Xref: utzoo sci.crypt:2162 news.misc:3482 Path: utzoo!utgpu!watmath!att!tut.cis.ohio-state.edu!ucbvax!ucsfcgl!cca.ucsf.edu!root From: root@cca.ucsf.edu (Systems Staff) Newsgroups: sci.crypt,news.misc Subject: Re: "Paper on Codes is Sent Despite U.S. Objection", NYT Aug 9 1989 Summary: The NYT article makes some points which had not appeared in the Usenet discussion. Message-ID: <2295@ucsfcca.ucsf.edu> Date: 9 Aug 89 22:47:57 GMT References: <768@stag.math.lsa.umich.edu> Organization: Computer Center, UCSF Lines: 83 The following is offered by way of a review of this article which appeared on page A11 of the national edition of the New York Times. Unnumbered indented paragraphs are quotations from the article. At the beginning of the article the term "security agency" is identified as referring to the NSA. According to the Times article J. Gilmore did not receive the paper from Merkle: Mr. Merkle gave the paper to several colleagues to review earlier this year, and Xerox said it presented the paper to Government officials to review in an effort to obtain a license to export a computer program. A copy of the paper was passed to Mr. Gilmore by one of the reviewers who was concerned that its circulation had been restricted by the security agency. So there are several new points made in this paragraph: 1. The paper had been given to "Government officials" to review (i.e. have an opportunity to suppress). 2. J. Gilmore was not a reviewer who had received the paper in confidence from Merkle himself. At the time the paper was given to Gilmore there was already concern about sub-rosa efforts by the NSA to suppress it. 3. Xerox had apparently already developed at least one program based on these ideas and wanted to export it. In another paragraph we find: Xerox executives said that the paper was reviewed by the security agency and that agency officials told the company that they preferred it not be published. So Xerox, not Gilmore, is saying that the NSA was attempting to suppress the paper. Then the following paragraph says: A spokeswoman for the security agency, Cynthia Beck, said the agency had no record of a review of the paper. But Xerox officials insisted that the agency had asked that the paper not be published. Here we have two points: 1. A spokesman for the agency used weasel words, i.e. "had no record of a review" clearly is an avoidance of denial of the review but is intended to give a casual reader just that impression. Also "record" may be assumed to have a technical meaning here, i.e. "on the record." 2. To the embarrassment of the net posters crying "paranoia" the agency had indeed already started trying to suppress the paper according to Xerox. And elsewhere we find this teaser: The paper also discusses in some technical detail a Xerox encryption technology that referred to the design of of what cryptographers call an S-Box, a coding mechanism. The security agency has restricted the publication of information about that technology as it related to an official government standard, the data encryption standard. Please notice the past tense there; "has restricted the publication" it says. So they have taken explicit action to suppress public knowledge of the reliability of the DES on which the security of our financial transactions etc. depends. Thos Sumner Internet: thos@cca.ucsf.edu (The I.G.) UUCP: ...ucbvax!ucsfcgl!cca.ucsf!thos BITNET: thos@ucsfcca U.S. Mail: Thos Sumner, Computer Center, Rm U-76, UCSF San Francisco, CA 94143-0704 USA OS|2 -- an Operating System for puppets. #include