12 February 1998: Add call from Graff
29 January 1998: Add message on Graff calls
28 January 1998: Add message on Jon Graff's version
28 January 1998: Add responses
28 January 1998: Add messages on Cylink employees
27 January 1998: Link to news,
"Online Stock Talk
Fuels Lawsuit"
27 January 1998: Link to
informative
online Cylink investor thread
27 January 1998: Add Steve Schear messages
26 January 1998: Add other Cylink messages from William
Payne
26 January 1998
Date: Mon, 26 Jan 1998 07:35:54 -0800
From: bill payne <billp@nmol.com>
To: kalliste@aci.net, jy@jya.com
CC: George.Breznay@hq.doe.gov, Ann.Augustyn@hq.doe.gov,
Federico.F.Pena@hq.doe.gov
Subject: Jon Graff
Monday 1/26/98 7:19 AM
John Young
J Orlin Grabbe
I spoke with Jon Graff on Sunday night.
Graff is concerned that someone might get sued by
Cylink for release on Internet of the information linking Cylink
to organized crime through Ademco.
When I bought about six CY 1024 crytpo chips for over
$1,000 each for Sandia, I though there was something
fishy.
Graff later supplied me the information about Lew Morris
and the ties of Cylink to Ademco and organized crime.[See note]
Graff told me last night that most of Morris’ cronies had
been removed from Cylink.
Cylink, Graff told me, has gone public.
Graff is concerned that information I relayed on the net
might hurt Cylink stock.
I commented to Graff that it might be a good idea to get
this matter settled. Bet the word speads
Later
bill
Date: Wed, 14 Jan 1998 07:33:55 -0700
From: bill payne <billp@nmol.com>
To: jy@jya.com, j orlin grabbe <kalliste@aci.net>
CC: miles.smid@nist.gov, edward.roback@nist.gov
Subject: Miles Smid, Jon Graff and Cylink
Wednesday 1/14/98 7:03 AM
John Young
J Orlin Grabbe
Jon Graff WORKED for Cylink.
Graff is a buddy of Miles Smid and Elaine Barker of NIST.
Graff is responsible for sending me a copy of my paper on RSA
cryptography which is posted at jya.com. The paper I DID NOT
SEND to Fushimi at U Tokyo.
Graff got fired from Cylink with urging from NSA.
Graff told me about the Cylink - mob link.
Cylink is owned by Ademco, who also owns Pitway - First Alert,
the smoke detector people.
John Foster, the director of research at Ademco in New York, visited,
along with two of his subordinates, me at Sandia.
Foster gave me several motion detectors Ademco manufactured.
Lew Morris at Cylink, I was told by Graff, was the New York mob
representative which watched over Cylink.
I had breakfast with Jim Omura, President of Cylink [who also
got a copy of my SAND report now seen at jya.com], and Morris
in Sunnyvale.
I was impressed how careful Omura was about what Omura said
during our breakfast conversation.
Morris had a stroke and is no longer at Cylink, Graff told me.
I read yesterday that Cylink got approval from the government
to export crypto gear.
I wonder if it is spiked?
Let’s all hope for settlement of the unfortunate matter before it gets
WORSE.
bil
Date: Monday, 26 January 1998
To: Gene Carozza <carozza@cylink.com>
From: John Young <jya@pipeline.com>
Subject: Cylink and organized Crime?
cc: billp@nmol.com,kalliste@aci.net,
George.Breznay@hq.doe.gov,Ann.Augustyn@hq.doe.gov,
Federico.F.Pena@hq.doe.gov,cypherpunks@toad.com
Mr. Gene Carozza
Security Public Relations
Cylink Corporation
Dear Mr. Carozza,
We have received two recent e-mail messages concerning
Cylink's alleged links to organized crime. The messages
may be seen on the Web at:
http://jya.com/cylinked.htm
This is a serious charge. Could you provide information to
answer it?
Sincerely,
John Young
Date: Mon, 26 Jan 1998 09:52:06 -0800
To: John Young <jya@pipeline.com>
From: Gene Carozza <carozza@cylink.com>
Subject: Re: Cylink and Organized Crime?
Cc: billp@nmol.com, kalliste@aci.net, George.Breznay@hq.doe.gov,
Ann.Augustyn@hq.doe.gov, Federico.F.Pena@hq.doe.gov,
cypherpunks@toad.com
Dear John,
Thanks for your inquiry. These "serious charges" are completely inaccurate.
Regards,
Gene C.
Added 26 January 1998 after receipt of Mr. Carozza's message.
Other Cylink messages from William Payne:
Tuesday May 13, 1997 06:45
John Young,
On Sunday I got a call from a fellow in California. The guy worked for Cylink.
Cylink builds crypto units - and has also been in litigation with RSA.
Jim Omura, president of Cylink, also received a copy of my whistleblowing SAND report.
Omura kindly sent back to me copies of the DRAFT I sent to Fusimi and the RSA paper
I wrote, but didn't sent to Japan.
The fellow told me that Cylink's 'financial' head, Lew Morris, had a stroke and is no longer
involved with Cylink.
There is some stuff I would like to tell some reporters about Cylink, its ties to Pittway, parent
company Ademco [in NY] and organized crime.
The smoke and CO detector, I understand, business is largely penetrated by the mob. And,
naturally, the crypto business is also appealing to organized crime.
Later,
bill
Wednesday May 14, 1997 12:17
John,
I sent by snail mail a copy of RSA Encryption.
RSA Encryption is the 'senstive' paper Sandia accused me of
sending to Japan. I DID NOT.
RSA Encryption was written in about 1986 at the request
of my Sandia supervisor, John Holovka [a phd chemist] and my
project leader Jim Durham [a ee ms] to explain public key to
them.
Sandia cryptographer, Gus Simmons, was trying to sell
management on the idea of using public key for treaty
verification.
This paper had an intent to discourage Simmons' idea.
NSA employees Mark Unkenholtz and Ed Georgio were also against
public key.
Sandia had a horrible experience with public key.
Simmons, Ernie Brickell, and Mike Norris [now dead] pushed
Sandia to build hardware public key chips. Two of them.
I enclose a copy of an article written by Whitfield Diffie
about the Sandia slow speed chip.
The Sandia high speed chip has a very nice byte parallel interface.
The Cylink cy1024 has a terrible synchronous serial interface.
The horror story is that Sandia's Center for Radiation
Microelectronics had vast problems building any kind of chips.
Sandia's chips were placed in the nuclear arsenal. They had a
100% failure rate over several years.
It cost $300,000 each to bring the nukes back to Pantex to repair
Sandia's failing chips, weapons component supervisor Jerry Allen
told me.
Sandia/NSA, I learned from Ron Kulju, who was doing bomb work
using the cy1024, [we cooperated - Kulju designed the cy 1024
oscillator, I did the test software], was busy removing ALL public
key from the weapons systems.
The cy1024, which I used for a Bureau of Printing and Engraving
and tagging project, cost more than $1,000 each! Only the government
had the bucks to buy the chips.
Ademco, Pittway, Cylink, I have been told, are tied to organized crime.
Later,
bill
John,
I just read,
28 May 1997, Business Wire:
Cylink Corporation elects former Secretary of Defense
William J. Perry to board of directors
Sunnyvale, Calif. -- Cylink Corporation, a leading provider
of comprehensive information security solutions for the
enterprise and Internet markets, today announced that it has
elected William J. Perry, Ph.D. to its Board of Directors.
Dr. Jon Graff who worked for Cylink and who I sent the envelope
containg the ieee reviews of RSA Encryption told me about the
Cylink organized crime link.
The Cy1024 cost over $1,000 each to just compute a+b, a*b, and a^b
mod m. Sounded suspicious to me.
But I did buy about 6-8 Cy1024 chips to use in a bureau of printing and engraving and electronic
tagging projects when I was at Sandia.
best regards,
bill
[June, 1997]
Andrew Veturbi is one of the principles in QUALCOMM.
Verturbi was educated at MIT.
Here is the connection of Veturbi and the stuff you posted.
Jim Omura, president of Cylink [Ademco - and the MOB!]
and Veturbi co-authored a book on coding.
Omura is a prolific book writer.
Omura sent me the RSA encryption paper and RSA is Easy to
Break since Sandia confiscated my copies.
Omura also received a copy of the SAND report you posted.
Scott Shane of the Baltimore Sun asked me for a name of
someone I though might talk about NSA spiking crypto units
in the USA.
I gave Shane only one name and phone number. Jim Omura.
Later,
bill
Monday August 18, 1997 07:02
3umoelle@informatik.uni-hamburg and John Young,
Dr. Jon Graff [408-262-9577] is a chemist by education.
Graff worked for Cylink on cryptographic protocols.
Jim Omura, president of Cylink, gave Graff a copy of the RSA
Encryption paper posted at jya.com.
I sent Graff the unopened envelope containing ieee reviews Ted
Lewis sent me.
Graff also told me about Cylink's link to US organized crime.
I must admit that I was somewhat suspicious of Cylink's more
than $1,000 per chip CY1024 public key crypto chips great cost.
Lewis submitted the RSA encryption paper to one of the ieee journals.
Graff sent me the copy of the RSA Encryption paper which John Young
posted.
Sandia confiscated all of my crypto papers.
I spoke with Graff on Wednesday August 13 at 21:43.
I explained the problem with algorithmic cryptography to Graff.
I asked Graff if he had seen any similar criticisms of algorithmic cryptography.
Graff responded that he may have.
Graff gave me the reference,
The Handbook of Applied Cryptography
and referenced an article by Peter Wayner.
Later,
bill
Return-Path: <billp@nmol.com>
Date: Wed, 14 Jan 1998 08:54:20 -0700
From: bill payne <billp@nmol.com>
To: jy@jya.com, j orlin grabbe <kalliste@aci.net>
Subject: Cylink
Wednesday 1/14/98 8:15 AM
John Young
J Orlin Grabbe
INFOWORLD January 5, 1998 page 48
Cylink gets permission to export Triple DES standard
Company to sell bank consortium
By Rebecca Sykes
CYLINK HAS WON permission from the U.S.
government to export hardware that works at the
Triple DES level, or three times that of the 56-bit
Data Encryption Standard. ...
Sykes’ article does not appear to have been posted
at inforworld.com yet.
Note the word HARDWARE.
After the NSA spy sting bust, we all must assume
that if a crypto key is going into a chip, it is coming
out of that chip.
My two public key crypto projects at Sandia were
1 electronic tagging for treaty verification
2 bureau of engraving and printing bill
anti-counterfeiting.
I hooked the Cylink 1024 chip up to an 8031
micrcontroller using Mode 0 synchronous
serial communications.
I only bought about 6 CY 1024 chips since I was
prototyping.
The CY 1024 cost MORE THAN $1,000 each.
It did not take a rocket scientist to figure out what
was going on. A scam.
The US government was buying, and probably was the
only one who could afford, CY 1024 chips.
Note at cylink.com that William Crowell, recently retired
from NSA, and referenced in Morales and my lawsuit with NSA,
is now working at Cylink!
Let’s hope this unfortunate matter get settled before it
gets FAR WORSE - for the US government, of course.
Later
bill
Date: Mon, 26 Jan 1998 18:04:30 -0800
To: John Young <jya@pipeline.com>, cypherpunks@cyberpass.net
From: Steve Schear <schear@lvdi.net>
Subject: Re: Cylink and Organized Crime?
I worked at Cylink as Manager of Business Development from April 1992 -
April 1994. I reported directly to both Lew Morris (CEO) and Jim Omura
(CTO) and know Jim socially, as well. I know of no instance in which I
suspected Cylink had criminal ties (other than our own govenment ;-)
I heard that NSA people from the Fort (Meade) did request that Cylink
supply 'special' crypto devices to drug cartele clients. I don't believe
they were accomodated (probably not enough lead time or Cylink was offered
too little money).
Ademco is a major stockholder, as are Jim and Lew (~20% combined) and
Renaissance Capital.
--Steve
Date: Mon, 26 Jan 1998 18:28:24 -0800
To: John Young <jya@pipeline.com>
From: Steve Schear <schear@lvdi.net>
Subject: Re: Cylink and Organized Crime?
John Young wrote:
>Steve,
>
>Bill Payne's been sending me notes about Cylink since May 1997
>after getting a call from Jon Graff who made the allegations. I've
>just added several of them to the URL posted today, one of which
>included Graff's phone number. I've left a message this evening
>for Graff to call me. Do you know him?
No. He must have joined after I left.
--Steve
Date: Tue, 27 Jan 1998 07:18:53 -0800
From: bill payne <billp@nmol.com>
To: armoral@sandia.gov
CC: jy@jya.com, George.Breznay@hq.doe.gov, Federico.F.Pena@hq.doe.gov
Subject: cylink
Art
I am almost afraid to click on
cylinked.htm Cylinked to Organized Crime?
I bought about six CY 1024 publick key crypto chips for a bit
over $1,000 each for SANDIA NATIONAL LABORATORIES for a Bureau
of Engraving and Printing and treaty verification electronic
tagging project.
Let's hope this mess gets settled!
bill
Date: Tue, 27 Jan 1998 14:11:27 -0500
To: John Young <jya@pipeline.com>
From:
Subject: Re: Cylink and Organized Crime? (Personal)
(Personal)
John,
jya stand for certain values, with your impassioned data gathering.
I'm proud to be an addicted reader.
I'm no fan of Cylink, nor it's past execs -- but this sort of
malovelent rumor-mongering doesn't belong on your site.
Not unless Bill Payne could offer some much more substantive than
he has so far.
This is embarassing. Please consider removing it.
Regards,
--------
Excerpt source:
http://www3.techstocks.com/~wsapi/investor/reply-486113
November 26, 1996
Yes, and it appears that he is not 'tainted' by former affiliation
with the NSA. I was reading the recent and very popular book
"Applied Cryptography" by Bruce Schneier, and in a section describing
an algorithm developed by Cylink, he advised approaching it with
caution because Cylink is 'tainted' by affiliation with NSA. One
must wonder whether this type of commentary by experts in the field
scares off potential customers. Unfortunately, the author may not
be worth suing for this kind of baseless claim.
Excerpt source:
http://www3.techstocks.com/~wsapi/investor/reply-780436
February 7, 1997
As a result of Cylink's reorganization the company received a demand
letter from attorneys representing seven of Cylink's former employees
alleging wrongful termination and related damages stated to be
approximately $34 million. Cylink firmly believes that the termination
of these employees was in the best interest of the company, the manner
of their termination was lawful and their claims are without merit.
Excerpt source:
http://www3.techstocks.com/~wsapi/investor/reply-1109978
April 1, 1997
You are right about turnaround, and maybe Sarrat is just what this
company needs. They were run extemely poorly by some Stanford
scientists, who knew encryption (recently settled with RSA as you know)
but not business. When Morris suffered his stroke last year, the
appalling lack of coherent business plan sunk the stock. Morris's
son was no help (he may be one of the pending lawsuits).
----------
Note: See recent investor comments on Cylink:
http://www.techstocks.com/~wsapi/investor/Subject-2944
Applied Cryptography, Bruce Schneier, 2nd Edition, pp. 215-16:
Algorithms for Export
Algorithms for export out of the United States must be approved
by the U.S. government (actually, by the NSA--see Section 25.1)
It is widely believed that these export-approved algorithms can
be broken by the NSA. Although no one has admitted this on the
record, these are some of the things the NSA is rumored to privately
suggest to companies wishing to export their cryptographic products:
- Leak a key bit once in a while, embedded in the ciphertext.
- "Dumb down" the effective key to something in the 30-bit range.
For example, while the algorithm might accept a 100-bit key, most
of those keys might be equivalent.
- Use a fixed IV, or encrypt a fixed header at the beginning of
each encrypted message. This facilitates a known-plaintext attack.
- Generate a few random bytes, encrypt them with the key, and then
put both the plaintext and the ciphertext of those random bytes at
the beginning of the encrypted message. This also facilitates a
known-plaintext attack.
NSA gets a copy of the source code, but the algorithm's details remain
secret from everyone else. Certainly no one advertises any of these
deliberate weaknesses, but beware if you buy a U.S. encryption product
that has been approved for export.
-----
For more on Applied Cryptography see Bruce Schneier's Web site:
http://www.counterpane.com
From: "Rich Ankney" <rankney@erols.com>
To: <jy@jya.com>
Subject: Jon Graff vs. Cylinked
Date: Wed, 28 Jan 1998 15:06:27 -0500
John,
I've been exchanging Email with Jon for the past few days,
following up on some topics we discussed at the ANSI X9F
meeting last week. I mentioned the "Cylinked" posting on
Cryptome (incidentally my new favorite site), and he's a bit
concerned that the context isn't quite complete (i.e. the
rumor is hearsay and he has no knowledge of its veracity.
His version of the facts:
"Jon Graff related in a private conversation to Bill Payne
a rumor that was widely circulated among the long term
employees at Cylink that alleged association of the Mafia
with Cylink. During that conversation, Jon emphasized that
this rumor was hear-say and he had no knowledge to evaluate
the veracity of the rumor."
Incidentally, Jon was with Cylink back in the early '90's.
I had suggested that he post this, but he would prefer not to spread
his Email address around given the current flurry of activity. Perhaps
you could just add this message to the Cylinked "thread" on
Cryptome.
Best regards,
Rich Ankney
JYA Note: We appreciate this clarification from Rich Ankney and Jon Graff,
both of whom are distinguished cryptographers. See, in addition to their
participation in ANSI X9F, Mr. Ankney's paper "Introduction to Cryptographic
Standards," and Mr. Graff's participation in NISSC 97 where he was a panelist
on Debate Track D,
"Technology Around The Next Corner: The Future of INFOSEC"
Chair: Hilary Hosmer, Data Security Inc.
Panelists:
Emmet Paige, OAO
Kathy Kincaid, IBM
Jon Graff, KPMG, Peat, Marwick, LLP
Ruth Nelson, Information Systems Security
Date: Thu, 29 Jan 1998 11:10:35 -0800
From: bill payne <billp@nmol.com>
To: kalliste@aci.net
CC: jy@jya.com
Subject: Postcard
Graff phoned. Graff is getting NASTY phone calls.
Latest: Cylinked to Organized Crime?
But you know about hints such as the horse head in the bed.
I read your stuff.
I haven't yet mustered the courage to read about Cylink.
Later
bill
February 4, 1998
Jon Graff returned JY call. Confirmed e-mail message sent
via Rich Ankney. Has not received threats for remarks posted
here. Will let JY know if there are any.