|
|
Subscribe / Log in / New account

Transport-level encryption with Tcpcrypt

Transport-level encryption with Tcpcrypt

Posted Aug 26, 2010 3:58 UTC (Thu) by zooko (guest, #2589)
Parent article: Transport-level encryption with Tcpcrypt

> It has been said that the US National Security Agency (NSA) blocked the implementation of encryption in the TCP/IP protocol for the original ARPANET, because it wanted to be able to listen in on the traffic that crossed that early precursor to the internet.

Citation needed! I've never heard that story, and I've read much of what has been written on the history of modern encryption.

According to Paul Lambert and Howard Weiss [1], NSA actually sponsored development of encryption for ARPANET.

http://www.toad.com/gnu/netcrypt.html

N.B. NSA certainly tried to prevent widespread encryption several times during the 1990's, so I wouldn't be surprised if they did block encryption in TCP/IP, but unless you have some evidence that they did, or at least you can say who told you this rumor, then why publish it?

to post comments

Transport-level encryption with Tcpcrypt

Posted Aug 26, 2010 6:13 UTC (Thu) by djao (guest, #4263) [Link] (6 responses)

The NSA is far too secretive for anyone to procure a reliable citation for such allegations. However, given that we all agree the NSA did block encryption from being deployed on the internet during the 1990s, during a period which was at least as crucial to the formation of today's internet as the old ARPANET, what difference does it make? There's no logical reason why the NSA's position on this issue would change between 1970 and 1990. Occam's Razor certainly implies that the NSA opposed encryption software deployment consistently throughout this entire timeframe, and they had ample ability and opportunity to take action behind the scenes, out of public view.

Transport-level encryption with Tcpcrypt

Posted Aug 26, 2010 13:37 UTC (Thu) by csigler (subscriber, #1224) [Link] (4 responses)

> The NSA is far too secretive for anyone to procure
> a reliable citation for such allegations.

You should have ended your comment with the above sentence. I'm not saying the NSA doesn't want to read all traffic on the Internet. However, you have _no_ proof for your claim. It is based on sheer speculation and approaches tinfoil hat-worthiness.

Clemmitt

Transport-level encryption with Tcpcrypt

Posted Aug 26, 2010 14:23 UTC (Thu) by djao (guest, #4263) [Link] (2 responses)

To be clear, I'm not claiming that the NSA actually did block encryption software in the 1970s. I have no proof of that.

What I am claiming is that their actions of 1970 are largely irrelevant. The NSA unquestionably did block encryption software in the 1990s, and in doing so heavily damaged the development of the internet. Against that backdrop, the events of the 1970s, whether positive or negative, have no more significance than a rounding error. If the sentence you point out from the article is indeed an error, it is an extremely minor one. The major thrust of the claim (that the NSA held back public use of encryption software) is correct, even if the timeline is off.

Transport-level encryption with Tcpcrypt

Posted Aug 26, 2010 16:31 UTC (Thu) by zooko (guest, #2589) [Link] (1 responses)

Journalists (and indeed, everyone who posts things that are going to preserved for posterity, which means all of us) should strive for accuracy. If Jake can tell us from whom he heard this rumor or what else he heard about it, then that might help us learn something.

If it doesn't matter whether the rumor is true or false, then one can omit it just as well as include it.

One reason that I object to printing unsubstantiated rumors is that it reduces the credibility and impact of truths. NSA did indeed block distribution of crypto in the 1990's through means both legal (export regs, Clipper chip) and shady (pressuring Netscape and Cisco to cripple security products), and in fact they were still doing it as recently as 2007 when they pressured Sun (without any legal justification that I can see) to omit the crypto accelerator from the GPL'ed source code of the UltraSparc T2.

These things matter to me! I don't want people to be complacent or ignorant of a powerful, shadowy, ill-regulated organization interfering with freedom of speech, freedom of commerce, and democracy! Accusing them of things without evidence only serves to inure people to their real offences.

Transport-level encryption with Tcpcrypt

Posted Aug 26, 2010 16:45 UTC (Thu) by jake (editor, #205) [Link]

> If Jake can tell us from whom he heard this rumor or what else he
> heard about it, then that might help us learn something.

I read it (somewhere) within the last week or so ... as I was writing the article I did some Googling and even poking through my (voluminous) browser history to see if I could find it. The fact that I didn't should probably have made me shy away from saying it.

"It has been said ..." was basically a cop-out ... my apologies ...

If I do come up with a reference I'll post it here.

jake

Transport-level encryption with Tcpcrypt

Posted Aug 26, 2010 16:03 UTC (Thu) by gmaxwell (guest, #30048) [Link]

The fact of the NSA disrupting the public introduction and even _discussion_ of cryptographic techniques isn't really up for debate. It's stated fairly plainly in their own documents: http://cryptome.org/0001/nsa-meyer.htm

From the horses (formerly top secret) mouth: "NSA hunted diligently for a way to stop cryptography from going public."

Though I've never seen any disclosure specific to the arpanet, it would be a logical consequence of the chilling effect of their academic suppression in other areas even absent direct intervention.

But really... would you have done differently in their shoes?

Transport-level encryption with Tcpcrypt

Posted Aug 26, 2010 19:32 UTC (Thu) by smoogen (subscriber, #97) [Link]

> There's no logical reason why the NSA's position on this issue would
> change between 1970 and 1990.

Applying Occam's razor without enough facts gets you wrong conclusions. There were many many differences between 1969 ARPAnet and 1994 Internet.

1) ARPAnet was a Cold War research unit where designing new things to help the military was paramount. The NSA at that time was quite aware that designing in security first versus later was important for future military networks. The institutes that were going to connect to ARPAnet were limited and controlled putting in encryption would be easier to secure. The Internet on the other hand was completely different with it already spanning into .su and other places.

2) The politics were completely different in 1970's and the 1990's. In the 1970's ARPAnet was going to be connecting and learning about dealing with network failures in that war with the soviet union any day now. This environment security was more important than Control. In the 1990's the war was over and the US had won.. so control was more important than security.

The simple fact is that encryption is very expensive hardware wise and when your research computers are at best on a partial T1 adding in DES or some other encryption would make it too much for anyone to want to use. Back in the late 1980's we had encryption in our Kerberos systems but most people turned it off because it sucked the living bejezus out of the CPU when you were trying to do a telnet.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds