emv@math.lsa.umich.edu (Edward Vielmetti) (08/09/89)
By JOHN MARKOFF A paper describing fast and inexpensive ways of keeping computer information private has been distributed by computer around the world, over the objections of the secretive Federal agency that gathers electronic intelligence. The wide circulation of the paper has renewed a dispute pitting national security against academic freedom. The paper, written by a Xerox Corporation computer scientist, was obtained by a San Francisco independent computer consultant strongly opposed to a request by the agency, the National Security Agency, that Xerox restrict its circulation on the the ground of national security. The consultant, John Gilmore, transmitted it on a computer network to more than 8,000 sites around the world. [The entire article is 1 1/3 columns on p11 of the national edition. I don't plan to type it all in, though if someone has an on-line copy it would be useful to post it since it does add some information to the discussion.] --Ed
fc@lexicon.com (Frank Cunningham) (08/10/89)
I don't normally read this group, so by the time I read the NYT story
about the Merkle paper, it was gone from our system.
Could some one email me a copy or repost it ?
I will snailmail an exrox (no TM) copy of the NYT story to the first
few people that transmit the paper to me and request the story.
--
-Frank Cunningham smart: fc@lexicon.com phone: (617) 891-6790
dumb: {husc6,linus,harvard,bbn}!spdcc!lexicon!fc
Real Recording Engineers mix direct to 2-track.mcloughl@husc4.HARVARD.EDU (Scott Mcloughlin) (08/10/89)
I apologize in advance; I imagine that this newsgroup will be deluged in requests for the Merkle article. But anyway, could someone mail me a copy of the article? Even better, it might ultimately save everyone alot of time if someone would simply repost the article to the net. Thanx in advance to any helpers, and if someone posts the article to the net, I'll be following this newsgroup (and misc.security) for at least a few more weeks. Scott McLoughlin "As if you could kill time without injuring eternity!" -- HDThoreau
root@cca.ucsf.edu (Systems Staff) (08/10/89)
The following is offered by way of a review of this article which
appeared on page A11 of the national edition of the New York Times.
Unnumbered indented paragraphs are quotations from the article.
At the beginning of the article the term "security agency" is
identified as referring to the NSA.
According to the Times article J. Gilmore did not receive the paper
from Merkle:
Mr. Merkle gave the paper to several colleagues to review
earlier this year, and Xerox said it presented the paper
to Government officials to review in an effort to obtain
a license to export a computer program. A copy of the paper
was passed to Mr. Gilmore by one of the reviewers who was
concerned that its circulation had been restricted by the
security agency.
So there are several new points made in this paragraph:
1. The paper had been given to "Government officials"
to review (i.e. have an opportunity to suppress).
2. J. Gilmore was not a reviewer who had received the
paper in confidence from Merkle himself. At the time
the paper was given to Gilmore there was already
concern about sub-rosa efforts by the NSA to suppress it.
3. Xerox had apparently already developed at least one
program based on these ideas and wanted to export it.
In another paragraph we find:
Xerox executives said that the paper was reviewed by the
security agency and that agency officials told the company
that they preferred it not be published.
So Xerox, not Gilmore, is saying that the NSA was attempting to
suppress the paper.
Then the following paragraph says:
A spokeswoman for the security agency, Cynthia Beck, said
the agency had no record of a review of the paper. But
Xerox officials insisted that the agency had asked that the
paper not be published.
Here we have two points:
1. A spokesman for the agency used weasel words, i.e. "had
no record of a review" clearly is an avoidance of denial
of the review but is intended to give a casual reader just
that impression. Also "record" may be assumed to have a
technical meaning here, i.e. "on the record."
2. To the embarrassment of the net posters crying "paranoia"
the agency had indeed already started trying to suppress
the paper according to Xerox.
And elsewhere we find this teaser:
The paper also discusses in some technical detail a Xerox
encryption technology that referred to the design of of what
cryptographers call an S-Box, a coding mechanism. The security
agency has restricted the publication of information about
that technology as it related to an official government
standard, the data encryption standard.
Please notice the past tense there; "has restricted the publication"
it says. So they have taken explicit action to suppress public
knowledge of the reliability of the DES on which the security
of our financial transactions etc. depends.
Thos Sumner Internet: thos@cca.ucsf.edu
(The I.G.) UUCP: ...ucbvax!ucsfcgl!cca.ucsf!thos
BITNET: thos@ucsfcca
U.S. Mail: Thos Sumner, Computer Center, Rm U-76, UCSF
San Francisco, CA 94143-0704 USA
OS|2 -- an Operating System for puppets.
#include <disclaimer.std>henry@utzoo.uucp (Henry Spencer) (08/10/89)
In article <2295@ucsfcca.ucsf.edu> root@cca.ucsf.edu (Systems Staff) writes: >The following is offered by way of a review of this article which >appeared on page A11 of the national edition of the New York Times... While I'm inclined to agree with some of the speculations that followed, I would sound a note of caution: just because it's printed in the NYT doesn't mean it's right. Cryptanalyzing :-) the exact wording used in the article is probably not profitable. -- V7 /bin/mail source: 554 lines.| Henry Spencer at U of Toronto Zoology 1989 X.400 specs: 2200+ pages. | uunet!attcan!utzoo!henry henry@zoo.toronto.edu
richard@cbnewsi.ATT.COM (richard.steinberg) (08/15/89)
Does anyone know where to obtain a copy of this paper? A friend asked me to obtain a copy (now that it is in the public domain). Thanks.