Why "carnivore" type systems can't be (entirely) open source

Tom Thomson tthomson at linkguard.com
Wed, 7 Feb 2001 17:43:35 -0000 

> -----Original Message-----
> From: ukcrypto-admin@chiark.greenend.org.uk
> [mailto:ukcrypto-admin@chiark.greenend.org.uk]On Behalf Of Owen Lewis
> Sent: 07 February 2001 10:48
> To: ukcrypto@chiark.greenend.org.uk
> Subject: Re: Why "carnivore" type systems can't be (entirely) open
> source
[snip]
>         -    It is entirely wrong to consider GSM as a secure system. It
> provides conditional privacy only and can do no more, because of its very
> operational parameters. This would be true whatever cipher was used,
> concealed or declared. The cipher is very far from the weakest
> link in GSM's
> security chain and improving the cipher and declaring it could
> not make GSM,
> as a system, appreciably more secure.

The first two sentences in the above are certainly indisputable.  I'm not
sure about the third.  The fourth is plainly wrong.  To assert the fourth
sentence requires an assumption about the threat model.  Certain potential
attackers have easy access to the parts of the channel in which the
pliantext is manifest, and if one bases one's threat model on possible
actions by those potential attackers one will reach the conclusion that
improving the cipher would have no effect.  On the other hand, there are
potential atackers who would have difficulty in obtaining such access, and
if one bases one's threat model on those potential atackers one will reach
the opposite conclusion.

>         -    Despite the conditional nature of the privacy
> afforded to B in
> GSM, B has flocked en masse to the system and finds that, in the main, the
> level of privacy provided suits his need.   That you and some others
> vehemently disagree with B in this matter has not influenced B's desire to
> adopt GSM in the least. It is B's wishes and none other than has
> determined
> both the past success and assured the future of GSM type cellular wireless
> telecom system design.

I don't believe you can safely assert that B finds that the level of privacy
suits his needs.  What you can safely assert is that B has not discovered
that the level of privacy fails to suit his needs.  We do not know whether
there was an early crack. What we do know is that no-one publicised an early
crack.  That knowledge may lead us to conclude that if there was an early
crack the cracker kept the information secret, so must have been willing to
live with what advantage he could derive from information obtained through
the crack rather than sell the cracking capability to others.

Of course if you are simply arguing that this is an instance of STO
providing commercial benefit to its perpetrator, we have to agree; but
theft, robbery, burglary, industrial espionage, and other more or less
undesirable activities sometimes provide commercial benefit to their
perpetrators too, and I'm sure that you would not argue that every one of
these is a good thing.

Tom