January 2, 1997
TR45.3 is the number of the cellular telephone standards committee of the joint
Telecommunications Industry Association (TIA) and Electronic Industries Associat
ion (EIA).
A part of these general standards is encryption standards, one of which is terme
d CAVE, Caller Authentication and Voice Encryption. The CAVE algorithm has been
confidential to the industries, and was developed under the auspices of the NSA
(see Barlow and Gilmore below).
A document, TR45.3, Appendix A to IS-54, Rev. B, February, 1992, which describes
implementation of the CAVE algorithm, was sent anonymously to JYA and posted at
this site until removed at the request of TIA (see letter below).
To obtain the latest edition of the standards by TR45.3, contact the Telecommuni
cations Industry Association.
Posted by jya.com December 3, 1996:
Fax header: Dec 03 '96 03:57PM D'Ancona &Pflaum
D'Ancona & Pflaum
Suite 2900
30 North LaSalle Street
Chicago, Illinois.
Telephone (312) 580-2000.
Fax (312) 580-0923
By Certified Mail
Return Receipt Requested
and by Fax (212) 799-4003
Mr. John Young
251 West 89th Street Suite 6E
New York, New York 10024
Dear Mr. Young:
I am writing to you as general counsel of Telecommunications Industry Associ
ation ("TIA") which, as you may know, is engaged in the formulation and publicat
ion of standards in the communications field. At the request of our client, on N
ovember 26, 1996, I accessed your WEB site and both viewed and printed out a lis
t of links to documents dealing with encryption. Among them were documents descr
ibed as a CAVE Report, CAVE Table and a CAVE Algorithm dated November 20 and Nov
ember 21, 1996.
In this fashion I was also able to view and print out the algorithm document
of TIA's Committee TR45.3, with a clear statement that the information in the d
ocument may be subject to the export juristiction of the U. S. Department of Sta
te under the applicable regulations.
The posting on the WEB site of these documents is, in our opinion, a violati
on of the copyright of TIA and unlawful. Furthermore, the posting of the algorit
hm may constitute a violation of applicable export regulations. It seems in any
event that it will be a violation under regulations to be drafted pursuant to th
e President's Executive Order of November 15, 1996 which was also accessed by me
on your WEB site.
I returned to the site last Friday and yesterday, December 2 and noticed tha
t these documents are no longer there. I commend you removing them, but ask for
your assurances that they will not be posted again. In addition, it is important
that we know how you received this documentation which is strictly restricted i
n its circulation.
I would appreciate hearing from you at your very earliest convenience.
Sincerely,
Paul H. Vishny
Copy to: Susan Hoyler [TIA] by fax (703) 907-7727
Copy to: Eric Schimmel, c/o Wyndham Bristol Hotel - Dallas, by fax (214) 761
-7520
JYA comment:
Mr. Vishny and I spoke about his fax. I said that the CAVE-related documents wou
ld not be reposted on my Web site, and that TR45.3 had come by anonymous mail, a
s have others we've published. Mr. Vishny said TIA intended to take no action on
this matter but its members must abide NDA.
Don't know what the Feds will do with (TIA's) Susan Hoyler's notification to the
m about TR45.3 at this site. Along with several telcomm biggies, some Ft. Meade
servers siphoned TR45.3 and most other files on the site -- several times. Well,
well!
Added December 30, 1996
For provocative commentary on the CAVE algorithm and its sponsoring TR45.3 commi
ttee, see John Perry Barlow's 1992 article and John Gilmore's recent message:
To: jya@pipeline.com
Subject: TR45 and lawyers and governments, oh my!
Date: Mon, 09 Dec 1996 01:18:53 -0800
From: John Gilmore <gnu@toad.com>
I just noticed the thread on TR45.3 in cypherpunks.
If the government comes calling, tell them to stuff it. That document is not
subject to ITAR. Textual descriptions of encryption algorithms, including pseud
o-code and diagrams and all the rest, are not embargoed. At least, that's what t
he State Department tells Judge Patel. They included numerous copies of papers f
rom the literature to demonstrate how common and robust the open publication of
such information is in the US.
If they threaten you, tell them you'll blow the lid off the whole story of h
ow NSA lied to the standards committee about the export control laws, in order t
o get them to deploy an insecure algorithm without revealing to the public how i
nsecure it is.
I've talked with a number of people who were AT those committee meetings and
saw and heard it all.
You might also ask the head of the TIA how they can remain an accredited sta
ndards organization if they don't allow public participation in their standards
process, and if they make their so-called standards available to the public. The
y locked foreigners out of the authentication subcommittee (relying on the NSA l
ie) and now will not make copies of the standard available to the public.
And are now using their copyright to prevent people from finding out how ins
ecure their "encryption" really is.
John
For access to the TR45.3 1992 version (not the 1996 latest) of the CAVE algorith
m:
http://www.zedz.net/mirror/cave/index.html
Or, send E-mail to John Young <jya@pipeline.com> with the subject: CAVE.
If you prefer PGP-encrypted mail:
Fingerprint: 04 AE 89 77 4D 22 D3 76 41 FC E5 F3 55 92 B1 78
Public key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAy6rxQQAAAEEANW657bMcILCSaEYHV46DQWojtHDv6UQ2qGz+6wG5g5Q7KMz QkQjM+fYNScW4fD
UYH02wLG5x/E5hYwSaYal0k0b6G9m921QKqhVYj2+QzfiMqce N45t4GjSNBdwmNywZEyz5RKXbAWm78
DmAt9Ro3M8AGvG1XrsU4Sb9hQ07hCVAAUR tB1Kb2huIFlvdW5nIDxqeWFAcGlwZWxpbmUuY29tPg==
=F0Xj
-----END PGP PUBLIC KEY BLOCK-----