Shimomura on BPF, NSA and Crypto: One of the tools I modified for my work was a sophisticated piece of software called the Berkeley Packet Filter. ... Unlike the original BPF, my version was designed to bury itself inside the operating system of a computer and watch for certain information as it flowed through the computer from the Internet. When a packet from a certain address, or for that matter any other desired piece of information designated by the user flashed by, BPF would grab it and place it in a file where it could be kept for later viewing. I had developed my initial version of the faster BPF in the expectation that I would receive additional research funding for the work from the National Security Agency. The Agency had begun supporting my work under a Los Alamos National Labs research grant in 1991, and had promised to extend their support for my work, but the funding was never forthcoming. I developed the tool, but after I completed the work, in early 1994, the bureaucrats in the agency reneged on funding. The idea of working with the NSA is controversial in the community of security professionals and civil libertarians, many of whom regard the NSA as a high-tech castle of darkness. Libertarian by inclination or by the influence of their colleagues, the nation's best computer hackers tend to possess a remarkable sensitivity to even the slightest hint of a civil liberties violation. They view with deep distrust the work of the National Security Agency, which has the twin missions of electronic spying around the globe and protecting the government's computer data. This distrust extends to anyone who works with the agency. Am I contaminated because I accepted research funding from the NSA? The situation reminds me of the scene in the movie Dr. Strangelove where General Jack D. Ripper is obsessed by the idea of his bodily fluids being contaminated. I think the idea of guilt by association is absurd. My view is very different. First of all, I don't believe in classified research and so I don't do it. The work I was undertaking on packet-filtering tools was supposed to be funded by the agency for public release. The tools were to be made widely available to everyone, to use against the bad guys who were already using similar tools to invade people's privacy and compromise the security of machines on the Internet. But even more to the point, I believe that the agency, rather than inherently evil, is essentially inept. Many people are frightened of the NSA, not realizing that it is like any other bureaucracy, with all of a bureaucracy's attendant failings. Because the NSA staff lives in a classified world, the government's normal system of checks and balances doesn't apply. But that doesn't mean that their technology outpaces the open computer world; it just means they're out of touch and ponderous. In any case, I feel strongly that tools like BPF are absolutely essential if the Internet is to have real security, and if we are to have the ability to trace vandals through the Net. If people are concerned that individual privacy is at stake, they should probably worry less about who should have the right to monitor the networks, and instead focus their efforts on making cryptographic software widely available. If information is encrypted it doesn't matter who sees it if they can't read the code. Cryptography is another example of my point that a tool is just a tool. It was, after all, used primarily by kings, generals, and spies until only two decades ago. Then work done by scientists at Stanford, MIT, and UCLA, coupled with the advent of the inexpensive personal computer, made encryption software available to anyone. As a result, the balance of power is dramatically shifting away from the NSA back toward the individual, and toward protecting our civil liberties. ["Takedown," pp. 102-04]