"Workfactor reduction"; the subversion of cryptographic systems
42. The same technique was re-used in 1995, when(US)NSA became concerned about cryptographic security systems being built into Internet and E-mail software by Microsoft, Netscape and Lotus. The companies agreed to adapt their software to reduce the level of security provided to users outside the United States. In the case of Lotus Notes, which includes a secure e-mail system, the built-in cryptographic system uses a 64 bit encryption key. This provides a medium level of security, which might at present only be broken by NSA in months or years.
43. Lotus built in an NSA "help information" trapdoor to its Notes system, as the Swedish government discovered to its embarrassment in 1997. By then, the system was in daily use for confidential mail by Swedish MPs, 15,000 tax agency staff and 400,000 to 500,000 citizens. Lotus Notes incorporates a "workfactor reduction field" (WRF) into all e-mails sent by non US users of the system. Like its predecessor the Crypto AG "help information field" this device reduces NSA's difficulty in reading European and other e-mail from an almost intractable problem to a few seconds work. The WRF broadcasts 24 of the 64 bits of the key used for each communication. The WRF is encoded, using a "public key" system which can only be read by NSA. Lotus, a subsidiary of IBM, admits this. The company told Svenska Dagbladet:
"The difference between the American Notes version and the export version lies in degrees of encryption. We deliver 64 bit keys to all customers, but 24 bits of those in the version that we deliver outside of the United States are deposited with the American government".(94)
44. Similar arrangements are built into all export versions of the web "browsers" manufactured by Microsoft and Netscape. Each uses a standard 128 bit key. In the export version, this key is not reduced in length. Instead, 88 bits of the key are broadcast with each message; 40 bits remain secret. It follows that almost every computer in Europe has, as a built-in standard feature, an NSA workfactor reduction system to enable NSA (alone) to break the user's code and read secure messages.
fr
http://duncan.gn.apc.org/stoa_cover.htmTitle:
DEVELOPMENT OF SURVEILLANCE TECHNOLOGY AND RISK OF ABUSE OF ECONOMIC INFORMATION (An appraisal of technologies for political control)
Part 4/4: The state of the art in Communications Intelligence (COMINT) of automated processing for intelligence purposes of intercepted broadband multi-language leased or common carrier systems, and its applicability to COMINT targeting and selection, including speech recognition
(Poster'ss note"also called ''Interception Capabilities 2000'')
Publisher:
European Parliament
Directorate General for Research
Directorate A
The STOA Programme
Author:
Duncan Campbell - IPTV Ltd - Edinburgh
Date:April 1999
PE Number:
PE 168.184 / Part 4/4
This document does not necessarily represent the views of the European Parliament(Poster's note:It is a report prepared by private company,not by EU)
http://www.iptvreports.mcmail.com/
This guy has a lot of intelligence info to tell u.2.
How credible is it?3.Also read
http://64.233.167.104/custom?q=cache:fQ_uznVORBcJ:www.fas.org/irp/program/process/rapport_echelon_en.pdf+intercepting+capacity+2000+report&hl=en&ie=UTF-8EUROPEAN PARLIAMENT REport dd 11.07.2001
On the existence of a global system for the interception of private and commercial communications (ECHELON interception system) (2001/2098(INI))
by Temporary Committee on the ECHELON Interception System
Rapporteur: Gerhard Schmid