBM, or any other vendor
intentionally provides back-doors for the NSA or anyone else. My skepticism
isn't based on any sort of trust in Microsoft or other vendors (quite the
contrary). The first problem is that Microsoft couldn't do it and keep the
fact secret. Does Microsoft have a team of TS/SI cleared people working on
critical sections of the Windows code base? This would stick out like a
sore thumb. Without such clearances, NSA wouldn't trust the back-door.
They'd want to be hip-deep in the design before they'd trust it. They'd
scoff at one designed and built entirely by the regular commercial
development team and simply offered to the government as a patriotic gift.
It's not NSA's style.
Furthermore, the Clipper debacle should illustrate just how hard it is to
build a reliable back-door. It's an expensive proposition to build a
back-door that's not going to accidentally pop open when someone tweaks the
wrong thing.
More likely, the government is looking for "access" to technical details so
they can identify untentional weaknesses that haven't yet been discovered.
Think of the Princess in Star Wars stealing the Death Star plans and the
notion of being to stick a bomb in a single exterior vent to take out the
entire battle station. Obviously they didn't build that vulnerability into
the Death Star -- it was a bug, not a feature. Given that the US Navy is
trying to run ships with Windows (god help us, but it's true), the
government is NOT going to intentionally install back-doors. It's like
issuing self-jamming rifles to the infantry ("in case they fall into enemy
hands") or buying crash-on-command fighter planes. Big Mistake. Big. Colossal.
Rick.
[EMAIL PROTECTED]
