Essays in the Category "National Security Policy"
Page 14 of 14
The arrest of a Russian computer security researcher was a major setback for computer security research. The FBI nabbed Dmitry Sklyarov after he presented a paper at DefCon, the hacker community convention in Las Vegas, on the strengths and the weaknesses of software to encrypt an electronic book.
Although I’m certain the FBI’s case will never hold up in court, it shows that free speech is secondary to the entertainment industry’s paranoia about copyright protection.
Sklyarov is accused of violating the Digital Millennium Copyright Act (DMCA), which makes publishing critical research on this technology more serious than publishing design information on nuclear weapons…
Testimony and Statement for the Record of Bruce Schneier
Chief Technical Officer, Counterpane Internet Security, Inc.
Hearing on Internet Security before the Subcommittee on Science, Technology, and Space of the Committee on Commerce, Science and Transportation
United States Senate
July 16, 2001
253 Russell Senate Office Building
My name is Bruce Schneier. I am the founder and Chief Technical Officer of Counterpane Internet Security. Inc. Counterpane was founded to address the immediate need for increased Internet security, and essentially provides burglar alarm services for computer networks. I am the author of seven books on cryptography and computer security, as well as hundreds of articles and papers on those topics. For several years, I have been a security consultant to many major Internet companies…
The author of a pioneering work on the NSA delivers a new book of revelations about the mysterious agency's coverups, eavesdropping and secret missions.
In 1982, James Bamford published “The Puzzle Palace,” his first exposé on the National Security Agency. His new exposé on the NSA is called “Body of Secrets.” Twenty years makes a lot of difference in the intelligence biz.
During those 20 years, the Reagan military buildup came and went, the Soviet Union fell and the Cold War ended, and a bevy of new military enemies emerged. Electronic communications exploded through faxes, cellphones, the Internet, etc. Cryptography came out of the shadows to become an essential technology of the networked world. And computing power increased ten thousand-fold…
One of the stranger justifications of U.S. export controls is that they prevent the spread of cryptographic expertise. Years ago, the Administration argued that there were no cryptographic products available outside the U.S. When several studies proved that there were hundreds of products designed, built, and marketed outside the U.S., the Administration changed its story. These products were all no good, they argued. Export controls prevent superior American products from getting into foreign hands, forcing them to use inferior non-U.S. products…
A version of this essay appeared on ZDNet.com.
AES is the Advanced Encryption Standard, the encryption algorithm that will eventually replace DES. In 1997, the U.S. government (NIST, actually), solicited candidate algorithms for this standard. By June 1998 (the submission deadline), NIST received fifteen submissions. NIST asked for comments on these algorithms, with the intention of pruning the list to five finalists. NIST held an AES conference in Rome in April (this was the second AES conference, the first was the previous August in California), the comment deadline was in June, and last Monday NIST announced the finalists…
Key recovery is like trying to fit a square peg into a round hole. No matter how much you finagle it, it's simply not going to work.
In the September issue of Information Security, Commerce Undersecretary William Reinsch suggests that U.S. crypto export policy hinges on the concept of “balance” (Q&A: “Crypto’s Key Man”).
For key recovery policy to be successful, he argues, it must achieve a balance between privacy and access, between the needs of consumers and the requirements of the law-enforcement community.
For those who have followed the key recovery debate, Reinsch’s comments will have a familiar ring. Ever since the Clipper chip first made headlines in 1993, the crypto community has debated the notion of key recovery (or key escrow, or data recovery, or trusted third party or any other marketing term used to describe the same concept)…
The U.S. State Department recently ruled that some forms of electronic speech are not protected by the First Amendment and can be prohibited from export. This decision raises questions about freedom of speech on the information superhighway. As business communications continue to migrate from paper mail to electronic mail, these questions will become more important. It is vital that laws address this new form of speech.
Last year, I wrote a book called Applied Cryptography> (John Wiley & Sons, 1994), which explains cryptography in nonmathematical language. It describes how to build cryptography into products, illustrates cryptographic techniques, and evaluates algorithms and makes recommendations on their quality. It even includes source-code listings that enable readers to implement many of the algorithms and techniques described…
Good news! The federal government respects and is working to protect your privacy… just as long as you don’t want privacy from the government itself.
In April 1994, the Clinton administration, cleaning up old business from the Bush administration, introduced a new cryptography initiative that ensures the government’s ability to conduct electronic surveillance. The first fruit of this initiative is CLIPPER, designed to secure telephone communications.
CLIPPER is a tamper-resistant chip designed by the National Security Agency, a super-secret branch of the Department of Defense…
In April, the Clinton administration, cleaning up business left over from the Bush administration, introduced a cryptography initiative that gives government the ability to conduct electronic surveillance. The first fruit of this initiative is Clipper, a National Security Agency (NSA)-designed, tamper-resistant VLSI chip. The stated purpose of this chip is to secure telecommunications.
Clipper uses a classified encryption algorithm. Each Clipper chip has a special key, not needed for messages, that is used only to encrypt a copy of each user’s message key. Anyone who knows the key can decrypt wiretapped communications protected with this chip. The claim is that only the government will know this key and will use it only when authorized to do so by a court…
Sidebar photo of Bruce Schneier by Joe MacInnis.