Why "carnivore" type systems can't be (entirely) open source

Brian Gladman Brian Gladman" <brg at gladman.plus.com
Thu, 8 Feb 2001 09:14:55 -0000 

From: "Owen Lewis" <oml@eloka.demon.co.uk>
To: <ukcrypto@chiark.greenend.org.uk>
Sent: Wednesday, February 07, 2001 8:24 PM
Subject: Re: Why "carnivore" type systems can't be (entirely) open source

[snip]
> > To be as precise as possible, I believe that the use of STO to hide a
> > security design [*] from those who are to rely on it is overwhelmingly
> more
> > likely to create a detriment to their security interests than any
> > enhancement of them.
> >
> > [*] the design itself, not the techniques used to achieve it.
> >
> > This is not absolute - it is the probability that this will work to
their
> > advantage or disdvantage in practice when averaged over many typical
uses
> of
> > STO.  And it is because I believe this probability is so skewed towards
> > insecurity that I consider it to be a completely discredited technique
> when
> > used to hide designs from those who will be asked to rely on them.
>
> Then perhaps the many employees in those departments of many governments
> that use use govt ciphers should all consider themselves - their lives in
> some instances put deliberately and cynically at risk by their employers.
> Somehow, I don't think so :-) In the above, You appear simply to ignore
fact
> that is inconvenient because it is contrary to your position.
>
> I don't think we can drive this any further. The wheels have fallen off.

I have always made it clear in this discussion that the "relying party" is
the information owner who is seeking protection by making use of the design
in question.

In a government or company situation the information owner is not any
individual employee but rather the organisation itself.

The question of the attitude of the UK government to STO is hence embodied
in the question "would the UK government rely on a cipher for protecting its
information if the design of the cipher was hidden from it".  I am
absolutely certain that the answer to this question is 'no'.

Clearly there are situations in which the UK government will put the lives
of its employees at risk in order to preserve the UK's national security.
Whether of not this has been a feature of the cryptographic battle between
nations over the last 60 years is not something I feel it is sensible to
discuss.

     Brian