New York Times - March 20, 1997

Code Set Up to Shield Cellular Calls Breached



"The industry design process is at fault," said David Wagner, a University of California at Berkeley researcher who was a member of the team that broke the code. "We can use this as a lesson, and save ourselves from more serious vulnerabilities in the future."


These technologists, who planned to release their findings in a news release on Thursday, argue that the best way to insure that the strongest security codes are developed is to conduct the work in a public forum. And so they are sharply critical of the current industry standard setting process, which has made a trade secret of the underlying mathematical formulas used to create the security codes.

"Our work shows clearly why you don't do this behind closed doors," Schneier said. "I'm angry at the cell phone industry because when they changed to the new technology, they had a chance to protect privacy and they failed."

Carroll, head of the industry's privacy committee, said it planned to revise the process for reviewing proposed technical standards.

up to CMEA

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc..