[2387] in cryptography@c2.net mail archive
Re: Rivest's Wheat & Chaff - A crypto alternative
daemon@ATHENA.MIT.EDU (David Wagner)
Mon Mar 30 10:18:01 1998
From: David Wagner <daw@cs.berkeley.edu>
To: cryptography@c2.net
Date: Fri, 27 Mar 1998 14:36:44 -0800 (PST)
In article <2E54ADBA8A53D111904900A0C97278DFB28786@exchange.epicsys.com>,
Nathan Spande <nathan@epicsys.com> wrote:
> I often see us saying that strong cryptography will actually
> reduce the number and severity of crimes, but I've never seen anybody
> support such a statement. What percentage of crime involves failures of
> authentication and/or disclosure by non-priviledged individuals of
> confidential information?
The obvious example is financial transactions -- credit card numbers
sitting around in the thousands at online merchants just waiting to be
Mitnick'ed, ATM PINs encrypted under the bank's DES master key, and so
on.
But here's one you might not have heard before: cellphone privacy.
The state of confidentiality protection for analog cellphones is so
atrocious that I believe it is likely that almost everyone who has ever
used a cellphone in this country has had some call intercepted by an
eavesdropper. No joke.
Of course it's very hard to know. You'd never notice if your cellphone
was snooped on. But here's a back-of-the-envelope calculation. There
are apparently 10--20 million owners of scanners in the US (source:
Congressional hearings). There are 50 million cellular subscribers in
the US; in the grand scheme of things, digital usage is currently
negligible. Figure that in any one sitting, one may overhear dozens of
conversations with a scanner; many scanner owners turn this this into a
regular hobby.
All this works out to make it highly likely that if you use a cellphone
in the US with any frequency, you've probably been eavesdropped upon at
some point, whether you knew it or not.
Of course, this is all possible because analog cellphones transmit the
voice data in the clear. Now with the new digital cellphone standards,
the industry had a chance to deploy strong crypto to protect customer
privacy. Unfortunately, the NSA leaned hard on them, using export controls
as a big stick. The result is that tomorrow's digital cellphones will
have intentionally crippled crypto, even for domestic users. (Even
NIST recommends that federal users avoid US cellphones, and use the
European-designed GSM system instead, since it provides somewhat better
security. Of course, we have no import controls on crypto, so the net
effect is that we've exported jobs and privacy. But at least we don't
export crypto, thank heavens!)
Clearly Congress considers eavesdropping on cellphones a major crime:
they've imposed a series of increasingly-draconian restrictions on
scanners, to the point where it's a federal felony to even own a
cellphone-capable scanner (let alone actually use it to listen in on
cellular calls), punishable by 10 years in jail.
So today we've got ourselves into a situation where millions of conversations
are intercepted each year -- which makes millions of serious federal
felonies. All this crime could have been easily prevented with strong crypto.
Sadly, our crimefighters seem to be paid to prosecute criminals, not
help prevent crime...
