[ISN] I believe Microsoft has knowingly violated the export rules

From: mea culpa (jerichoat_private)
Date: Tue May 19 1998 - 14:41:32 PDT

  • Next message: mea culpa: "[ISN] W3C Drafts Web Privacy System & Companies who backdoor"

    Forwarded From: "Jay D. Dyson" <jdysonat_private>
    
    Courtesy of the Cryptography List.
    
    (This looks intense...and couldn't come at a worse time for M$.)
    
    (BTW: I'm not signing this note -- instead leaving Mr. Salz's PGP sig intact.)
    
    ---------- Forwarded message ----------
    Date: Tue, 19 May 1998 09:12:22 -0400 (EDT)
    From: Rich Salz <rsalzat_private>
    Subject: FYI:  I believe Microsoft has knowingly violated the export rules
    
    I am sending this to people and mailing lists that I think may be
    interested.  I hope you find it useful and interesting.
    
    -----BEGIN PGP SIGNED MESSAGE-----
    
    The following information is not covered by any confidentiality agreements.
    This documented is copyrighted; see details below.
    
    Summary
    =======
    This note explains and asks a number of pointed questions, including
    "MSRPC, part of NT and Windows95, is crypto-with-a-hole and therefore
    not exportable.  So how come those operating systems can be exported?"
    Answers should probably be provided by the US Government.
    
    Content
    =======
    The export of cryptography is controlled by a set of regulations
    defined by the Executive Branch of the US Government.  Regulations
    often have the force of law, but do not undergo the same public
    scrutiny that laws created by Congress do.  The regulations involved
    here are known as the Export Administration Regulations (EAR).  The EAR
    is currently facing some court challenges to its constitutionality.
    
    The regulations say that hardware or software that does cryptography is
    a munition, to be treated in the same manner (although not the same
    degree) as rocket launchers, fighter jet spare parts, and nuclear
    weapons.  Unlike these other items, cryptography is math, and any
    individual in the world can do math, and many can create new
    mathematical techniques.  In addition, many cryptographic processes, or
    algorithms, are published in the open literature for peer review.  (The
    public-key cryptographic method known as RSA, one of the strongest
    encryption techniques in the world, was described in "Scientific
    American.")
    
    The EAR says that the Department of Defense (DoD) determines whether or
    not a product is exportable.  DoD has delegated this authority to one
    of its subsidiary organizations, the National Security Agency (NSA).
    There is a special group within the NSA assigned to this task.  They
    decide on a case-by-case basis, and their determinations are not part
    of the public record.  The criteria by which they decide do not seem to
    be known to anyone outside of the Agency.  Part of the NSA's mission is
    to intercept and interpret messages that could affect our national
    security.  It is a widespread assumption within the technical community
    that they will deny general export to anything that they cannot easily
    decode.
    
    Microsoft likes to write their system software as "components" --
    pluggable pieces that can be replaced with better versions later on.
    Their method, and standard, for doing this is called COM, the Component
    Object Model.
    
    One such component is their Remote Procedure Call (RPC) system.  RPC is
    a technique that allows two different programs to communicate.  When
    two, or more, programs communicate over the network, RPC is the part of
    the program on each host that packages up the request, sends it over
    the network to the server, and then on the server side packs up the
    reply and ships it over the network back to the client.  A browser
    fetching a web page can be considered a simple form of RPC
    
    RPC is a backbone technology in the "client-server" programming model
    dominant in today's multi-billion-dollar Information Technology field.
    MSRPC is integral to the "distributed" part of COM.  It is probably
    most known to end-users under the terms ActiveX, ActiveXControls, and
    to the technically savvy as DCOM.
    
    MSRPC itself uses a Microsoft component known as the Security Support
    Provider Interface, or SSPI.  Third-party vendors are encouraged to
    write their own SSPI -- there is a section on "Writing a Security
    Provider" in Microsoft's on-line documentation.  Digital Equipment
    Corporation is one company that has done so.  MSRPC will use whatever
    SSPI's are available to protect data as it is passed between machines.
    Microsoft's SSPI is provided in the "secsspi.dll" and "ntlmssps.dll"
    files.
    
    MSRPC provides a number of levels to protect data:
        -	None -- useful for demos or single-user applications, for example
        -	Authenticated -- the client and/or server can know the identity
    	of the party at the "other end of the line"
        -	Tamper-proof -- nobody can intercept the data and edit it, such
    	as to add an extra $1000 to an electronic invoice
        -	Full privacy -- only the intended recipient can decrypt and
    	read the data.
    
    This last one -- full privacy -- is the item of interest.  The EAR
    allows cryptography to be exported when used for authentication (the
    second, and perhaps the third, case above), but not when it can be used
    to protect whatever data a user wishes to keep private.
    
    When a user wants full privacy, the MSRPC component requests the SSPI
    to encrypt the data.  In export versions, the SSPI returns an error
    code, and MSRPC returns the status back to the user's program
    indicating that this level of protection is not supported.  In the
    domestic US versions, the SSPI actually does encrypt the data.
    
    The problem is that the NSA ordinarily calls the technique used by
    Microsoft "crypto with a hole," and they routinely deny export approval
    for such products.  Their reasoning is that it would be fairly
    straightforward to "add in" the cryptography.  Their reasoning is
    accurate:  It is much easier to write a "plug in" -- a small bit of
    crypto code based on a published paper -- than it would be to write an
    entire RPC component.
    
    For this particular situation, the NSA's concerns are demonstrably
    well-placed.  All of the above has been independently discovered by one
    person who turned an export version of Windows into a full-strength
    cryptographic device in one night of "poking around" with a
    programmer's toolbox.  If only to avaoid the nuisance of putting this
    note itself under export control, I won't provide more information.
    
    All of the above brings to mind the following questions.  At least.
        -   Why is Microsoft allowed to do this when other companies
    	are not?
        -	Did Microsoft ask for approval before or after the fact?
        -	If before, how come the NSA gave them permission --
    	particularly when the user base is probably orders of
    	magnitude greater than any other system?
        -	If after, how come the world's largest software company didn't
    	know about this basic fact of life for security software?
        -	If after, when did they know, and what steps did they take to
    	make changes, or why not?
        -	Do NT5 and Windows98 work the same way?
        -	If so, should Microsoft be allowed to export them?
    
    There is another part of the story.  Microsoft has licensed much of its
    ActiveX technology (including MSRPC and SSPI) to SoftwareAG, a German
    software company that has modified it to run it to a number of
    non-Microsoft systems.  SoftwareAG calls their version EntireX.
    According to "Essential Com" [ISBN 0201634465], this work was done in
    Germany by German citizens.  According to their Web pages (at
    www.sagus.com), EntireX -- including the security facility -- is
    available on OS/390, an IBM mainframe operating system.  More
    questions:
        -	Did Microsoft give actual cryptographic source, not just the
    	harder-to-modify executables, to foreign nationals?
        -	Does this mean that Microsoft gave technology to a foreign
    	company that lets them sell full-privacy security software
    	overseas, where IBM itself cannot?  Software that competes
    	with products offered by IBM and others?
        -	Has Microsoft licensed this technology to anyone else?
    
    Author
    ======
    Rich Salz
    Georgetown, Massachusetts
    http://www.shore.net/~rsalz
    
    History
    =======
    This is Draft 2, dated May 18, 1998.
    
    Draft 1 (May 14, 1998) received limited circulation (including to the
    United States Bureau of Export Administration, the agency responsible
    for enforcing the EAR).
    
    Copyright
    =========
    Copyright 1998, Rich Salz.
    All Rights Reserved.
    
    Permission is given to redistribute any tamper-evident version of this
    document that has been signed with the following PGP key:
        bits/keyID    Date       User ID
        1024/462D47D1 1998/05/15 Rich Salz <rsalzat_private>
        Fingerprint =  7D 7C C1 57 EE 49 49 D1  6F F4 FA 27 E1 4F 86 E5
    
    All trademarks are property of their respective owners and are hereby
    respectfully acknowledged.
    
    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.2
    
    iQCVAwUBNWGCcJANqsNGLUfRAQE+GQP/bHy0JB9Te8H5vlJKjIGHEWEvnkEZVFuB
    ba/L6LTZ+/zQ/luCRSHP9vX6GQj8EDThiX+YO17URUTDBp/BoV0vmwVGjXJWSIgE
    bIjS7znFutbufm7BEVDbg/jysRhn32eisuOXOcvGOFtowA4eY6Tz7BYXZ1gbSpyC
    U/Efxez7qTk=
    =T+M2
    -----END PGP SIGNATURE-----
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:53:43 PDT