Path: sparky!uunet!wupost!uwm.edu!linac!att!cbnewsk!cbnewsj!att-out!
pacbell.com!hoptoad!gnu
From: gnu@hoptoad.uucp (John Gilmore)
Newsgroups: sci.crypt
Subject: NSA FOIA suit over "classified" documents found in public libraries
Message-ID: <39279@hoptoad.uucp>
Date: 25 Nov 92 23:02:39 GMT
Organization: Cygnus Support, Palo Alto
Lines: 25

I have been suing the NSA under the Freedom of Information Act to get
copies of textbooks on cryptanalysis written by William Friedman in
the 1930's and by Lambros Callimahos in the 1950's.  After filing
the FOIA suit, we found that copies of two of the documents exist
in public libraries.  NSA claims they are still classified.  The SF Examiner
of today, Wed 25 November, covers the case in a front-page story.

More details will be forthcoming; we've been waiting til we had time to
scan in all the filings in the case, to present the complete record.
But I wanted people to know about the news coverage while the newspaper
is still available.

	John

PS:  There's a rumor today that NSA has decided to declassify some or all
of the documents.  I have no official word, but my lawyer who's handling
the case is on vacation for a few days.
-- 
John Gilmore                g...@toad.com  --  g...@cygnus.com  --  g...@eff.org
				RESTRICTED
    Notice. - This document contains information affecting the national
    defense of the United States within the meaning of the Espionage Act
    (U.S.C. 50: 31, 32).  The transmission of this document or the
    revelation of its contents in any manner to any unauthorized person
    is prohibited.

Newsgroups: sci.crypt
Path: sparky!uunet!spool.mu.edu!uwm.edu!linac!att!att!dptg!ulysses!ulysses!smb
From: s...@ulysses.att.com (Steven Bellovin)
Subject: Re: NSA FOIA suit over "classified" documents found in public libraries
Message-ID: <1992Nov27.062701.11355@ulysses.att.com>
Date: Fri, 27 Nov 1992 06:27:01 GMT
References:  <39279@hoptoad.uucp>
Organization: AT&T Bell Laboratories
Lines: 7

In article <39279@hoptoad.uucp>, gnu@hoptoad.uucp (John Gilmore) writes:
> PS:  There's a rumor today that NSA has decided to declassify some or all
> of the documents.  I have no official word, but my lawyer who's handling
> the case is on vacation for a few days.

According to the AP, NSA has announced that they'll declassify those two
documents.  No mention was made in the news story about any of the others.

Path: sparky!uunet!zaphod.mps.ohio-state.edu!rpi!uwm.edu!linac!att!att!
allegra!alice!reeds
From: re...@alice.att.com (Jim Reeds)
Newsgroups: sci.crypt
Subject: Re: NSA FOIA suit over "classified" documents found in public libraries
Summary: WHAT documents
Message-ID: <24304@alice.att.com>
Date: 27 Nov 92 15:35:42 GMT
Article-I.D.: alice.24304
References: <39279@hoptoad.uucp> <1992Nov27.062701.11355@ulysses.att.com>
Organization: AT&T Bell Laboratories, Murray Hill NJ
Lines: 18

In article <1992Nov27.0...@ulysses.att.com>, 
s...@ulysses.att.com (Steven Bellovin) writes:
> In article <39279@hoptoad.uucp>, gnu@hoptoad.uucp (John Gilmore) writes:
> > PS:  There's a rumor today that NSA has decided to declassify some or all
> > of the documents.  I have no official word, but my lawyer who's handling
> 
> According to the AP, NSA has announced that they'll declassify those two
> documents.  No mention was made in the news story about any of the others.


I read the AP story and Gilmore's post, and nowhere were the titles of
the documents mentioned.  From the AP story it sounded like Parts III
and IV of Friedman's Military Cryptanalysis.  The AP story also mentions
that they total about 1000 pages, which does not sound like Friedman
parts III & IV.  Anybody have any info on this?


If it is Friedman, I wonder how many people will actually read the whole
thing, and what they will gain from it.  

Xref: sparky sci.crypt:5351 alt.society.foia:20
Path: sparky!uunet!elroy.jpl.nasa.gov!decwrl!hoptoad!gnu
From: gnu@hoptoad.uucp (John Gilmore)
Newsgroups: sci.crypt,alt.society.foia
Subject: Re: NSA FOIA suit over "classified" documents found in public libraries
Message-ID: <39330@hoptoad.uucp>
Date: 29 Nov 92 09:06:39 GMT
References: <39279@hoptoad.uucp> <1992Nov27.062701.11355@ulysses.att.com> 
<24304@alice.att.com>
Organization: Cygnus Support, Palo Alto
Lines: 95

> I read the AP story and Gilmore's post, and nowhere were the titles of
> the documents mentioned.  From the AP story it sounded like Parts III
> and IV of Friedman's Military Cryptanalysis.  The AP story also mentions
> that they total about 1000 pages, which does not sound like Friedman
> parts III & IV.  Anybody have any info on this?

We will be putting the full set of legal filings online as soon as we
can.  The case number is "Civil Action C-92-3646 TEH" in the Ninth
District Federal Court (San Francisco).

The FOIA (Freedom of Information Act) case that the newspapers have
been reporting revolves around three documents authored or co-authored
by William F. Friedman.  Two have been declassified, probably because
we found copies of them in public libraries.  They are:

	Military Cryptanalysis, Volume 3
	Military Cryptanalysis, Volume 4

The third remains classified at this time, but NSA has said that they
will do a line-by-line classification review of it, because parts of it are
known (and admitted by NSA) to duplicate existing declassified material:

	Military Cryptanalytics, Volume 3
	Lambros D. Callimahos and William F. Friedman

We are looking for a copy of this document (or any other cryptography
document that was lawfully obtained and which the government will not
release to the public).  If you know of someone who might have a copy
of this document, please forward this message to them.  Don't tell me
or my lawyer (Lee Tien, ti...@toad.com) about it -- let the document
holder do that.  I suspect that there are copies in existence, but
probably most of them were not obtained lawfully.  If their existence
was made known to us, NSA might demand this information in court and
we might be compelled to provide it.  This would then allow the NSA
and Justice Department to contact the holders and demand that the
copies be returned, with a 10-year "espionage" sentence as club.  So,
please contact us if you have a copy that was *lawfully* obtained,
otherwise we'll muddle on through without putting you in jeopardy.

By lawful I mean that you got a copy without violating any law.  If
you secretly copied it when you worked for the Army, you don't
qualify.  If you saw it in a library and copied it, you qualify.  If
your Dad left it to you when he died, you qualify if *he* got it
lawfully.  If the Army explicitly let you keep a copy when you left,
without putting any constraints on what you did with it, you qualify.
But be prepared to prove it.

Even if we can't find public copies of this third document, we are
looking for expert witnesses in cryptography *and* national security.
Traditionally NSA provides its own "experts" who tell tales of woe
about how the sky will fall if the documents are released.  They were
well along in that process when they declassified the first two,
giving them a somewhat egg-faced demeanor.  If you have a SECRET
clearance and the right experience to convince a judge that you can
evaluate the damage to the US national security that would be caused
by releasing portions of this cryptography textbook, please get in
touch.

Two issues that arose in the FOIA case remain unresolved.  The first
is whether NSA has a pattern and practice of violating the Freedom of
Information Act by not responding to requesters within the time limits
specified in the law.  If I file my taxes one day late, I get penalized.
But if the law says NSA has 10 days to respond, and they take 10 months,
they shrug it off and say "so sue us".  I'm doing just that.

The second issue is whether the espionage laws, which make it a
Federal crime to distribute a classified document, are
unconstitutional on their face, because they limit citizens' freedom
of the press.  If the laws had been written to only apply to
government employees, or to people who obtained documents unlawfully,
they might have a leg to stand on.  But the Supreme Court has long
held that limitations on the right to publish must satisfy very tight
constraints -- and this law is very vague and all-encompassing.  It
certainly appeared to encompass me, who got the docs from a library,
and I did not redistribute them for fear of prosecution.  Creating
such fear has been held a violation of the First Amendment in several
cases.  My suspicion is that NSA declassified the documents *so that*
it would be harder for us to press this issue.  (Courts like to decide
the smallest set of issues they can get away with; if the espionage
law is now "moot" in our case, they may claim that the court should
ignore the potentially unconstitutional law because they backed off.
But that would leave them free to unconstitutionally threaten the next
victim.)  We'll see what the judge thinks.

	John Gilmore
	+1 415 903 1418  voicemail
	+1 510 525 0817  Lee Tien, my lawyer
-- 
John Gilmore                g...@toad.com  --  g...@cygnus.com  --  g...@eff.org
				RESTRICTED
    Notice. - This document contains information affecting the national
    defense of the United States within the meaning of the Espionage Act
    (U.S.C. 50: 31, 32).  The transmission of this document or the
    revelation of its contents in any manner to any unauthorized person
    is prohibited.

Path: sparky!uunet!elroy.jpl.nasa.gov!decwrl!hoptoad!gnu
From: gnu@hoptoad.uucp (John Gilmore)
Newsgroups: sci.crypt
Subject: Re: NSA FOIA suit over "classified" documents found in public libraries
Message-ID: <39331@hoptoad.uucp>
Date: 29 Nov 92 09:30:52 GMT
References: <39279@hoptoad.uucp> <1992Nov27.062701.11355@ulysses.att.com> 
<24304@alice.att.com>
Organization: Cygnus Support, Palo Alto
Lines: 52

re...@alice.att.com (Jim Reeds) wrote:
> If it is Friedman, I wonder how many people will actually read the whole
> thing, and what they will gain from it.  

I don't expect Friedman to be a coffee-table book.  I expect that it
will inform amateur and professional cryptographers.

I hope that anyone who designs a cryptosystem will read these
documents.  I hope that they will gain an understanding of how
cryptosystems are broken, so that they can design their cryptosystem to
be more resistant to breakage.  I hope that amateurs will play at
breaking ciphers which they encounter (the decryptors for popular PC
"security" programs are an example), and hope that this will let them
break increasingly sophisticated ciphers.

To develop good cryptography, one must understand good cryptanalysis.
NSA could not have made DES resistant to differential cryptanalysis
without understanding differential cryptanalysis in the first place.
(Contrast how quickly FEAL and SNEFRU fell to diffcryp, versus how long
it took to get a theoretical -- not even practical -- advantage over
DES.)

I believe that we, as a society, must wean ourselves from our
dependence on the military cryptography community.  While we should
certainly continue in our efforts to convince them that the best course
would be for them to help *everyone* protect privacy, we may fail at
that.  If they persist in the idea that it's OK for them to see
everyone's communications and it's not OK for citizens to have good
cryptography, and our government-of-the-people is unable to overrule
them (perhaps the way it was impossible to dislodge J. Edgar Hoover, who
knew too many Congressmen's secrets), then we will need to develop good
cryptography on our own.  (If good cryptography is outlawed in the
U.S., this development may have to happen in secret, or in foreign
countries -- like the development of PGP 2.0.)

Whit Diffie has stated that he is not sure whether any society -- even
an open democracy -- can survive the widespread use of good
cryptography.  I am not sure either, but the genie isn't going to
be put back in the bottle.  The anti-social forces can get it anytime
they want it, unless we give up or lose the right to do research,
to think about mathematics, to publish, or to write and run software.
So we had better make sure that pro-social forces all over society
can protect themselves with the same technology -- for privacy,
security, authentication, and accountability.
-- 
John Gilmore                g...@toad.com  --  g...@cygnus.com  --  g...@eff.org
				RESTRICTED
    Notice. - This document contains information affecting the national
    defense of the United States within the meaning of the Espionage Act
    (U.S.C. 50: 31, 32).  The transmission of this document or the
    revelation of its contents in any manner to any unauthorized person
    is prohibited.