I am not a conspiracy nut. I think Oswald killed Kennedy all by
himself; Roosevelt had no idea Pearl Harbor was about to be attacked;
and Ben & Jerry only wanted to make great ice cream. But I think
people are underestimating NSA if they think they would be afraid to
introduce crypto vulnerabilities, especially with the cooperation of
software (and hardware) manufacturers. I can think of a number of
ways that this could be done with relatively low risk of detection or
exploit by adversaries. The fact that the Microsoft NSAKEY story blew
over so quickly indicates they have little to fear from publicity.
There were several statements around the time the export rules were
liberalized late last year saying large computer manufacturers had
agreed to cooperate more closely with NSA. Also an early draft of the
administration's bill to authorize intrusive measures to get keys had
language that would make revealing built-in vulnerabilities a crime.
Add that to all the stories about how NSA is losing ground because of
the Internet and encryption and I think there is plenty of reason to
suspect that real fire is making all this smoke.
Arnold Reinhold.
