Minutes - January 18, 1995

South Coast Telecommunications Alliance (SCTA)
Held at General Research Corporation, Santa Barbara CA
January 18, 1995 - Minutes of Meeting
______________________________________________________ 

Hosted by Michael Masterson, 52 people in attendance 

Announcements:

The Community Training Bank, a non-profit organization, will be hosting 
and event on February 24th for people who want to know more about the 
Internet. Contact: Marty Rickler for more information, 682-0152 

SCTA considering participation the UCSB Technology event which will 
educate the community on what the University has to offer. University 
requires payment of $300 from SCTA for table at event and $175 per 
attendee. 

************************************************************** 
DISCUSSION: Encryption and Privacy Rights 

Michael Masterson, Michael Masterson Computer Services 

What is encryption?

A way to communicate through email so only the intended receiver can read 
the message. The message is scrambled with software. True encryption is 
not a password feature which is part of applications such a MS Word or Excel.

Why would someone need encryption?

Electronic communication is extremely weak. When an email message and 
files are sent, they stop at many places and are accessible to anyone. 
When mail is delivered by the UNIX system it is in a space where anyone 
can access it. People routinely monitor network performance by capturing 
traffic, as all networks are constantly being watched. Phone lines can be 
very easily tapped by hackers.

Why would someone prefer to use PGP software instead of a 
Government-imposed encryption software?

Pretty Good Privacy (PGP.), is publically available software for 
encryption. It was authored by Phil Zimmerman, who is currently under 
investigation by the Government. The program falls into the category of 
military encryption techniques. It can be used on DOS, UNIX, Macintosh 
and many other systems. The author has told everyone how the software 
works and has made the source code available. 

How does encryption work?

PGP is public key encryption. The basic concept behind it is 

Single key/Public key encryption

Single key: The software generates a key with numbers, and applies a 
mathematical formula where the result would be an unreadable string of 
characters. The key, which is a large number, is used by the recipient 
with the reverse math formula to decode the message. 

To use the basic key system, you need a secure channel to send the key. 

Public key has a public key and a private (secret) key. The first key 
scrambles the message with the recipients public key and the second key 
unscrambles the message with the secret key. 

How does a signature work?

The software creates a cksum file where it computes a condensed 
representation of the message. Its nonsense characters and the software 
is encoded with the sender's secret key.

How is the Key created?

The Software makes a unique key set. Unless the computer is in a secure 
place, the key should be kept on a disk, off the computer. 

Keys can be registered at a service at a database. You created a key and 
mail it to them. A user who requires your key sends mail to the service 
for the key.

RSA is the company which holds a patent on part of the PGP algorithm. MIT 
has special version which RSA has allowed, and there is also a commercial 
version available.

***************************************************** DEMONSTRATION ... 
live presentation using PGP software ... 

PGP used to encrypt, open, sign, or decrypt message. 

File has signature and requires public key for encryption To send a 
message: compose in plain text program, sign file to authenticate with 
pass phrase. Protect secret key even if someone else tries to use the 
software installed on the computer. Paste encrypted message into any mail 
program and send. Public key could be posted on "plan" or "signature" file.
****************************************************** 

Sources for more information on Encryption: 

Electronic Frontier Foundation
Newsgroups: alt.security.pgp

What happened to Phil Zimmerman?

Government has been investigating him for the exportation of munitions. 
He has been charged with violating the International Traffic in Arms 
which prohibits the export of munitions without a license. Although it 
appears that his only crime was writing the code and making it available 
to everyone, the Government does not approve of him giving ordinary 
citizens the right to encrypt their messages. PGP harder to break than 
anything that has ever been available. Viola Koch, of VK International, 
stated that, "to encrypt a message and send from the US to another 
country is currently against US law."

The open dissemination of information is the real democracy. The outcome 
of this investigation will have a chilling effect on what can and cannot 
be done on the Internet in the US.

The next SCTA meeting is scheduled for February 15th. 

______________________________________________________
/\
Kristine Witzel	/??\	kristine@silcom.com
Internet Trainers & Consultants \??/	805.566-1876
_____________________________________\/_______________