{"id":8439,"date":"2025-11-14T05:03:43","date_gmt":"2025-11-14T05:03:43","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/11\/14\/book-review-the-business-of-secrets-html\/"},"modified":"2025-11-14T05:03:43","modified_gmt":"2025-11-14T05:03:43","slug":"book-review-the-business-of-secrets-html","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/11\/14\/book-review-the-business-of-secrets-html\/","title":{"rendered":"Book Review: The Business of Secrets"},"content":{"rendered":"\n<div>Book Review: The Business of Secrets<\/div>\n<p> \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p><strong>The Business of Secrets: Adventures in Selling Encryption Around the World by Fred Kinch (May 24, 2004)<\/strong><\/p>\n<p>From the vantage point of today, it\u2019s surreal reading about the commercial cryptography business in the 1970s. Nobody knew anything. The manufacturers didn\u2019t know whether the cryptography they sold was any good. The customers didn\u2019t know whether the crypto they bought was any good. Everyone pretended to know, thought they knew, or knew better than to even try to know.<\/p>\n<p>The Business of Secrets is the self-published memoirs of Fred Kinch. He was founder and vice president of\u2014mostly sales\u2014at a US cryptographic hardware company called Datotek, from company\u2019s founding in 1969 until 1982. It\u2019s mostly a disjointed collection of stories about the difficulties of selling to governments worldwide, along with descriptions of the highs and (mostly) lows of foreign airlines, foreign hotels, and foreign travel in general. But it\u2019s also about encryption.<\/p>\n<p>Datotek sold cryptographic equipment in the era after rotor machines and before modern academic cryptography. The company initially marketed computer-file encryption, but pivoted o link encryption \u2013 low-speed data, voice, fax \u2013 because that\u2019s what the market wanted.<\/p>\n<p>These were the years where the NSA hired anyone promising in the field, and routinely classified \u2013 and thereby blocked \u2013 publication of academic mathematics papers of those they didn\u2019t hire. They controlled the fielding of strong cryptography by aggressively using the International Traffic in Arms regulation. Kinch talks about the difficulties in getting an expert license for Datotek\u2019s products; he didn\u2019t know that the only reason he ever got that license was because the NSA was able to break his company\u2019s stuff. He had no idea that his largest competitor, the Swiss company Crypto AG, was owned and controlled by the CIA and its West German equivalent. \u201cWouldn\u2019t that have made our life easier if we had known that back in the 1970s?\u201d Yes, it would. But no one knew.<\/p>\n<p>Glimmers of the clandestine world peek out of the book. Countries like France ask detailed tech questions, borrow or buy a couple of units for \u201cevaluation,\u201d and then disappear again. Did they break the encryption? Did they just want to see what their adversaries were using? No one at Datotek knew.<\/p>\n<p>Kinch \u201ccarried the key generator logic diagrams and schematics\u201d with him \u2013 even today it\u2019s good practice not to rely on their secrecy for security\u2014but the details seem laughably insecure: four linear shift registers of 29, 23, 13, and 7 bits, variable stepping, and a small nonlinear final transformation. The NSA probably used this as a challenge to its new hires. But Datotek didn\u2019t know that, at the time.<\/p>\n<p>Kinch writes: \u201cThe strength of the cryptography had to be accepted on trust and only on trust.\u201d Yes, but it\u2019s so, so weird to read about it in practice. Kinch demonstrated the security of his telephone encryptors by hooking a pair of them up and having people listen to the encrypted voice. It\u2019s rather like demonstrating the safety of a food additive by showing that someone doesn\u2019t immediately fall over dead after eating it. (In one absolutely bizarre anecdote, an Argentine sergeant with a \u201chearing defect\u201d could understand the scrambled analog voice. Datotek fixed its security, but only offered the upgrade to the Argentines, because no one else complained. As I said, no one knew anything.)<\/p>\n<p>In his postscript, he writes that even if the NSA could break Datotek\u2019s products, they were \u201cvastly superior to what [his customers] had used previously.\u201d Given that the previous devices were electromechanical rotor machines, and that his primary competition was a CIA-run operation, he\u2019s probably right. But even today, we know nothing about any other country\u2019s cryptanalytic capabilities during those decades.<\/p>\n<p>A lot of this book has a \u201cyou had to be there\u201d vibe. And it\u2019s mostly tone-deaf. There is no real acknowledgment of the human-rights-abusing countries on Datotek\u2019s customer list, and how their products might have assisted those governments. But it\u2019s a fascinating artifact of an era before commercial cryptography went mainstream, before academic cryptography became approved for US classified data, before those of us outside the triple fences of the NSA understood the mathematics of cryptography.<\/p>\n<p><em>This book review originally appeared in <a href=\"https:\/\/www.afio.com\/book-reviews\/\">AFIO<\/a>.<\/em><\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Bruce Schneier<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/www.schneier.com\/blog\/archives\/2025\/11\/book-review-the-business-of-secrets.html\">Go to bruce schneier<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Book Review: The Business of Secrets The Business of Secrets: Adventures in Selling Encryption Around the World by Fred Kinch (May 24, 2004) From the vantage point of today, it\u2019s surreal reading about the commercial cryptography business in the 1970s. Nobody knew anything. The manufacturers didn\u2019t know whether the cryptography they sold was any good. [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[57,802,806,412,897,1],"tags":[87],"class_list":["post-8439","post","type-post","status-publish","format-standard","hentry","category-bruce-schneier","category-business-of-security","category-cryptography","category-encryption","category-history-of-cryptography","category-uncategorized","tag-bruce-schneier"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/8439"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=8439"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/8439\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=8439"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=8439"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=8439"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}