TUCoPS :: Privacy :: priv_103.txt

Privacy Digest 1.03 6/7/92

PRIVACY Forum Digest        Sunday 7 June 1992        Volume 01 : Issue 03

    Moderated by Lauren Weinstein, Vortex Technology, Topanga, CA, U.S.A.

                      ===== PRIVACY FORUM =====

CONTENTS
	FBI Wiretap Issues (Moderator--Lauren Weinstein)
	Wells Fargo Bank Offers Security Codes (Moderator--Lauren Weinstein)
        Re: e-mail privacy; a cheap solution? (Steve Bellovin)
        Digital one time pads (A. Padgett Peterson)
        E-mail privacy; a cheap solution? (Bob Leone)

*** Please include a MEANINGFUL "Subject:" line on all submissions! ***

-----------------------------------------------------------------------------
The PRIVACY Forum is a moderated digest for the discussion and analysis of
issues relating to the general topic of privacy (both personal and
collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

ALL submissions should be addressed to "privacy@cv.vortex.com" and must have
MEANINGFUL "Subject:" lines.  Subscriptions are by an automatic "listserv"
system; for subscription information, please send a message consisting of
the word "help" (quotes not included) in the BODY of a message to:
"privacy-request@cv.vortex.com".  Mailing list problems should be reported
to "list-maint@cv.vortex.com".  Mechanisms for obtaining back issues will be
announced when available.  All submissions included in this digest represent
the views of the individual authors and all submissions will be considered
to be distributable without limitations. 

For information regarding the availability of this digest via FAX, please
send an inquiry to privacy-fax@cv.vortex.com, call (310) 455-9300, or FAX
to (310) 455-2364.
-----------------------------------------------------------------------------

VOLUME 01, ISSUE 03

    Quote for the day:

	   Russian Spy:  "Are you trying to tell me that every phone
			  in the country is tapped?"

	   American Spy: "That's what's in my head..."

	   Russian Spy:  "But Don!  This is AMERICA... not RUSSIA!"

		   --- "The President's Analyst" (1967)

----------------------------------------------------------------------

Date:    Sun, 07 Jun 92 13:12:00 PDT
From:    lauren@cv.vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: FBI Wiretap Issues

Greetings.  As most of you are probably aware, a considerable amount of
interest and debate has recently been triggered by Justice Department/FBI
regulations which have been proposed regarding wiretapping, and the
provision of related call information (e.g. call forwarding and speed dial
codes, etc.), in the age of digital telecommunications networks.  

In brief, the rules propose that telephone companies, long distance
carriers, and most other telecommunications entities (including,
apparently, local PBX operations) be required to provide mechanisms
for authorized law enforcement to monitor communications, without being
impeded by the technological changes being wrought on communications
by rapidly evolving digital technologies and networks.  I've called
these proposals "Dial-A-Wiretap" in some recent interviews.

The argument is that the "old" techniques of wiretapping and monitoring
are rapidly being made impotent by digital technologies that multiplex
many conversations into high speed digital channels, and which in 
other ways make "low-tech" tapping difficult or impossible.  It is 
futher argued that authorized taps are critical to law enforcement
activities and can play an invaluable role in protecting lives and
property.

There are those (myself included) who, while agreeming that properly
authorized wiretaps can have important roles in law enforcement, are
nonetheless concerned that the sorts of access being proposed might amount
to the ability to set up "instant" and "perfect" wiretaps to almost any
phone at any time, simply by changing the routing of the digital data
flowing through the switches and networks.  

The question comes up as to whether law enforcement wants to make sure
it is *possible* to do taps or whether what is really desired is
a mechanism to make it *trivial* to do taps, especially from distant,
centralized locations.

It is argued by the proponents of the new regulations that adequate
controls would be in place to prevent abuse of such facilities, and
that only "properly authorized" taps would take place.  Unfortunately,
the history of wiretaps shows that where it is possible for a system
to be abused, the odds are that it will be, either by people inside
or outside of the system.

A topic of possible discussion for this digest would be how the conflicts
presented by these issues can be resolved.  My personal view is that
authorized wiretaps can be important, and that if any sort of direct access
to the network is granted, it must be via some *independent* (not telco, not
government) third party who would technologically control the access.
Simply relying on the self-restraint of the parties with vested interests
would not seem like the best possible procedure.  If there is some way
to avoid granting direct access at all, so much the better.

Or is there another solution?  Should unrestricted access be granted,
subject only to procedural controls?  Should no access at all be granted?
If no access is granted, how can authorized wiretaps be accomplished?  Given
that authorized wiretaps play an important and necessary role, how can a
balance be struck?  Or would you argue that no wiretaps at all should be
permissible?  What would be the ramifications of such a decision to
important law enforcement and security efforts?  Finally, how does the
availability of efficient telephone encryption systems enter into the mix?

Plenty to think about.

--Lauren--

------------------------------

Date:    Sun, 07 Jun 92 13:33:00 PDT
From:    lauren@cv.vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Wells Fargo Bank Offers Security Codes

In a refreshing change from the usual attitude regarding customer security
and privacy, Wells Fargo (a very large California bank) is willing to put
arbitrary security codes, which can be essentially any number or word
combination, on customer accounts.  The codes are then needed, in addition
to the usual social security number and related information, to conduct
transactions regarding those accounts by phone.  

There are some limitations and side-effects to specifying these codes, so if
you're interested you should contact a Wells Fargo representative for
details.  Tellers may not know anything about this, but the telephone
support folks should be fairly well informed about its availability.  Note
that Wells has *not* been promoting the fact that this service is available,
probably since they don't want to deal with large numbers of customers
who will end up calling and complaining that they forget their codes
(a typical reason why such security systems are often resisted by
financial institutions).

Anyway, it's an all too rare, but very positive step.

--Lauren--

------------------------------

Date:    Sat, 30 May 92 21:45:05 PDT
From:    smb@ulysses.att.com
Subject: Re: e-mail privacy; a cheap solution?

The encryption scheme Charlie Stross describes is a variant on the
``book cipher'', which has been known for quite some time.
Unfortunately, it's also been solved -- by Friedman, in the 1920's, as
I recall.  The basic solution algorithm involves guessing at some
probable plaintext.  From that, one can derive the encryption key.
Now, if the encryption key is taken from something with considerable
redundancy -- a book, or a piece of music -- a recognizable pattern
will show up if the guess at the plaintext was correct.  From that, one
can predict, if not the actual next key value, at least a set of likely
or legal values.  These can be used to produce candidate plaintexts,
which must also be recognizable.  One thus proceeds in parallel to
reconstruct both the plaintext and the key.  Further information can be
found in David Kahn's ``The Codebreakers'' (*the* starting point for
any discussion of cryptography) and in Leighton and Matyas's ``The
History of Book Ciphers'', from the Proceedings of Crypto '84.

There are variations on the scheme proposed that could, most likely, be
made secure.  Unfortunately, the scheme fails for more fundamental
reasons.  The issue is not simply choice of an encryption algorithm --
as has been noted, one-time pads are provably secure -- but
distribution of keys.  I send and receive dozens of email messages a
day, often to individuals with whom I have never communicated before.
There is no practical way to distribute all of the needed one-time
pads.  And one must *never* reuse a one-time pad, or there is a
considerable risk of compromise.  This is the reason one-time pads are
not universally used -- because shipping relatively short keys around,
and generating them on the fly at some key distribution center *is*
feasible.

I'm also not puzzled by the lack of more public-key cryptosystems.  Put
simply, why should there be more of them?  Devising such schemes is
hard.  Many have been proposed; generally, they're either determined to
be insecure, or they're impractical for some reason.  There's one where
the public keys are tens of thousands of bytes long.  Think what that
would do do the average privacy-enhanced email message, which includes
the sender's public key in the header.  Besides, there is a scheme
which is considered to be both secure and practical:  RSA.  The
objections to its use within the U.S. lie in its patent status.  But
that's a financial problem, and far from an insurmountable one.

One more point is worth adding.  Cryptographically speaking, until very
recently the civilian community hasn't had a clue.  Take DES, for
example, which was a product of IBM (*not* NSA, though they reviewed
its design).  Until Biham and Shamir's work over the last two or
three years, no one else in the outside community had any idea why
the S-boxes were built they way they were.  Suspicions arose that
NSA had tampered with the design.  Had they?  Shamir himself says that
he thinks that DES is about as strong as it could possibly be, given
its basic structure.  Even the decision to shorten the key length to
56 bits, often trumpted as an example of NSA's meddling, may have
served to strengthen DES against any attack short of exhaustive search.
(That's my own interpretation of assorted results; I'll be glad to
discuss my reasoning further if anyone wishes.)

The net result is this:  most people don't know how to design secure
cryptosystems.  More precisely, since they don't know what makes a
system insecure, they have no way of avoiding the problem.  (I'm
certainly not excluding myself; I'm neither a mathematician nor
a cryptographer.)  But the issue is much simpler than conspiracy
theorists would have us believe; it's just that the civilian community
lacks the decades of continuous experience in the field.


		--Steve Bellovin

------------------------------

Date:    Sun, 31 May 92 12:11:11 PDT
From:    padgett@tccslr.dnet.mmc.com (A. Padgett Peterson)
Subject: digital one time pads

>From:    Charlie Stross <charless@sco.COM>
>Subject: e-mail privacy; a cheap solution?

>Take a CD-ROM drive with a device driver for playing audio CD's
>and randomly accessing audio tracks. Most multi-media kit should
>already be capable of doing this. Take a random music CD off your
>shelf and start playing it at a random offset; redirect the bit
>stream to a file. 

Actually a pretty good idea Harold Highland & I discussed a while
back except that the dictionary from any good wordprocessor was going
to be used. Big & already digital. Make a marvelous book code.

Of course the entire question is academic since generating masses of random
digits is one thing that computers are *really*good*at* so why bother with
CDs (or dictionary) at all ? Of course both sides of the conversation have 
to have the same key or you get garbage but for two people this is not a 
problem, for a network though...

One point I would like to make, many people are hung up on "massively
parallel" computers running through all the possible permutations of
keys being able to break DES (or whatever) in a month/week/day/nanosecond.
Sure, but the real kwestion is: how do you *know* when you broke it ?

					Warmly,
						Padgett

------------------------------

Date:    Sat, 30 May 92 22:30:27 PDT
From:    Bob Leone <leone@gandalf.ssw.com>
Subject: e-mail privacy; a cheap solution?

While I agree with the moderator's observation regarding the ease to which
the "CD" encryption scheme can be broken, there's a lot to be said in
favor of widespread use of even easily-broken encryption schemes: it
would make it infeasible for govt to routinely monitor communications.

Currently, it is feasible for the govt to monitor Internet e-mail traffic
and select out messages containing certain keywords. Also, if only a
tiny number of messages on the net are encrypted, then the encrypted
messages practically scream "Look at me! Look at me! This message discusses
something that you'll probably be interested in!".

But if the majority of e-mail traffic is routinely encrypted, and by various
encryption schemes, then it becomes much more expensive for the govt to
engage in random snooping. Also, if most traffic is routinely encrypted, 
and you send a confidential message that you encrypt using a particularly
secure scheme, your message won't stand out so much.

------------------------------

End of PRIVACY Forum Digest 01.03
************************

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH