Why "carnivore" type systems can't be (entirely) open source

Nicholas Bohm nbohm at ernest.net
Wed, 07 Feb 2001 12:20:03 +0000 

At 10:48 07/02/2001 -0000, Owen Lewis wrote:
>
>----- Original Message -----
>From: "Brian Gladman" <brg@gladman.plus.com>
>To: "UK Crypto Posting" <stevee+brg@slimy.greenend.org.uk>
>Sent: 05 February 2001 10:58
>Subject: Re: Why "carnivore" type systems can't be (entirely) open source
>
>
>> This debate is getting unmanageable so I am cutting out the existing text
>in> order to get back to the key point.
>
>(snip)
>
>Fair enough. Let's refer to the thread subject line, where it all began. I
>believe that Richard could well prove correct in his prognostication,
>despite the rejoinder from several list members that he was advocating the
>dreaded STO.
>
>Over several exchanges we have established that you yourself only object to
>the use of STO when it is used by A to deny access to B to the algorithm and
>coding of a cipher provided by A for the use of B. In this particular, you
>consider STO anathema but in other applications you also see the value of
>it. For my part, even in the particular that you object to, I see room for
>benign use of STO as well as malign exploitation of B by A. I have personal
>knowledge of several examples of benign use of STO and I am surprised that
>you do not have much the same experience.
>
>In the specific of the GSM system, introduced into this thread by Ben as an
>example of  how damaging to B is the use of STO by A, I have shown as best I
>can that :
>
>        -    It is entirely wrong to consider GSM as a secure system. It
>provides conditional privacy only and can do no more, because of its very
>operational parameters. This would be true whatever cipher was used,
>concealed or declared. The cipher is very far from the weakest link in GSM's
>security chain and improving the cipher and declaring it could not make GSM,
>as a system, appreciably more secure.

Since a call from a GSM phone passes over the terrestrial system, it is
always vulnerable to those with access to that system, e.g. the local law
enforcement and intelligence communities.  What the broken character of GSM
adds in the way of vulnerability is access by foreign intelligence and
perhaps law enforcement communities, without compliance with any local
safeguards that may be in place.

>        -    Despite the conditional nature of the privacy afforded to B in
>GSM, B has flocked en masse to the system and finds that, in the main, the
>level of privacy provided suits his need.   That you and some others
>vehemently disagree with B in this matter has not influenced B's desire to
>adopt GSM in the least. It is B's wishes and none other than has determined
>both the past success and assured the future of GSM type cellular wireless
>telecom system design.

I doubt if the analysis above was appreciated by B, on account of (ST)O,
and B didn't have any other choice anyway.  If there had been a second
group of GSM phones on the market at the same cost but without the added
vulnerability described above, market choice might have been evidence one
way or the other.

>STO is an old saw. However, sometimes even an old saw can be employed to
>fine effect by a skilled craftsman. 

But hardly to improve security, in this case.

>There really has been no more to this
>discussion than is contained in the two preceding sentences..

Regards

Nicholas

Salkyns, Great Canfield,
Takeley, Bishop’s Stortford CM22 6SX, UK

Phone	01279 871272	(+44 1279 871272)
Fax	01279 870215	(+44 1279 870215)
Mobile	07715 419728 (+44 7715 419728)

PGP RSA 1024 bit public key ID: 0x08340015.  Fingerprint:
9E 15 FB 2A 54 96 24 37  98 A2 E0 D1 34 13 48 07
PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF