NATO Crypto

[Ross Anderson]

> When I buy something online, crypto protects my credit card details.
> When NATO aircraft attack Serbia the communications are often in the 
> clear. Why is it this way round? 

I discuss this in my paper on economics anmd security, and in the
talks I give on the subject. It's not mysterious at all once you
look cold-bloodedly at the incentives of the various participants.

First, the spook agencies are grossly biased towards offensive
rather than defensive operations because of information asymmetry.
If the Chinese hack the NSA's LAN, then they will keep very quiet
about it, and DirNSA will never get a rocket about it from W. But
if the NSA hacks the Chinese Politburo's LAN, then W will most
definitely get to hear about it - he will get the juicy parts of
the traffic with his breakfast cereal. So it's worthwhile to have
an entry to the enemy's traffic, even at the cost of the enemy 
having a bigger entry into yours. That's one of the reasons why
intelligence and counterintelligence agencies are almost never on
speaking terms, except in wartime - and even then it takes them
several years to get the ship tightened up.

Second, the banks love to encrypt traffic, not because it keeps 
the bad guys out, but because it enables them to dump the risk on
to the customers. The standard reference is Bohm, Brown and Gladman
- http://elj.warwick.ac.uk/jilt/00-3/bohm.html

Ross