Hacker News new | past | comments | ask | show | jobs | submit login
NSA's Backdoor Key from Lotus Notes (2002) (cypherspace.org)
564 points by Lammy 31 days ago | hide | past | web | favorite | 87 comments



I think Lotus Notes has a fascinating history, cryptographic shenanigans asides. As far as I'm aware it is still the most successful "offline first" / "local-first" application platform in widespread use today, complete with multi-master document replication, highly-configurable conflict resolution and rapid application development. These were revolutionary capabilities during the dialup era. The email client just happens to be the most popularly recognised groupware application outside of individual corporate firewalls.

The original vision was very lofty: https://web.archive.org/web/20180225100127/http://www.kapor....

"Notes should take the first major crack at the area of idea processors, textual databases, and hypertext systems."

I would love to see where an open source equivalent built for the modern age could take us... (CouchDB gave it a good shot!)


Still, I believe it's wrong to distract here from all the other important topics addressed by Ray Ozzie, who was aware of all the important issues even in 1996, and for historical context of the NSA key from the title, here is the relevant part from his speech he gave in 1996, about how Lotus implemented what was legally required from them:

"As you know, the U.S. government has defined its "maximum tolerance level" for exportable unescrowed cryptography at 40 bits. That is, because they generally permit the export of 40-bit products, the U.S. government is clearly already willing to deal with a 40-bit work factor in order to examine encrypted communications outside of this country.

So, the system that we're shipping in Lotus Notes Release 4 overseas is one that presents different work factors to different parties, hence the name.

Against crackers -- against the run-of-the-mill adversary trying to break a message -- the work factor is 64 bits, just like it is in the U.S. That is, in the new International Edition of Lotus Notes, bulk data keys are now 64 bits just as they are in our North American Edition that's sold in the U.S. and Canada.

But when the U.S. Government needs access to a communications stream overseas encoded by the international edition of Lotus Notes, they are no worse off - and no better off - than they are today - they have to crack 40 bits."

Since then, the goals of different interest groups haven't changed, and we all now about many new possibilities and about the surveillance actually being done and the dangers that the changes brought and can bring.

Other comments here in the other threads are about these more recent issues and the readers should note them too.


Duly noted - sorry for diluting attention.

Connecting both aspects though: arguably the failure of subsequent technologies to fulfill the decentralized Notes vision has facilitated the rise of extreme centralization and greatly exacerbated our privacy problems.


This compromise was also used by WebTV in Japan in 1997. I vaguely recall that client/server comms were protected by 56 bit symmetric encryption, and that in international mode, 16 bits of the session key were explicitly sent in cleartext to respect the 40 bit limit. WebTV in the USA was full strength crypto, at least as strong as the little MIPS processor in the settop box could manage.


Claims that weak devices couldn't handle strong cryptography are mostly bogus.

Fun fact: The Atari 7800, designed in 1983, used a 956-bit Rabin signature to vendor lock games. Strong cryptography was unavailable for a long time primarily due to indifference, ignorance, and interference and not primarily due to computational limits.


> in 1983, used a 956-bit Rabin signature to vendor lock games.

But not to encrypt the communication -- that would have been, apparently, against the U.S. laws of that time.

> Strong cryptography was unavailable for a long time primarily due to indifference, ignorance, and interference and not primarily due to computational limits.

It's surely the "interference" in the form of the mentioned U.S. laws at the time, some other comments here detail the historical background.


I'm not aware of any law it would have been violating if was encrypted in the US.

However, export was another matter and the export version of the 7800 left the crypto out!

In any case, my point was that weak crypto spanning into the late 90s was not a result of technical limitations.


> I'm not aware of any law it would have been violating if was encrypted in the US.

The laws as they were had exactly that effect: a lot of companies didn’t intend to have products sold solely in the US. And it was problematic enough that most companies avoided making a US-only version: even carrying such a product on a floppy disk while travelling outside of US could get you in trouble, see this article from 1995:

https://www.wired.com/1995/03/the-continuing-investigation-o...

The companies that did use strong crypto typically had the contracts with the military.


Sorry, we're talking in loops. The legal issue wasn't encryption vs other cryptography, it was export or not. 7800 did face that issue, and resolved it by making the non-US version not do the crypto. This was probably easier in their case due to PAL vs NTSC. :)

I think both of us might be making the error of correcting something the other person wasn't intending to comment on! :)

Some export complications around crypto exist to this very day-- at least for commercial hardware products. I've had to fill out the export forms myself, and not that many years ago.


> The legal issue wasn't encryption vs other cryptography, it was export or not

And I have never claimed anything else, it can be easily verified.


I was in IT support during the Notes era working alongside notes devs. It was a grand vision. Perhaps too grand. Notes was supposed to do much more but I never saw it actually deliver in production. And between Exchange and GroupWise it got its ass kicked.


It couldn’t survive under IBMs care as they declined, which was a shame.

I worked in places that did everything from comprehensive correspondence management to configurators for factory systems. It’s a pretty powerful set of tools.

The Microsoft world was much more primitive until the mid 2000s. GroupWise and Notes shops didn’t have the ridiculous mailbox size limitations that Exchange had up until about a decade ago. Even today, the dumpster fire that is SharePoint is arguably inferior to what Notes was shipping in 1996 in some ways.


Dumpster fires everywhere are offended that you’ve compared them to Sharepoint.


The myth that Sharepoint really, truly stinks and you should not use it even when your choices are dire, is as real and true as a dumpster fire.


I'll be honest the syntax of your sentence is so confusing you could tell me that you hate SharePoint or that you've made millions administering it and love it, and I would believe you either way.

That being said, I've work on a handful of installations of various sizes, including large state governments and Fortune 500 companies setups, and have never encountered one that wasn't a massive struggle to work with compared to just about any alternative solution.


I've never seen a product where even the people who run the platform pretty much hate it.

The only open question is that will Teams, which is at it's heart a bizarre mashup of SharePoint and enterprise IM/Voice/Video will eventually engender the same universal disdain.


SAP. In my whole career i've never heard of an SAP implementation described in terms other than "total nightmare".


Having seen at least three or four multinational-level SharePoint environments, I would strip them all back down to raw HTML with an ACL enforced editorial process. Then try again from scratch. I shudder to think of ever being a SharePoint admin.


Notes within IBM fulfilled it's vision. distributed app running on the platform making large use of replication and delivered as needed where the norm.

it suffered of development inconsistency if anything, much like java applets

turns out if some platform access is too easy, everyone starts publishing crapware


Not open source, but it strikes me that Notion.so, Coda and AirTable might be examples of centralized, online "Notes-replacements", all inspired by how Google Docs (Writely) let you collaborate and perform conflict resolution in the cloud a bit over a decade ago.


Can't speak for the others, but Notion.so conflict resolution is significantly less sophisticated than Google Docs' operational transforms (I think that's what they're using).


True. Perhaps I overemphasized that because they're online collaboration tools. I haven't yet used them with multiple people in one "document" yet.


It is last write wins at the block level. The unit of granularity is a property on a block, for example the entire text in a paragraph of text or the type of a block. For moving or adding blocks in lists, the operation is "place after object id XXX", so there are a few edge cases where someone else deletes or moves the block right before the target location. If the preceding block is missing from the list, they place the moved/new block at the end. (There is also a 'listBefore' operation that is used at the beginning of the page.)

If you're online, the rough edges are plastered over a little by timely updates, but working offline would amplify them a bit.


CouchDB is still thriving. It's adopting FoundationDB in 4.0... https://www.youtube.com/watch?v=SjXyVZZFkBg good talk on that here at FoundationDB Summit


This backdoor would be the equivalent of a combined outlook and a .net app being compromised.

It might be hard to imagine the scope that notes encompassed in its day... it simultaneously provide mobile, offline first apps with usable data replication.. among a few features that might be surprising:

Notes had a few more unique features that modern devs might cringe to hear isn’t all that new:

- Notes provided early Nosql/relational data. Everything was a document and have fun stitching it all together in views. The NotesSQL layer would add an ODBC based layer to simulate relational dbs.

- When Lotus added Domino to Notes, it was among the first that could deliver the same Lotus Notes code to a web application. Early write once, deploy anywhere (woda). Existing apps that only ran inside Notes now worked in a web browser.

All this.. for a piece of software that was originally an email server and built workflow around it. all compromised.


"[O]riginally an email server" gets it rather backwards. It was more like a BBS/forum hosting platform that had messaging between boards (databases), with user email as a special case.


Fair..

Notes for email / groupware was a common implementation, and it was more capable than alternatives like Exchange, Novell Groupware, because of the application building abilities of Notes.


While interesting, this is way off topic and should not be rated above discussion about the nefarious cryptographic behaviour of the business.


> nefarious cryptographic behaviour of the business.

It was not just "business" then: the export of strong encryption had the same status as the export of weapons in the U.S. laws at that time. See the other threads here.


I strongly agree! When I was first thrust into Notes administration (version 3 no less!) I hated it. But combined with version 4 and using it more, the power hiding behind the ugly GUI became more and more apparent. I've yet to find a system that can handle unstructured data or workflows with field level replication, role based security and encryption as quickly or as elegantly as with Lotus Notes - UI warts and all. Indeed I have some workflows that I could probably automate myself in a week or so but am in the process of getting dev support to accomplish some other way.

It's too bad IBM didn't really fix the non-windows feel of Notes until version 8. By then Exchange had clearly won - should have never happened. The Notes server back end is still far more robust than Exchange. Oh well...


Hated Notes. I left companies because of it.


As mentioned in The Friendly Orange Glow, it was started by people who worked on the PLATO system at the University of Illinois which added its Notes discussion system in 1973. PLATO ran until 2015.


You should check out Couchbase Mobile and Couchbase Enterprise Edition then!


Just don't use couchbase for larger amounts of data. In fact as a database it is mediocre at best. NoSQL, when it even works, is slow. Bulk operations are slow. Memcache backend gets constantly killed by oom killer. Rebalancing cluster is manual. Indices dont work. Timeouts are specified in microseconds. Documentation is lacking. maybe that's changed since 5.3, but bad taste lingers on.


Try RavenDB, also multi master replication and has all the store mentioned capabilities


There isn't a 5.3 of Couchbase Server...


My bad, memories fade. It was 5.1.3 then, i think. I remember upgrading the cluster to 5.5 with some pain and fear of data loss, however the concrete version i was upgrading from eludes me.



Thank you for the link. I found barrkel’s comment[1] particularly moving:

> A non-authoritarian government is an historical anomaly. It's a ball balanced on top of a hill, pushed there by the deaths of millions, and kept there by the vigilance of those who care. Please start caring.

[1]: https://news.ycombinator.com/item?id=5847789


> It's a ball balanced on top of a hill, pushed there by the deaths of millions, and kept there by the vigilance of those who care.

I feel like the ball has started to roll downhill, and is rapidly gaining speed, but that the only folks who can stop it are too dug into their own partisanship to take a look around them and do something.

That, or they desire authoritarianism. I've frankly been surprised at the number of people I've talked to in the past few years who seem to like the idea of a strongman leader. I always assumed everyone but the most extreme wings of the right and left believed in liberty and democracy, but I now see that was I mistaken.


My experience has been the opposite. I've rarely met anybody in the center ~80% or so that didn't have a little dictator inside of them, yearning to come out and strangle the masses under behavior controls, dictating how everyone else is to live. I find it doesn't take more than a few minutes of conversation with moderates, before you can see the gleam of dictator in their eye, where you can get them to openly state something about wanting to directly or indirectly control other people and how they live.

And when it comes to the extreme partisan wings, the dictator is giant rather than little. You don't have to engage them in conversation for it to come out, they project it all the time willingly, openly.


Everyone wants to believe that they know how other people should be living their lives. And everybody believes that they themselves know where to draw the line between freedom and order.

Freedom means something different to every person on the planet, and that makes it difficult to protect.


> My experience has been the opposite.

What you describe isn't the opposite. It's mostly the same.

And if 100% of the people you encounter are displaying either a little authoritarianism or a lot, you need to spend more time with libertarians.


China strikes me as a good example of this. I remember reading an article that was composed of 5-6 personal stories from young Chinese (20s and 30s). Generally, they’re very happy in China. As far as they’re concerned the leadership took China from agrarian to world leader in a short period of time, vastly improving their quality of life.

Of course, the reason this works is because they’re the majority—the “everyday” Chinese citizen who the gov’t is trying to improve life for. Life is not as good if you're not in the target demographic.


My time in China suggested to me that a lot of people wanted to leave but were afraid to say it anywhere or any way that could hold them accountable.

With systems like the social score, can you trust any public opinion from a member of the Chinese state?


Authoritarianism only looks like authoritarianism if you don’t agree with who’s in charge.


Clever, but not borne out by evidence. You're not going to claim that Stalin's Russia and Thatcher's Britain (to take two arbitrary governments) were equivalent in authoritarianism, with the only difference being who agreed and who disagreed with said governments, right?

Or are you?


June 2013 discussion's top post is by the person involved in making Lotus Notes (Ray Ozzie). His comment - which tangents into issue of privacy and data control - is also prescient, and could have just as well been written today, which is a sad testament to how things didn't get any better in the past 6 years.


As well in this thread.


https://en.wikipedia.org/wiki/RSA-768#RSA-768 was factored almost exactly 10 years ago. I wonder if anyone has tried factoring this one? Hopefully the NSA doesn't still use this key...


I have to chime in that I too have a love/hate relationship with Lotus Notes. I started using it back in ‘98. It was massively empowering to build functional and secure workflow apps, and do so faster than you could wireframe on other platforms. I rolled it out to thousands of users successfully. It was truly visionary in scope. However, the performance was mediocre and there were many really poor oversights and omissions. Often I would go to program some base operation and find out you just “can’t get there from here“. It seemed their QC process hadn’t really given much though to global calendar synchronization or to very basic needs like printing landscape. I still use it daily for a large (funeral) industry specific app. and it has run flawlessly for a decade (albeit making API calls to MS Office and the web). I go to program new things in React or even Rails and am disappointed that you have to reinvent things that were built into Notes 20 yrs ago.


They embedded an entire X.509 cert in it? I wonder if the Lotus devs just made an X.509 cert out of key material they were given or if the NSA actually minted it with that subject.


I have to think the engineers were maliciously complying with the directive. It's far too dark a joke to be honorific.


Ray Ozzie confirmed in a thread below that it was done by Charlie/Al/him as a joke.


Like laughing at a funeral?


Like "we do what we have to do because it's currently a law, but we can't be forced to give a nice name to it, let them know what we think of it:"

https://news.ycombinator.com/item?id=21859950

See the other comments here for a historical context: "exporting" stronger crypto software from the U.S. had the same status as exporting weapons of war.


The cert has to be signed by something, usually its own key. If it was self-signed then the NSA signed it with those details.


I thought at first the NSA made the Orwell reference, but it looks just the lotus notes devs did?

I guess that's...reassuring.


Charlie, Al, and I were just trying to maintain a sense of humor in fairly tough times, knowing that the first who would see the key would be the folks we were working with at the ministry.


With no judgment whatsoever, may I ask: why did you do the work? Why did you not walk away and stand on moral principle against such intervention? From reading your comments, I gather this isn’t something you agreed with.


The product we built (1984) was for team collaboration & business apps, and we placed a strong bet on crypto for end to end encryption rather than just the illusion of security via access control. It hadn’t been done before. Crypto based products in that era were classified as munitions. They didn’t know what to do with our request; initially they suggested granting us 20 bits for symmetric keys. We got them up to 32. Within a couple years they went to 40. But we used 64 in our US products and wanted to deliver that level globally.

The principled thing to do would be to have never tried to ship our product outside the US, knowing the export regime.

But we had customers who wanted to communicate and collaborate with teams globally. Their alternative was to send everything in the clear, and I wanted to deliver a secure comms system for my global customers.

Ultimately I felt that they were better off with something to protect them - even a compromise - rather than nothing. The bet was that we could get rid of the compromise over time. (Thankfully, the hack was only necessary for a few short years.)

While “working the issue” in DC, I personally came to the viewpoint that most of the policy makers were not inherently evil or stupid; they truly didn’t fully grasp the myriad implications of this new technology. The issues are complex, the pressures great, and it is difficult for them to know how to balance equities. And so, right or wrong, I felt my best bet to change the system was to use methods that I suppose Bruce Lee would call “fighting without fighting”, as opposed to purely principled extremism.


The context has an unofficial name "crypto wars":

https://en.m.wikipedia.org/wiki/Crypto_Wars

"In the U.S." since "the immediate post WWII period" the "crypto software was included as a Category XIII item into the United States Munitions List." That meant that exporting software with strong encryption was legally the same as exporting weapons.

What they Ray Ozzie and colleagues implemented was at that moment (1996) claimed to be a "superior exportable encryption technology when compared to other US products on the market":

https://packetstormsecurity.com/files/21281/lotus.notes.nsa....

To compare:

https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...

To be able to export Netscape web browser with SSL (a predecessor of TLS) "Netscape developed two versions of its web browser. The "U.S. edition" supported full size (typically 1024-bit or larger) RSA public keys in combination with full size symmetric keys (secret keys) (128-bit RC4 or 3DES in SSL 3.0 and TLS 1.0). The "International Edition" had its effective key lengths reduced to 512 bits and 40 bits respectively (RSA_EXPORT with 40-bit RC2 or RC4 in SSL 3.0 and TLS 1.0).[6] Acquiring the 'U.S. domestic' version turned out to be sufficient hassle that most computer users, even in the U.S., ended up with the 'International' version,[7] whose weak 40-bit encryption can currently be broken in a matter of days using a single computer."

Only later:

"In January 2000, the U.S. Government relaxed export regulations over certain classes of mass-market encryption products. In line with these changes, Netscape has made the strong-crypto versions of Communicator and Navigator available worldwide." (1)

https://www.fortify.net/README.html#do


I appreciate the illustrative nature of your comment, but I'm really looking to learn something from a rather influential mind in software engineering.


Respect to you (from one Ozzie to another).


That's why Ray Ozzie's comment on a previous submission is so significant: https://news.ycombinator.com/item?id=5847189


The part written in 2013, not less urgent today:

"For example, did you really intend to yield your 4th amendment rights when you granted a 3rd party access to your files as a part of Mac Software Update, Windows Update, Virus Scanners, etc., or when you started using a service-tethered smartphone?

Anyway, unlike 'web tracking' issues which seem to be broadly ignored because of our love for ad-supported services, I hope we all (especially the young readers of reddit, hackernews, etc) wake up to the fact that these privacy and transparency issues are REAL, and that they truly will impact you and the country you live in, and that even if you don't consider yourself an activist you really should get informed and form an opinion. Again, this is a non-partisan issue, and let's all work to ensure that it stays this way.

Two great organizations where you can learn are EPIC and EFF. (Disclosure: I am on the board of EPIC.) Take it in, and think. Your contributions are needed and would of course be quite welcome.

http://epic.org

http://eff.org "

Ray Ozzie https://en.wikipedia.org/wiki/Ray_Ozzie


That's a super comment and yet not a day goes by here on HN that I read the exact opposite: that privacy is dead and that we should all just roll over and enjoy our Amazon, Google, Apple and Microsoft telemetry because it isn't going to change back.


Since I frequently enjoy reading your comments, I know you don't feel that way ;-) However, probably for the masses it's generally true. We've kind of been here before, though. I mean there was a time where free (as in freedom) software was regarded as a complete joke. Only long bearded hippies used it and doing so was considered to be the high tech version of self-flagellation. Now, thanks to many people (with or without beards) we live in a world where choosing development tools that aren't free software is considered to be almost insane by most. OK, it's not Nirvana, but it's a heck of a lot closer than I ever expected we'd get.

Just as we did in the 1980's, I think we need to hold the fort and keep writing software. We need to write stand-alone applications that the user is in control of. We need to build alternatives to the stampede of needlessly cloud based offerings. And we need to keep chipping away at building federated, distributed applications where isolation is not an option. We have a long way to go, but that's always been the case for those that value software freedom. We should be used to it by now :-)

One final point: I think a lot of people will feel that we are a fringe community and can't possibly make an impact. Mastodon can not topple Twitter. Riot will never touch Facebook. This is probably true, but the more we write code that adheres to our values, the closer we get. We just need to keep chipping away. It is possible that one day at least some significant portion of the population will consider that the use of services controlled centrally by a single corporation is just insane. It might never happen, but if we don't keep building it's guaranteed not to happen.


I would love to have an open source self hostable version of Google Docs.



Also see Etherpad (https://etherpad.org/), which is integrated into Sandstorm (https://sandstorm.io/).

For lots of other self-hosted things: (https://news.ycombinator.com/item?id=21235957).


Are you sure? Looks like the Orwell references are encoded into the NSA public key, so I assumed it was the NSA that made the joke.


If you read the discussion here or the previous discussions, you’d see comments from Ray Ozzie, one of the folks behind it, with details on why they did it.


This is a bit spooky. I wonder if the engineers responsible were just trying to be cute, or "reaching out" in a way.


Probably just having a joke. Human psychology is complex, no matter what positive or negative things we do to each other.


Posted by the man himself before your reply:

> Charlie, Al, and I were just trying to maintain a sense of humor in fairly tough times, knowing that the first who would see the key would be the folks we were working with at the ministry.


Inslaw's legal case-management system "PROMIS" also had a back door, put there by Michael Riconosciuto, under the direction of Earl Brian of Inslaw's competitor Hadron. Attorney General Edwin Meese's Department of Justice drove Inslaw out of business, pirated their software, and distributed it with the back door to Israel and 80 other countries so the US could spy on them. Danny Casolaro was investigating it, but suddenly died of an unlikely apparent suicide.

If Trump really wanted to investigate corruption in the deep state, he should start by interrogating his good buddy Edwin Meese, instead of honoring him with the Medal of Freedom. He could also ask his own Attorney General Bill Barr why he whitewashed the Justice Department last time he had it investigate itself. (Actually, maybe that's why he hired Barr!)

https://www.npr.org/2019/10/08/768136964/trump-to-honor-form...

>Trump To Honor Former Reagan Attorney General, Who Left Government Under Ethics Cloud

http://nothingmajor.com/journal/775-meese-is-a-pig-returns/

>Experts Agree! MEESE is a PIG

https://threadreaderapp.com/thread/1179701030520524801.html

>INSLAW/PROMIS links

>Barr refused to appoint an independent counsel to the Inslaw case, relying instead on a retired federal judge, in this case Nicholas Bua, who reported to Barr alone. In other words, the DOJ was responsible for investigating itself.

https://en.wikipedia.org/wiki/PROMIS_(software)

https://en.wikipedia.org/wiki/Inslaw

https://en.wikipedia.org/wiki/Michael_Riconosciuto

https://en.wikipedia.org/wiki/Earl_Brian

https://en.wikipedia.org/wiki/Danny_Casolaro

>The Justice Department had dishonestly conspired to "drive Inslaw out of business 'through trickery, fraud and deceit'" by withholding payments to Inslaw and then pirating the software.

>The Justice Department had done so in order to modify PROMIS, originally created to manage legal cases, to become a monitoring software for intelligence operations.

>"PROMIS was then given or sold at a profit to Israel and as many as 80 other countries by Dr. Earl W. Brian, a man with close personal and business ties to then-President Ronald Reagan and then-Presidential counsel Edwin Meese."

>"There appears to be strong evidence, as indicated by the findings in two Federal Court proceedings as well as by the committee investigation, that the Department of Justice 'acted willfully and fraudulently,' and 'took, converted and stole,' Inslaw's Enhanced PROMIS by 'trickery fraud and deceit.'"

>A book written in 1997 by Fabrizio Calvi and Thierry Pfister claimed that the National Security Administration (NSA) had been "seeding computers abroad with PROMIS-embedded SMART (Systems Management Automated Reasoning Tools) chips, code-named Petrie, capable of covertly downloading data and transmitting it, using electrical wiring as an antenna, to U.S. intelligence satellites" as part of an espionage operation.

>"another undeclared mission of the Justice Department's covert agents was to insure that investigative journalist Danny Casolaro remained silent about the role of the Justice Department in the INSLAW scandal by murdering him in west Virginia in August 1991."

>Inslaw's new allegations described the Justice Department dispute with Inslaw as part of a broad conspiracy to drive Inslaw into bankruptcy so that Earl Brian, the founder of a venture capital firm called Biotech (later Infotechnology), could acquire Inslaw's assets, including its software Promis. Inslaw owner William Hamilton told PSI investigators that Brian had first attempted to acquire Inslaw through a computer services corporation he controlled, called Hadron. Hamilton said that he rejected an offer from Hadron to acquire Inslaw, and that Brian then attempted to drive Inslaw into bankruptcy through his influence with Attorney General Edwin Meese.

https://www.wired.com/1993/01/inslaw/

>The INSLAW Octopus

>Software piracy, conspiracy, cover-up, stonewalling, covert action: Just another decade at the Department of Justice

>The House Judiciary Committee lists these crimes as among the possible violations perpetrated by "high-level Justice officials and private individuals":

>> Conspiracy to commit an offense

>> Fraud

>> Wire fraud

>> Obstruction of proceedings before departments, agencies and committees

>> Tampering with a witness

>> Retaliation against a witness

>> Perjury

>> Interference with commerce by threats or violence

>> Racketeer Influenced and Corrupt Organizations (RICO) violations

>> Transportation of stolen goods, securities, moneys

>> Receiving stolen goods

https://www.muckrock.com/news/archives/2017/may/16/FBI-promi...

>The Undying Octopus: FBI and the PROMIS affair Part 1 35 years later, file reveals dropped leads and confirmed allegations in “the scandal that wouldn’t die”.

>Inslaw’s attorneys, which included Elliot Richardson, who had previously resigned from the DOJ rather than comply with President Nixon’s orders to fire the Watergate Special Prosecutor Archibald Cox, repeatedly demanded a special prosecutor be appointed to investigate the matter, along with its numerous connections that implicated officials such as Ed Meese, who were in turn allegedly connected to affairs such as Iran-Contra and Reagan’s October Surprise.


The perils of "Cloud Computing" in the 80's:

https://en.wikipedia.org/wiki/Inslaw#Contract_disputes_and_I...

> There were also disputes over service fees. During the first year of the contract, the DOJ did not have the hardware to run Promis in any of the offices covered by the contract. As a stopgap measure, Inslaw provided Promis on a time-share basis through a Vax computer in Virginia, allowing the offices to access Promis on the Inslaw Vax through remote terminals, until the needed equipment was installed on-site. EOUSA claimed that Inslaw had overcharged for this service and withheld payments.


O=MiniTruth CN=Big Brother :D love it


Was it systematically leaking the same 24 bits (encrypted to the NSA public key), or a random contiguous selection of 24 bits?

in the second case having just a few documents would result in only the NSA being able to decrypt without even brute forcing...


Does anyone else find it ironic that cypherspace.org doesn't support https?


So the fact that most crypto export controls are gone now means NSA can crack everything now right?


The export controls weren't relaxed particularly willingly.

https://en.wikipedia.org/wiki/Bernstein_v._United_States



Well DOH!


> the NSA public key had an organizational name of "MiniTruth", and a common name of "Big Brother"

> the Ministry of Truth was the agency who's job was propaganda and suppression of truths that did not suit the malignant fictional future government in the book, and "Big Brother" was the evil shadowy leader of this government.

"Are we the baddies?", said nobody at the NSA.

Seriously, this is kind of blatant. I could see them using the phrase "Big Brother", because it has become a common saying and lost some of its edge. But not Ministry of Truth, that only has one meaning and it's terrifying. It literally means "ministry of lying to the people and denial of truth". There is no reading of the book, no matter how superficial, that the term "Ministry of Truth" is anything but overtly sarcastic.

What does this come from? Is it edgy young people (young back then), picking these names? Even if tongue-in-cheek, it has enormous consequences on the culture inside a rather insulated work environment of a job that really should be one of solemn responsibility.


> What does this come from?

Do some reading of the threads here + links to previous discussions. Ray Ozzie (one involved) has been commenting.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: