PGP and Privacy Bibliography The Official PGP User's Guide - Philip R Zimmermann (MIT Press : 1995) ISBN 0-262-74017-6 This slim volume is the hard copy of the documentation distributed with PGP. In addition it includes a foreword by John Perry Barlow. If like myself you like to curl up under the shade of a tree on a hot sunny day with a good book or on a dark winter's night before a good fire then this book is for you. If on the other hand you are happy to read the documentation on screen or to print off your own copy then you don't need the book. Those of a paranoid disposition may like the security of a tamper proof copy of Phil Zimmermann's public key fingerprint. To put the rest of you at ease I can confirm that the key published in the book (page 56-57) matches that in the distributed documentation, which in turn matches the included key, which in turn matches that obtained from a public key server. Here are the particulars UserID: Philip R. Zimmermann Key Size: 1024 bits; Creation date: 21 May 1993 KeyID: C7A966DD Key fingerprint: 9E 94 45 13 39 83 5F 70 7B E7 D8 ED C4 BE 5A A6 The book contains interesting anecdotes that explain why some of the switches were introduced. Wipe (-w) to avoid leaving incriminating evidence of a lovers' affair. The Computer Privacy Handbook: A Practical Guide to E-Mail Encryption, Data Protection, and PGP Privacy Software - Andr‚ Bacard (Peachpit Press : 1995) ISBN 1-56609-171-3 I spend a lot of time talking to people about the lack of privacy and the need for packages like PGP. The reaction I get is one of 'we have nothing to hide', encryption is seen as something for characters in a John le Carr‚ novel. And yet these same people put their letters in envelopes, expect letters from the bank or an employment agency to state 'Private and Confidential' and get most irate if other people read those letters. As my Grandmother used to say 'there's nowt as queer as folk'. It seems that these people expect privacy as a norm in their everyday life but when they use computers or mention is made of high-tech surveillance these norms are abandoned, possibly because what is happening is beyond their comprehension. If you are one of those people then I suggest you read Bacard's account of some of the invasions of your privacy that are taking place now. We are all used to seeing people in offices wear plastic dog tags around their neck. Often these have a magnetic strip or active electronics to enable privileged individuals to access areas denied to other people. Those same dog tags allow Big Brother to monitor where you are, how long in the company canteen, how many times you went to the toilet, whose office you visited and for how long. This book is in essence two books in one. The first (parts I and II) looks at privacy and the need for privacy and how that need can be met by encryption, the second (parts III and IV) looks at PGP and how to use PGP. The first part is an absolute must for the paranoid as it will confirm their worst fears, the rest of you may not be so smug after you have read a few of Bacard's examples. Bacard describes a school where the kids' attitudes are recorded, along with other personal data and data on their parents. Those who are seen to be deviating from the norm are selected out for reconditioning. This is not pre-Glasnost Russia or present day China, it's the present day United States. Extremely irritating is Bacard's attitude of 'Nanny knows best'. He will hint at something, then not discuss it any further as not a suitable subject matter to be discussed in front of the children. On the other hand when I consider that most of the Internet magazines seem to be written by and for immature adolescents whose highest intellectual achievement is engaging in mindless conversation on a chat line then maybe he's got a point. Bacard fails to take advantage of a tamper proof medium to publish his own key fingerprint or to personally validate the key of Phil Zimmermann and publish the result. Although he does publish the key fingerprint for ViaCrypt (the commercial supplier of PGP) he fails to say whether he is simply reproducing a printout from the supplied keys or whether he has personally verified the validity of the key, if so how. Those of a paranoid disposition will be pleased to note that what little is published of Phil's public key matches that published by MIT Press and O'Reilly & Assoc, it also matches that on my keyring. We have consistency here if nothing else. Minimal info on Phil's key pub 1024/C7A966DD 1993/05/21 Philip R. Zimmermann Bacard does show a small section of his own key fingerprint, and that minimal bit of information does match his key downloaded from a public key server. Minimal info on Bacard's fingerprint Key fingerprint = 93 E7 97 56 42 FA ... The published key fingerprint for ViaCrypt matches the key downloaded from a public key server and the minimal information published for David Barnhart (a ViaCrypt signatory) also matches. ViaCrypt public key fingerprint UserID: ViaCrypt Key Size: 1024 bits; Creation Date: 13 Oct 1993 KeyID: CB768501 Key fingerprint: EC A9 0D F1 87 F7 8A 75 91 3B 1C 6A 8B 9A 8B 2F A good overview of the privacy issues and a gentle introduction to the use of PGP. I especially liked the quotations. A good starter text for beginners. PGP: Pretty Good Privacy - Simson Garfinkel (O'Reilly & Associates : 1995) ISBN 1-56592-098-8 A bulky volume compared with Phil Zimmermann's slim volume so what gives, O'Reilly are not renowned for churning out spaghetti books? The first third is an overview of cryptography, a background history of the modern techniques and the politics surrounding those techniques. Garfinkel then looks in depth at the history and politics of PGP. PGP is not only hard crypto, it is very explosive politics. The remaining two thirds is a detailed guide to the use of PGP. At times Garfinkel has a tendency to over explain to the point of confusion. The ample use of illustrations helps to counter this tendency. The chapter order is strange. Most people are going to want to generate a key pair, then exchange encrypted mail. These two chapters are preceded by chapters on local encryption and key management. Even worse discussion of the need to sign your public key is postponed until one of the last chapters, all the more worrying when in the chapter on key management Garfinkel states '.. it doesn't matter if someone intercepts it [the public key] ...' when discussing the posting of the ascii armoured key. The advice on passing on a public key (give a copy of your public keyring) is bizarre. Garfinkel does then elaborate why it is not a wise move, but would anyone have thought of doing it if he'd not raised it in the first place? Screen shots of every PGP command are a little tedious and lead to unnecessary padding. Garfinkel publishes his own public key. I tried typing this in - extremely tedious, and it didn't work. The thought may have been there but it would have been far better to have published his key fingerprint to enable verification of his key obtained from an alternative source. His key fingerprint is published in the book, but you have to look very hard to find it, I only came across it by accident, and yes it matches the key obtained from a public key server. Simson Garfinkel public key fingerprint UserID: Simson L. Garfinkel Key Size: 1024 bits; Creation Date: 15 July 1994 KeyID: 903C9265 Key fingerprint: 68 06 7B 9A 8C E6 58 3D 6E D8 0E 90 01 C5 DE 01 The key fingerprints for the keys distributed with the MIT version of PGP are published. Unfortunately Garfinkel fails to say whether he has just reproduced this from the keys or whether he has individually verified each and every key, if so how? Nevertheless the published fingerprints match the keys distributed with my International version of PGP, therefore we have consistency if nothing else. The paranoid may care to note that the fingerprint for Phil Zimmerman matches that published in Phil's own book, which is the same as that on my keyring. For a book this size I would have expected an appendix detailing some of the internal nitty-gritty, what is the Key ID, what is the key fingerprint et cetera? The inclusion of a quick reference card for the PGP commands is a nice touch. Above reservations aside an excellent book and recommended to anyone who wants an in-depth look at PGP and some of the surrounding issues. Protect Your Privacy: A Guide for PGP Users - William Stallings (Prentice-Hall : 1995) ISBN 0-13-185596-4 The book is divided into three parts: Part I the basics underlying PGP, Part II practical information on the use of PGP, Part III more information on the algorithms on which PGP is based and some excellent advice on choosing passwords. Stalling delves into some depth as to how PGP works, explaining each stage of the process, and yet he somehow manages to do this with getting too technical. His little sketch diagrams that compliment his written descriptions are excellent. Stallings is the only writer who I have come across who recognises that a public key system does not resolve the key distribution problem, as he correctly states it simply replaces one problem with another. Stallings devotes a whole chapter to key management. The weak point of any public key system, usually made all the worse by the fact that it is usually overlooked. He emphasises the need to sign a key to prevent tampering, then allows his own personal key to sit on a public key server two years after the publication of the book without a single signature! Stallings recognises that the only secure exchange of public keys is in-person with someone you know, or at least someone whose ID you can verify. Remote exchange with someone you know provided that you can recognise their voice over the phone and compare key fingerprints is given as an equivalent alternative. Stallings then completely destroys his own credibility by suggesting obtaining the key from a public key server as an alternative. In Part II Stallings looks in some detail at the use of the DOS versions and MacPGP. Unlike Garfinkel (1995) he does not bore the reader by explaining the minutia of every command or add padding to the book with unnecessary screen shots. A DOS shell and two Windows front ends are also covered. Stallings does not give the key fingerprints for the developer's keys of these packages, nor does he mention that the use of Windows front ends can lead to a serious compromise in security. Unlike other authors of books on PGP, Stallings does take the opportunity of a tamper-proof medium to publish not only his own PGP key fingerprint, but also that of Phil Zimmermann. He also shows several other fingerprints, but is negligent is stating whether or not these were verified, if so how. In Zimmermann's forward to the book and in Stallings' acknowledgements, both Phil Zimmermann and William Stallings show their respective PGP fingerprints. It is probably a reasonable assumption to assume that these are correct. Phil Zimmermann 9E 94 45 13 39 83 5F 70 7B E7 D8 ED C4 BE 5A A6 Will Stallings B1 4E 2A BD 96 08 8B A4 67 83 D1 09 FE 52 56 6C These match the keys on my keyring, as do the other details shown elsewhere for Phil's key. The paranoid may care to note that the published fingerprint for Phil's key agrees with the other books that publish the key details. Stallings shows the fingerprints for both ViaCrypt and Jeff Schiller in a discussion on verifying PGP. For the MS-DOS version the ViaCrypt key is used and for the MacPGP Schiller's key. The advice given is crass. To verify the ViaCrypt key phone their tech-support and get a verbal confirmation of the fingerprint, failing that (and the same advice is given for Schiller's key) get the key from a public key server. Then, if this bit of dumb advice wasn't bad enough, assuming that the key verifies the package as OK, sign the key - in other words use the package to confirm that the key is OK! It begs the obvious question: 'why did Stallings not verify the keys for his readers, make use of a tamper-proof medium, and save his readers a whole lot of trouble?' The fingerprint shown are ViaCrypt EC A9 0D F1 87 F7 8A 75 91 3B 1C 6A 8B 9A 8B 2F Jeff Schiller BF 26 FA 39 50 04 5C BF 80 51 E3 52 4A 16 DF 96 These match the keys on my keyring, as do the other details shown for the keys. Note that the Schiller key is his 512-bit key, which he has used to sign his 1024-bit key. The above niggles to one side, an excellent book that should be on the shelf of anyone using PGP. Highly recommended. E-Mail Security with PGP and PEM: How to Keep Your Electronic Messages Private - Bruce Schneier (John Wiley : 1995) ISBN 0-471-05318-X The Electronic Privacy Papers - Bruce Schneier & David Banisar (Eds) (John Wiley : 1997) ISBN 0-471-12297-1 Bruce Schneier (security and encryption specialist) and David Banisar (privacy advocate) map out the battle that is taking place for your privacy. On the one hand the ordinary citizen, on the other hand government (who wish to control you). Schneier and Banisar draw their map by means of a large number of government and industry papers, upon which they comment. Primarily a reference collection of all the major papers and articles on encryption and privacy from an American perspective, including numerous recently declassified papers. The collection gives a useful insight of how we got to where we are today (late 1996). The authors make the valid point that in a world where all correspondence is by postcard then the occasional letter stands out and draws attention to itself, whereas in the world where letters are commonplace no notice is taken. By implication if we were all as normal practice to use encryption for our electronic communication then the use of encryption would no longer draw attention to itself. Neither author mentions either their e-mail address or their PGP key. A trifle odd, I thought. A glossary explaining the various initials and abbreviations is a much needed omission. Recommended reference. Applied Cryptography 2nd Ed - Bruce Schneier (John Wiley : 1996) ISBN 0-471-12845-7 I wished I'd had a copy of this book a few years ago when I was designing an encryption system. All I could find were a few books that illustrated trivial encryption schemes and Knuth's Algorithms which apart from being practically unreadable only showed some simple random number generators which didn't take full advantage of the underlying binary structure of a modern digital computer. This must be the reference for budding cryptologists, if not those already practising the trade. Inspite of its subject matter it is very readable. Especially appreciated was Schneier's brilliant sense of humour. Schneier starts with a look at protocols and introduces a a cast of characters to help with the explanations. Bob and Alice you will probably already have met. He then looks at all the different encryption schemes, then ends on some practical implementations (including PGP). Schneier includes every known encryption scheme, at least those that have managed to slip out into the public domain and what little is known of those that haven't, including a description of GOST - the Russian military encryption scheme. Each scheme is discussed in depth, not only how it work but also its strengths and weaknesses - whether in fact you should use it at all. Also looked at are on-way hashes, digital signatures, time stamping services and many other crypto related issues. A small amount of space is devoted to PGP. Considering that PGP is the de-facto Internet standard it is surprising that this space is considerably less than that devoted to PEM. It is unfortunate that Schneier does not take the opportunity to reproduce his key fingerprint in a tamper proof medium (assuming he uses PGP). Unusual for a technical book of this nature Schneier includes a detailed look at the politics of encryption. Although as anyone who has worked in encryption will know, politics is never very far removed. This book illustrates one of the many ironies surrounding encryption. The book publishes the source code for many encryption algorithms. Three disks accompany the book but these may only be obtained in the States and may not be exported and yet I can copy in the code from the book. It seems the export of a book containing the same source code is OK! Just in case you don't find the coverage detailed enough Schneier includes a list of over 1600 references. Mandatory reading for anyone with more than a passing interest in cryptography. Highly recommended. The Codebreakers: The Story of Secret Writing - David Kahn (McMillan/Prentice-Hall : 1967) The Puzzle Palace - James Bamford (Penquin Books : 1983) Virus: A Computer Malaise - Keith Parkins (Books on Disk : 1995) PGP is vulnerable to viruses. It is vulnerable in the way of all executable programmes - it can be corrupted, killed stone dead, or simply act as a carrier spreading infection. It is also vulnerable in a very PGP specific way - a virus may weaken the encryption or steal the pass phrase. The are many thousands of the former type of viruses, but as yet none of the latter. The time to think about viruses is before you get one. Unlike many books on the subject 'Virus: A Computer Malaise' is neither written by an anti-virus zealot, nor is it written by someone totally ignorant of the subject. The author has been active in the field since day one, nevertheless he is able to stand back and take a dispassionate view, looking at the subject from all sides. He also notes the gaping security holes in the various anti-virus methods. Something the many practitioners in the field fail to do with their exaggerated claims. Only through an understanding of how viruses work and the flaws in many of the supposedly secure methods of prevention is it possible to build an effective anti-virus strategy. Only after exploring the subject in depth does the author show how to build an effective anti-virus strategy. 'Virus: A Computer Malaise' is packed full of resource information, it also contains a glossary. Although a PGP practitioner and an expert on the use of PGP the author does not reveal his PGP public key, or record his PGP fingerprint, an oversight that will be corrected in the second edition (together with an appendix on PGP). To correct this oversight here is his public key fingerprint UserID: Keith Parkins <10 GU14 6QJ England> Key Size: 1024 bits; Creation Date: 22 April 1995 KeyID: B09CC89D Key fingerprint: 2A 66 6A 8F 91 42 48 C8 48 98 38 AD 2F D3 45 08 If you are already using PGP then you are already security aware. Virus awareness is part of that security awareness. There is no better way to become virus aware than to read this book. Highly recommended. The Internet with Windows - Glyn Moody (Butterworth-Heinemann:1996) ISBN 0 7506 2099 4 (ISBN 0 7506 9704 0 in USA) If you use PGP then there is a high probability that you use Internet, unfortunately the converse is rarely true. Unlike most writers on Internet Moody recognises that there is a security problem and shows a solution. Primarily a book on how to get the best out of Windows Internet software and where to find it than a detailed guide to the 'net itself. Don't be put off by the mention of Computer Weekly on the front cover or Windows in the title. Too many Windows books are how to press obvious buttons. Not this book. It is an in-depth look at Internet. Packed full of resource information to Internet itself, where to find the best Internet software and how to get the maximum performance out of that software. Extensive coverage is given to the use of PGP and the lack of Internet security. An appendix is devoted to Ross Barclay's PGP WinFront - a Windows front end. Unfortunately Moody fails to take advantage of a tamper proof medium to publish his own public key fingerprint. He shows the fingerprint for one of the keys distributed with the International version of PGP and although he does not verify any of the keys I can at least confirm that it agrees with the key on my keyring. Ignore his advice on key length and choose 1024 bits. Personally I don't like Windows front ends for PGP as it reduces security and in particular I don't like PGP WinFront as I find it a kludge to use - it's actually easier to use PGP in its native DOS mode. The one good point about PGP WinFront is the Windows Help and it's worth having just for that. Moody recommends Mathew's PGP page. This is now a bit long in the tooth. Instead go to my PGP page or the other two main PGP pages. http://www.i-way.co.uk/~reality/sunrise/pgp.shtml http://world.std.com/~franl/pgp/ {withdrawn} http://www.ifi.uio.no/pgp/ I didn't think I'd ever find a book that pushed Krol into second place but this could be it. Highly recommended. Neuromancer - William Gibson (Victor Gollancz : 1984) ISBN 0-575-03470-X Everything has to start somewhere. Gibson's debut novel kicked off the cyberpunk movement which in turn spawned cypherpunks, crypto rebels, hackers, virus writers and every other high-tech rebel and rabble rouser you can think of. Robert Morris Jnr (of Internet Worm infamy) had a well worn copy of Neuromancer sitting on his bookshelf. Gibson didn't invent cyberspace though he is widely credited with inventing the term and the sci-fi genre. Cyberspace existed long before the first computers were connected, it even existed long before the first computers came into existence. Cyberspace was created when Alexander Graham Bell invented the telephone and the first telephone system came into operation. A telephone conversation exists in cyberspace. In one of those strange quirks of history that keep reoccurring Gibson published Neuromancer at the same time as Fred Cohen published his pioneering paper on computer viruses. Cohen's paper was either ignored or dismissed except for one small but growing band - the cyberpunks - who immediately recognised its significance. And the book ... There's nothing new in heaven and hell. Some years ago a friend insisted on dragging me around to watch a video 'Blade Runner', based if I remember rightly on 'Do Androids Dream Electric Sheep', which racking my brains even further may have been written by Philip K Dick. I've searched high and low for that book, but never found it. Neuromancer reminds me of Blade Runner, not the plot but the seedy street life, everyone hustling, today's underclass a couple of generations further downhill. A picture of a grim future that makes Bruce Sterling's outlook on the future seem positively rosy. I can design and write software at at least ten times the going rate, but even I don't work at the rate of the kids churning out Netscape and other 'net software. Kids kept going on adrenalin and caffeine, kids burning themselves out within a couple of years. Case is one such case. He probably would have burnt himself out within a couple of years anyway but his employers decide to do it for him when they discover he's been applying his skills to stealing their data. He's left to hustle on the streets, a limited lifetime as he sinks ever lower, until that is he is rescued by the mysterious Armitage who arranges neurosurgery to restore him to his former glory. Why, because Armitage has a use for his cyber skills. Gibson somehow manages to describe the indescribable. Cyberspace takes on a physical dimension and appearance, rather in the same way that we provide analogies and models for electrons and light to enable us to somehow grasp that which can not be grasped - models which should never be confused with actual reality. A very grim book. Not the depressing soul destroying despair of Dostoevsky, a harsher, colder despair that could only exist in a world of high technology. Neuromancer rapidly acquired the status of a cult novel. Cult novels are often the result of a fad, once the fad fades no one of taste would admit to having read such dross. Neuromancer is one of those rare books that truly deserves the accolade classic. The Hacker Crackdown: Law and Disorder on the Electronic Frontier - Bruce Sterling (Viking : 1993) ISBN 0-67084900-6 In 1990 a huge crackdown took place on hackers in the States. Sterling details the background and events that led up to that crackdown and the implication that it had for civil liberties. I have always argued that information is the most valuable commodity, how can I otherwise justify an extortionate fee for my valuable services? If information is to be valued there are huge implications. The search for truth, its refinement, and the passing of knowledge to others has always been an honourable profession, inspite of many recent attempts to debase any form of intellectual activity. If information itself becomes more valuable than gold what of these academic pursuits? Already universities and other centres of academic excellence have become contaminated by their concentration upon 'bums on seats' instead of academic excellence and the pursuit of knowledge. The attempt to patent naturally occurring genes is an example of this contamination of academia. If all knowledge has a price then what of hackers? No longer can they be allowed to engage in their pursuit of knowledge, especially when that knowledge belongs to the technical elite who control the dissemination of information itself. If all information now has a price then liberation of that information must be theft. I found the scenario described by Sterling frightening. Twenty armed secret service agents and their assorted hangers-on burst in on a hacker in a dawn raid. The seizure of anything that can be used for the dissemination of information. Show trials of those who dare to cock a snoot at authority. This is a descent into the tyrannical Brezhnev era at a time when Russia is post-glasnost. Were this to be one of Sterling's novels it would be dismissed as far fetched, yet this is reality, Big Brother in the US at the end of the Cold War. When there is no enemy without turn on the enemy within. Two mistakes were made by the hackers. In an attempt to help the police and lead a quiet life they told everything they knew and in effect put a noose around their own necks. They would have fared better if they'd kept quiet. The 'evidence' was sitting on their disks for anyone to see. Had their own files been encrypted, discovery would have been a lot more difficult if not impossible. These weren't malicious hackers intent on destroying the system, these were just a bunch of kids exploring the world around them. A world that just happens to exist in cyberspace. In a world with no rules, no frontiers, rough justice gets handed out. There is a ray of hope. Technological mavericks, with philosophies of the 1960s, won't tolerate gung-ho Wyatt Earps shooting up their territory. These mavericks are people of influence, people with power, people with money, people who know their way around cyberspace better than the back of their hand. A chilling account of a war that is taking place in cyberspace. Highly recommended. Heavy Weather - Bruce Sterling (Millennium : 1994) ISBN 1-85798-193-6 My first contact with Bruce Sterling was 'The Hacker Crackdown' - a detailed account of a Secret Service and Police crackdown on hackers that took place in the States during 1990, the events that led up to that crackdown, and the civil liberties aftermath. I became interested in his other writings and 'Heavy Weather' was the first book that I was able to lay my hands on. Sterling paints a grim future. Internet and TV appear to have merged to provide an endless diet of what appears to be a cross between the Sun and Hello magazine, criminals are released from Texan gaols to be placed on electronic parole, bacteria with the help of broad-spectrum antibiotics have bootstrapped themselves up the lethality scale, the weather is shot to pieces. My original impression was that Sterling was no Orwell or Huxley, take away the high-tech and there is nothing left. I'm glad I kept on reading as Sterling may well be no Orwell or Huxley but his writing is on a par. I often read Agatha Christie, not because I think her a particularly good writer because I don't, rather because I'm intrigued how she manages to recycle the same half dozen characters through most of her novels. I also like her occasional insights and her painting of a certain class of pre-war society. Also the places where her books are set. In one I could see the scene through both her eyes and mine as I'd walked along the same road. I mention that aside as Sterling gives me the same insight to Texas, I can see it through his eyes. Echoes of other writers kept floating through my mind - the waste lands of John Wyndham, the open countryside of Robert Pirsig, the bleak future of George Orwell, the dust bowl of John Steinbeck. Echoes of 'The Hacker Crackdown' also kept floating through my mind. Sterling follows a band of high-tech hippies who observe storms and keep watch for tornadoes - the bigger the better. I have been out in a tropical storm when the roads turned to rivers, palm trees bent double and table and chairs flew through the air. I have also been in the Welsh Mountains when a thunderstorm struck. I could therefore appreciate the vividness of Sterling's description of a storm - the power, the beauty, the sheer poetry - was transported there, the adrenalin was surging. Towards the end there is a particular grim episode. I was outside on a hot day, clear blue sky. I felt myself shaking, not physically but internally. A cool breeze blew up and it was as though I'd been through the storm and it had just blown over and I was enjoying the peace and tranquillity that follows. Early that evening I went for a walk in a large open field that gives panoramic views of the sky. I could not keep my eyes off the sky, ever alert for an unusual pattern. I don't think I'll ever look at the sky quite the same way again. I had a strange sense of deja vu reading this book. The future described by Sterling closely parallels my own thoughts. I don't know if the future outlined by Sterling will happen, or whether we are too far down the road to stop it. My own feeling is it will happen. Politicians are too stupid, too corrupt to prevent or avert the catastrophe staring us all in the face. The irony as I write - world leaders are meeting in Geneva to ponder on why they have failed to meet the limit on greenhouse gas emissions as agreed at the Earth Summit a few years earlier in Rio. I have an uncanny knack for picking cult books, my bookshelves are lined with them. This is one of them. Highly recommended. Tom Clancy's Op-Centre: Mirror Image - Tom Clancy & Steve Pieczenik (HarperCollins : 1995) ISBN 0-00-225327-5 This is the follow on to the original Op-Centre where a group of cardboard characters romped around Korea. The time is immediately after the succession of Yeltsin. Hardliners decide by force to seize back the remnants of the old Soviet Empire. The scenarios are all too plausible and I found the plot gripping as it unfurled. It was like reading an accounts of events as they happened. The characters have put on a bit more body since Op-Centre, but characterisations are not this book's strong point. Its strengths are the all too real scenarios, and the high-tech monitoring and communication equipment. There are occasional clangers, satellites monitoring conversations on Earth - in space no one can hear you scream! There are good points too. The authors graphically illustrate how easy it is to extract information from heavily coded transmissions. Also their use of code, where a seemingly innocuous message means something entirely different. 'Meet Uncle Vanya in the cherry orchard at six'. The good guys always win through is a little naive, but then in this evil world of ours maybe its good that someone has a little optimism. From the Secret Files of J Edgar Hoover - Athan Theoharis (Ed) (Elephant Paperbacks : 1993) ISBN 1-56663-017-7 Americans have an advantage over the British - they have a Freedom of Information Act. Through their FoI Act they can request, nay demand, access to government held files. Us British have to rely upon what the government decides we can see, apart that is from the constant leaks. J Edgar Hoover was for almost 50 years the director of the FBI. He was appointed director of a corrupt and incompetent police force, he cleaned it up and turned it into the world's most effective and efficient police forces. Like a Tsar he also used it to further his own ends. Any effective police force needs an effective records and file management system. Hoover devised such a system. He also maintained several 'unofficial' filing systems. These files were the basis of Hoover's power. Theoharis gained access to these files through the US FoI Act, or at least those files that had not been destroyed. He uses the files to gain insight into the power behind the throne. Apart from an occasional commentary and editing by Theoharis the files are reproduced verbatim. The Laundrymen: Inside the World's Third Largest Business - Jeffrey Robinson (Pocket Books : 1995) ISBN 0-67185307-4 Money like drugs, pollution and information flows with ease across frontiers. Money is funny stuff. Some people want to hide that they have it, others want take make it very visible. Take the typical small business. Considerable effort is often put into hiding its true state, whether its from the tax man, greedy spouses or fellow partners. With a cash intensive business such as a fast food outlet this is relatively easy. Cream off 10% of the income and no-one will notice. The money launderer operates in the exact opposite manner. He wants to inject cash into the the system, to legitimise it and to hide its true origins. He will be bringing cash in through the back door of his fast food outlet. This goes through the books and is taxed. Nothing legitimises money better than a tax receipt. Sometimes the two meet. Punters with an unexpected win on the lottery or at the race track may wish to hide their winnings. The money launderer will be only too happy to buy the winning ticket. Everyone is happy, the punter gets to hide his windfall (and gets paid for it), the money launderer (for very little outlay) now has an explanation for his inexplicable windfall. In the UK, banks have to report any suspicious deposit. A withdrawal by a man wearing a ski mask and wielding a sawn-off shotgun is clearly suspicious, a deposit of a sack full of used fivers is merely eccentric. Business is business, a bank is not going to query the strange behaviour of its best customers or turn away that custom. Whilst money derived from drugs or terrorism or used to finance those acts may be seized by the courts, in the UK money laundering is not in itself a criminal act. Small wonder that the City of London is the money laundering capital of the world. Swiss banking secrecy is known the world over. That's why dictators are some of its best customers. Less well known is that unclaimed money deposited in these accounts remains the property of the bank. Many wealthy European Jews anticipating what was about to happen deposited vast sums of money in Swiss accounts, illegally seized Nazi gold trod the same path. Few lived to see their money again. More than fifty years on, the sole remaining survivors have been unable to recover their money. The sum total of this unclaimed Jewish money is estimated by some to be so large that it is underpinning the entire Swiss economy. BCCI prior to its collapse was able to operate with impunity. This could be because governments around the world were using it to launder funds. Many of the selfsame governments responsible for its regulation were also using its laundry facilities. If all else fails buy your own bank. Legitimate banks can be bought in the Caribbean for as little as $10,000. The scale of money laundering is huge. Robinson estimates that it is the world's third biggest industry, after foreign exchange and oil. In one bank, the deposits by two individuals (on behalf of the coke industry) were soon exceeding more than a million dollars each deposit. At one point they were making 2-3 such deposits a week. All these deposits were cash. Asian business men in England are regularly shipping huge sums back and forth between themselves and their relatives in India - money creamed off corner shops and restaurants, drug deals, gun running, terrorism. In one raid the police found more than a million pounds sitting in a suspect's house. This 'banker' was shipping more than ś8 million a week. He was only one of many 'bankers' for the Asian community. Money makes the world go round, Robinson takes us on a tour inside the system and shows the money that greases the wheels. Highly recommended. Midnight Express - Billy Hayes with William Hoffer (1977) Many people may have seen the movie, few have read the book. People often question the need for safeguards, why we need to worry about encryption and monitoring by the state. They have the freedom to question because they live within some kind of democracy. I include this book as it illustrates what life is like in a repressive regime. Billy Hayes had dropped out of college and was doing the hippy thing in Turkey. He foolishly decided to smuggle some hashish out of Turkey. He got through customs and all the security checks, then his luck ran out when the Turks decided to do a spot check of the passengers on the plane. He describes the brutality of life within the Turkish prison system. At times it is difficult not to throw up, so graphic and vivid are his descriptions. There are those fools who say life is not like this, usually people who have not been near a Turkish gaol and who are trying to promote the Turkish tourist industry (oh how the Judas gold doth speak). These fools should try talking to the people of Kurdistan or those enclaved Greek Cypriots who remain in occupied Cyprus under Turkish occupation. Today, almost twenty years after Billy Hayes first experienced the inside of a Turkish gaol it is still routine for suspects held in police custody to be beaten and tortured to soften them up before any interrogation. Highly recommended. Whitfield Diffie and Martin Hellman, 'New Directions in Cryptography', IEEE Transactions on Information Theory IT-22, 1976 This is the paper that introduced the concept of public key encryption and spurred Ron Rivest and colleagues into the development of a practical system based on Donald Knuth's observation of the difficulty of factoring large numbers. A Method for Obtaining Digital Signatures and Public Key Cryptosystems - Ron Rivest, Adi Shamir & Leonard Adleman, Communications of the ACM, Vol 21, No 2, February 1978 This paper introduces and describes the RSA cryptosystem. A strange irony, the paper may be openly published and easily obtained but should anyone attempt to implement the algorithm they receive undue attention from the US Government. Implementing RSA is relatively easy, the hard part is good multiprecision arithmetic and key management. Prior to publication the authors were leant on not to publish. Attempts to prevent publication were pre-empted by rapid circulation of photocopies of the report. A further irony, Adi Shamir now works on cryptography in Israel. Protecting Public Keys and Signature Keys - Dorothy Denning, IEEE Computer, February 1983 This is the classic paper on key protection. An implied assumption is that the public key server is trustworthy. This may be true in specific circumstances but it can not be assumed to be true in all cases. It is not valid for PGP public key servers on the Internet, that is never assume the key you have downloaded is genuine. Whitfield Diffie, 'The First Ten Years of Public-Key Cryptography', Proceedings of the IEEE 76, 1988 NOTE! In a personal, digitally signed, communication, Phil Zimmermann has confirmed that the details of his key fingerprint published in Zimmermann (1995), Garfinkel (1995) and Stallings (1995) are correct. (c) Keith Parkins 1996-1997 November 1997 pub 1024/B09CC89D 1996/04/22 Keith Parkins <10 GU14 6QJ England> Key fingerprint 2A 66 6A 8F 91 42 48 C8 48 98 38 AD 2F D3 45 08