from risks forum 3/1996: ------------------------------ Date: Fri, 8 Mar 1996 14:37:14 -0500 (EST) From: Frank Sudia Subject: CIA & NSA Run Remailers (Viktor Mayer-Schoenberger via Lisa Pease) >Date: Mon, 4 Mar 1996 16:52:42 -0800 (PST) >From: Lisa Pease >To: jfk-conspiracy >Subject: CIA & NSA run remailers (fwd) I attended last week's ``Information, National Policies, and International Infrastructure" Symposium at Harvard Law School, organized by the Global Information Infrastructure Commission, the Kennedy School, and the Institute for Information Technology Law & Policy of Harvard Law School. During the presentation by Paul Strassmann, National Defense University, and William Marlow, Science Applications International Corporation, entitled ``Anonymous Remailers as Risk-Free International Infoterrorists'', the question was raised from the audience (Professor Charles Nesson, Harvard Law School) -- in a rather extended debate -- whether the CIA and similar government agencies are involved in running anonymous remailers, as this would be a perfect target to scan possibly illegal messages. Both presenters explicitly acknowledged that a number of anonymous remailers in the US are run by government agencies scanning traffic. Marlow said that the government runs at least a dozen remailers and that the most popular remailers in France and Germany are run by the respective government agencies in these countries. In addition, they mentioned that the NSA has successfully developed systems to break encrypted messages will less than 1000-bit [public] keys and strongly suggested using at least 1024-bit keys. They said that they themselves use 1024-bit keys. I ask Marlow afterwards if these comments were off or on record, he paused then said that he can be quoted. So I thought I pass that on. It seems interesting enough, don't you think? Viktor Mayer-Schoenberger, Information Law Project, Austrian Institute for Legal Policy [Lightly edited for RISKS. By the way, don't forget that if you can monitor and compare the incoming and outgoing mail from an anonymous remailer, ``anonymous'' identities can be compromised. Beware of anonymity-bearing gifts. Also, see Matt Blaze's contribution on key lengths for symmetric crypto in RISKS-17.69. PGN