Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Encryption Security

Europe Sets Encryption free, USA Protests 244

Jor writes "This (english) article on Telepolis (german site) says that the European ministers of Foreign Affairs are expected to decide next monday (27th) to drop all export regulations regarding encryption software to countries outside the European Union. The article also points out that the USA are pretty pissed off by this decision. "
This discussion has been archived. No new comments can be posted.

Europe Sets Encryption free, USA Protests

Comments Filter:
  • <I>Munitions include shells for heavy artillery and bombs, both of which you most definately are not allowed to own.

    A quick glance at the constitution reveals no such restriction.... </I>

    It really says people may bear *any* kind of arms? Or merely be armed? The latter doesn't stand in the way of regulation as long as some kind of weapon is legal. Knifes only, anyone?
  • by catalyst ( 77856 )
    heh, oops, let's try that again, formatted correctly this time:

    > As we know Echelon has been a joint venture between European countries an the US,
    > one wonders how that partnership will be affected.

    Actually no, we don't know that. Echelon is (disclaimer: "supposed to be") a joint venture between the US and it's English allies, which means Britain, Australia, and Canada. The main target of Echelon is the EU for crissakes. That's why the article mentions that there's widespread distrust of American security products: because they're all assumed to be part of the conspiracy.

    > Further, if something "bad" were to happen (i.e. plane blowing up), you know the US Gov't will
    > blame the EU, saying that lift on encryption resulted in that tragedy. Lawsuit to follow?

    One government sueing another over differences in their mutual legislation?!? In which court, exactly?

    -this message brought to you by Nerds Against Drunk Posting

    catalyst.

    =-=
  • by I-man ( 95468 ) on Tuesday May 23, 2000 @06:31AM (#1053482)
    This reminds me of those history lessons about the state of heavy tank armor at the beginning of world war II. Armor technology had outpaced the methods of defeating it (explosives) and people started freaking out about these indestructable heavy armors laying waste to everything in their path.

    Then the shaped charge was invented. Anti-armor tech caught up with armor tech.

    Until we come up with better technology to crack encryption (IANACF - I am not a crypto freak), people are SOL trying poke through modern crypto schemes.

    But the answer isn't to try and keep people from designing the armor. The answer is to develop a better method of defeating the armor. To try and stop the progression of crypto technology is stupid and, at best, a delaying action. The only benefit the efforts of the US Government will have are on the economics of non-US crypto companies.

  • <I>There is NO SUCH THING as an unbreakable code in reality.</I>

    One-time pads are unbreakable. The messages an army (or drug ring, or whatever) need to operate are short - usually only a few lines per message.

    A single cdrom can hold pads for over a million messages, and of course all your units have a different one.
  • As far as the public research goes, I remember seeing late 1999 articles in Science (or was it Nature?) and PRL dealing with extremely basic things such as if reading and writing data from/to a quantum computer is possible at all. So, if the theory is at this stage, I'd say quantum computing is largely "vaporware" far into the future.

    Another question is, how far ahead this research NSA's and other intelligence gathering organizations' R&D is. (Paranoid-mode on ;-)

  • Actually, I think Echelon is the single best reason for Europe to release encryption technology. Many in Europe are upset at the notion of the US spying on their cell phone conversations, E-mails, and other private communications.

    Now, if everything is encrypted in an industrial-strength code, projects like Echelon will either take immense computing power or become wholly ineffective, with the latter being more likely. I know that the US has contributed excessive dollars and power to covert projects before, but Echelon casts such a wide net that decoding all of those tadpoles and minnows to catch the very rare shark just costs too much. Even for the NSA.

  • Wasn't one of RSA based at Cambridge University? And didn't Alan Turing do some work in this field too?

    I keep hearing Americans claim over and over that the US is technologically ahead, but I see absolutely no evidence for this. Intel CPUs suck; Microsoft software sucks; Cisco import much of their router software from the UK; the ARM is the best-selling CPU worldwide, and it's British; even mobile phone handsets come out a year earlier over there.

  • by hey! ( 33014 ) on Tuesday May 23, 2000 @07:22AM (#1053487) Homepage Journal
    what can be explained by stupidity.

    In any case, its always been easy to get strong encryption in the US, so your argument makes no sense whatever.

    On the flip side, it's always been easy to get encryption out of the US too. The so called export restrictions have always been an ridiculously porous barrier -- not only because the easy but illegal transfer of encryption programs, but because the restricted algorithms themselves have been protected under the first amendment -- if exported in printed form.

    I think you miss two important alternative explanations.

    (1) Politics.

    Politicians are by in large not stupid. They just do stupid things for smart reasons. Export restrictions are symbolic not practical.

    Politics is about appearances. If there is an item on the news that grabs everyone's attention, you can expect to congressional hearing pretty soon. That's why we get things like "crime bills". On the theory it's better to be ineffectual than indifferent, do something and if you're lucky and people aren't watching too closely, they may not even notice you are being ineffectual.

    On the flip side, it's bad to have the appearance of coddling criminals, welfare mothers or terrorists, so it makes perfect sense (from a political sense) not to be the one caught pulling the plug. Do you think the Republicans would praise Clinton for dropping export restrictions? As a Democrat, I'm very sure that my party wouldn't have kind words for a Republican president who did so.

    (2)Inertia

    The very ineffectualness of the restrictions is what keeps them going. Nobody in the defense or intelligence estabishment who really understands these issues is going to care much, except for the people whose job it is to enforce the restrictions. Given the political exposure of "weakening" a defense, even if it is obsolete or as in this case merely symbolic, it's much easier to go along and not make waves.

  • I thought the Furbys were outed by the CIA as an international spy ring, and banned from CIA installations.
    ___
  • There isn't ANY encryption I can't break in about 3 days.

    Well do I have to be the one to say it? Fine... LIAR! If you could break ANY encryption in three days then you have something going that the rest of the world has missed. Just to demonstrate I would like you to take a crack at this next block. Mail me the answer (e-mail listed, it works). I'll even give you four days to do it in.

    GHTRY AUYIT HGYYT LINQW

    If you can't do it then admit you were being a idiot. Thank you.

  • I think that these reasons many of you cannot see behind this decision are clear. The group of ministers of foreign affairs of EU is debating a long time already about e-commerce and whole EU is talking about it. Also whole EU has problems with overproduction and need for export. They see as a help in solution of this situation use of e-commerce, but they cannot export into 3rd world countries and make business with them effectively and spread e-commerce solutions there without having good encryption allowed in these countries.

    I think that Europe is going everything to catch up with US considering e-commerce and to even get one step further.

  • CmdrTaco did not say the "US is pissed", the person who submitted the story did. Its clear from the italics, what was quoted from the submitter and what was not.

    Moderators, how did that post get +2?

    siri


  • Another thought is the fact that with linux clusters becoming more common it doesn't take as long to break the encryption. With a very powerfull cluster the encryption becomes a minor anoyance, to the average hacker its a bit harder.


    It takes (and will continue to take) years to break long keys by brute force. They will simply be unbreakable to just about everyone.
  • Why are some foreign countries so anit-US? I don't understand it. Why does the US make you so bitter? How do we make your life miserable? Please be detailed in your explaination.
  • useless.

    I'm sure the NSA, FBI, ATF, DEA, BIA, INS, CIA, DOD, DOJ, and the Freemasons are sinking lots of dough into quantum conmputing technology (so they can have it before it's publically available).

    The value of encryption is finite. Come up with something better, people.

    May I suggest secret decoder rings? (BE SURE TO DRINK YOUR OVALTINE)

  • My point is that there's been an ongoing technological battle between those who want their privacy and those who want to breach their privacy

    On the other hand, the rate of progress in breaching privacy is exploding like everything else.

    150 years ago, if you wanted to be absolutely certain a conversation was secure, all you haed to do was go out to the middle of a big field, check there was nobody within earshot, and whisper.

    Is there any similarly effective means of achieving privacy currently available at negligible cost?

    TomV

  • It depends on whether you interpret the constitution in a loose or strict manner. I interpret it in a strict manner meaning that anything it doesn't SAY the government can do, the people have to approve. So, if everyone voted to outlaw all firearms that would be a violation of our rights, but one that we apparently didn't mind.

    Kintanon
  • I don't see how this is going to be accomplished. In some european contries, like France, encryption is illegal (unless you are the government of course) and in others restrictions are placed on it's use. For example in the UK it is actually illegal to do encryption in hardware. This dates back to the days where the implementation in software were too slow to be useful.

    Thus if we have restrictions on internal use of encryption I don't see how we are going to develop and export strong encryption.

    France has more oustanding european court cases against it that any other nation

    -dp
  • From the article:
    ...there is mistrust towards American encryption products which are believed to be weakened by the American intelligence agencies, or have secret backdoors... and ...affirmed the United States pressured the European Union to withhold the decision. 'But the European Union does not make their policies dependent on the opinion of the United States.'

    The article does not say that the United States is "pretty pissed off" by this decision. That is pure speculation.

  • The EU does recognize software / algorithm patents

    Well, Denmark doesn't. In paragraph 1.2.3 of the Danish patent law [147.29.40.90], programs for computers ("datamaskiner") is explicitly excempted. However, as an earlier poster pointed out, algorithms can still be patented as part of a larger system.
  • Why are some foreign countries so anit-US? I don't understand it. Why does the US make you so bitter? How do we make your life miserable?

    I wonder this, as well. I can see perfectly--being that I am an American--why its own citizens would hate the U.S. Government. We have to suffer the effects of this bloated federal government every day.

    This is not a situation that we have to sit quietly and accept, however. I may despise the myriad of unconstitutional agencies I'm forced to pay for with my taxes, but I love the spirit in which my country was created, and I believe in the ideals that our ancestors paid for in blood.

    Americans don't have to take this. We can fight back with the weapon government fears most--VOTE. Vote for a candidate that believes in your ability to govern yourself. If you want to learn about these candidates, visit the Libertarian Party home page [lp.org].

    Topher
    Got Freedom? [lp.org]

  • Say I want a good Cuban Cigar (I do!). Now, why can't I get one? Because the U.S. has a total economic ban on Cuba. IIRC the United States is the only nation to have this embargo on Cuba.

    >There's no point in being the only nation on this planet banning encryption export.
    Being alone has never stopped them before, why would it now?

    Devil Ducky
  • by Greyfox ( 87712 )
    We're pissed because it's going to screw up our intelligence gathering system. The NSA hates to crack keys. Why 1024 bit encryption takes them 4 seconds! When you're dealing with terabytes of data, that gets to be a pain in the ass. They'll need more computing horsepower, which means they'll have to step up production in the south American drug farms. Can't you guys just be good little droids?

    BTW, I've been downloading my encryption products from Norway forever now. Much easier than screwing with an American site. Mandrake uses servers in other countries to seamlessly install encryption products once your networking is set up. The net's been bypassing our stupid regulations for ages now. Pity decss and that cyber patrol crack didn't fare so well.

  • Comment removed based on user account deletion
  • Besides, I'll bet there are quite a few companies that would move encryption development overseas to take advantage of lax laws.

    Some already have. RSADSI hired Eric A. Young (the guy who wrote SSLeay) to work on their SSL project in AU. The idea is that all of the coding, support, and sale is done outside the US, so it won't be 'tainted' by the export laws. That way they can sell it to anybody in the world, conviniently getting around US export laws.

  • This dictates a deep social drift towards peace, and as such things like terrorists aren't generally feared because guns and such are so rare.

    This seems to be a rather severe departure from reality. Anti-terrorist paranoia (i.e., heavy police presence, "anti-terrorist" squads, airport security) is, according to most sources, more common in Europe than in the U.S.

    In fact, the anti-self-protection laws you cite, are themselves an example of paranoia that has not, as of yet, infected the U.S., apart from in some Northeast cesspools.

    The U.S., by the way, is not a particularly violent country, when compared to the world as a whole, instead of comparing only against largely homogeneous (by comparison, mind you) Northern European countries.


    --

  • Give me a break...

    The article says that the US was pressurising the EU not to go ahead with the move. Why did CmdrTaco say that the "US is pissed"? What further indications are there in the article that the US is indeed pissed?

    And you think they'd be pressuring the EU not to go ahead with it if they liked it? No. The article stated rather nicely that the US government is... pissed.

    -- iCEBaLM
  • Note that the EU doesn't recognize software patents, so er *can* export reimplementations of the patented algorithms. If this goes through, US citizens will be the only one unable to benefit from US developed encyption technology.
  • by account_deleted ( 4530225 ) on Tuesday May 23, 2000 @06:34AM (#1053512)
    Comment removed based on user account deletion

  • Does any law enforcement agency really think that Bad Guys anywhere in the world have any trouble at all getting strong encryption technology? The whole argument seems pretty pointless to me. They're just preventing people from making money with it. (conspiracy theory?)

  • Actually, this is different in the case of encryption, or software in general.

    What the US government doesn't want is widespread use of encryption. The way to avoid this is to keep it out of mainstream products.

    In your cell phone example, using a US standard does not keep you from calling someone outside the US. If you couldn't use a US cell phone to call someone in Europe, people would get upset about the lack of standards.

    Encryption is only effective if it goes from one end to the other. Therefore, two people from different countries need to use the same standard.

    What the encryption regulations have done is keep strong encryption out of the hands of the mainstream. These regulations have kept strong encryption from being built into Internet Explorer (for lack of a better mainstream example). If all of the mainstream applications had built-in encryption, and it was friendly enough that even my Aunt in Minnesota could use it, then eavesdropping on the internet would be practically impossible.

    Cell phones don't follow a standard, but the worldwide phone system allows multiple standards to talk to each other. With encryption, there is no way to transliterate in the middle, because to do that, you'd have to decode the message.
  • The RSA pattent isn't valid in EU due to the algorithm being published before the patent was filed. In the US, you have one year after publication to file the patent, but in the EU, it has to be filed prior to publication (at least, this is the story that I read about somewhere).
  • Steven,

    I just had a little look at your posting history, and you're a pretty amazing guy. I am surprised that you feel it necessary to tell me that you were a sponsor of that contest since I would have expected you to be well-informed enough to be aware that Our People have been watching you for some time. We are forming a new World Organisation called Braggard, Inc. which we feel you would be more than qualified to preside over.

    thanks,
    Z

    p.s. Anticipating a positive response we have already disabled http://www.jjjulius.com [jjjulius.com].

  • by JDisk ( 82627 ) on Tuesday May 23, 2000 @08:39AM (#1053523)
    Besides, all of the major encryption standards were developed in the US, so the EU's decision will not really affect distribution of the well-known algorithms
    Well, two of the five finalists (Rijndael and Serpent) of the next generation symmetric encryption standard AES [nist.gov] are from Europe. And even if they should not win, it will not matter commercially since all entries have promised that their algorithms are 'available on a worldwide, non-exclusive, royalty-free basis'. So, the next American encryption standard may well be an European algorithm and implementations will definitely be available from European vendors. For the sake of competition lets hope they will be available from Americans as well.
  • by BWS ( 104239 ) <swang@cs.dal.ca> on Tuesday May 23, 2000 @06:16AM (#1053526)
    EU Good, US Bad

    Shall I Say anymore?
  • That's because the US helps keep the economies running in these other countries. Even as we type, Washington is considering measures to prop up the declining value of the Euro.

    More because of issues of trade balance, than as a favor or quid pro quo to Europe. A cheap Euro means higher imports from Europe, less export to Europe, and US companies being defeated in world markets by cheap European goods.
  • This is a step in the right direction. Maybe if the U.S. sees other nations dropping export restrictions, they will follow suit. There's no point in being the only nation on this planet banning encryption export. Besides, I'll bet there are quite a few companies that would move encryption development overseas to take advantage of lax laws.

    --cyphergirl

  • 'But the European Union does not make their policies dependent on the opinion of the United States.'

    Well, I'm glad that SOMEBODY doesn't.


    ...phil

  • by hey! ( 33014 ) on Wednesday May 24, 2000 @03:44AM (#1053536) Homepage Journal
    I'm just pulling your leg a bit about your literary criticism.

    The conspiracy theory about encryption doesn't make any sense, because it can't target the people who need to be targeted -- the ornery free-thinkers with IQs higher than room temperature. The political theory does make sense because it fits with the pattern of behavior you can see every day if you look at any successful politician of any particular ideological stripe.

    Conspiracies do happen; after all Nixon did try to cover up Watergate and he did use the IRS to force George Wallace to give up his third party. The KISS applies to conspiracies as well as anything else. The Wallace thing was simple, old fashioned blackmail, and worked perfectly. The Watergate thing started simple, but got too complicated to be managed, as it drew in too many of the executive branch. Of course, once he started down that road, he was stuck. The story had more legs than he had expected, and he was stuck with a balooning conspiracy that toppled his presidency.

    Complicated conspiracies are simply prone to failure. To posit conspiracies that are complicated and doomed to faiure from the outset is to assume stupidity on the part of the conspirators. I have news for you -- these guys are rich and powerful and get a lot more action than the average geek.

    So, you wanted a sound bite? Here it is: The difference between a politician and a geek is that a politician is willing to act stupidly to achieve his ends, whereas a geek is not.

    Of course you can never disprove the existence of a conspiracy, especially to someone willing to introduce new propositions to support the conspiracy theory because he likes conspiracy theories. However, Occam's razor favors the straightforward political explanation.

  • by rhmiller ( 124794 ) on Tuesday May 23, 2000 @06:35AM (#1053537) Homepage
    I don't think the FBI,NSA, or any arm of the government can stop US citizens from using encryption precisely because the US government has labeled it a munition. Thus it is an arm and because of the 2nd amendment we have a constitutional right to use encryption. Also by this argument the government can not ask us to give them the keys either as that would be the same as taking our guns from us which is against the 2nd amendment.
  • ...which explains why submachine guns are not uncommon among their police, why H&K specifically designed an anti-terrorist-sniper weapon for the Germans, why the Israeli atheletes were assassinated at Munich, why people were shot at Athens Airport, why the French deal with Algerian bombers, why the ETA assassinates political figures...
  • by bfree ( 113420 ) on Tuesday May 23, 2000 @06:36AM (#1053542)
    Higher-level encryption products, notably PGP, are available free to everybody over the Internet provided that they *say* they are from the US
    Can everyone say GnuGP [gnupg.org]?
  • 'But the European Union does not make their policies dependent on the opinion of the United States.'

    Even as an American it's nice to see some other countries/political entities showing some backbone and independant thought [terrorist nations notwithstanding]. While I don't usually follow these things too closely, it seems to me that quite often the US govt. pushes, and other countries just go along with it.
    Then again, maybe I just really have no clue :)

    Ender

  • Citizens aren't armed, so police aren't armed.

    Oh yes they are.

    The introduction of the ARV (Armed Response Vehicle) was in direct response to the number of firearms involved in serious crime.

    ARV= Three police officers with firearms training, Beretta 92f's and H&K MP5's.

    Of course they do have a tendency to kill people every once in a while (shot a depressed farmer here in Cambridge a while back) but they're probably criminals right?
  • In some european contries, like France, encryption is illegal...

    I thought that restriction had been recently lifted, like within the past couple of years.


    ...phil

  • The reason for brute force attacks isn't to actually crack keys - it's to make people stop using wimpy algorithms, and to make government officials stop forcing us to use wimpy algorithms.


    The nice thing about current mathematical cryptography is that many algorithms have strength that's exponentially proportional to key length - so a small increase in the amount of encryption and decryption work radically increases the work that's required to crack it without the keys. Linux clusters and distributed.net [distributed.net] and DES cracker boxes are great for brute-forcing DES and RC4-40 and RC5-56, but the planet only has 2*170 atoms on it, 3DES, which has 168-bit keys, takes only about 3 times as much work as DES to encrypt/decrypt. (Ok, the real strength is only about 112 bits, because there's an attack using 2**64 bits of storage and 2**112 cycles, but there's always 5-DES and 7-DES, and algorithms like RC4 and RC5 don't even take extra work to use longer keys - you won't crack RC4-128 or 3DES by brute force in your lifetime unless the Great Nanotech Singularity changes your lifetime a lot - and probably not in the planet's lifetime.


    It's MUCH easier to steal keys than crack good algorithms. Decompiled your keyboard ROMs lately? This is Slashdot, so many of you *have* checked out the device drivers for your keyboards :-)

  • I wouldn't blow off Blowfish [counterpane.com]. I'm not sure about its exportability in machine-readable form (IANAL), but I think the code is solid, and I know it's undergoing and undergone extensive peer reviews / attacks.
  • And what causes declines in a currency's value? Could it be a lack of faith in the economic system where the currency is used?

    Among other things. Ipeople think that the supply of money (as determined interest rates, reserve rates and government deficits) will be high relative to production in the EU, then they will get rid of their Euros in favors of something else.

  • by Kintanon ( 65528 ) on Tuesday May 23, 2000 @07:39AM (#1053559) Homepage Journal
    bzzt.

    A munition is much heavier than the arms that the 2nd ammendment allows. Munitions include shells for heavy artillery and bombs, both of which you most definately are not allowed to own.


    A quick glance at the constitution reveals no such restriction....
    I'd say you need to re-read it. At the moment the government regulation of nuclear missiles and rocket launchers is a violation of our second amendment rights, BUT it's one that the citizens of the US have chosen to endure the interest of not having weapons of mass destruction available quite that easily. But make no mistake, it IS a violation of the rights set down in the constitution.

    Kintanon
  • Is the soul of wit.
  • One problem is that people such as ISPs and governments may block ports used for ssh. What I'd like to see is a way to transparently tunnel all IP traffic across https.

    In other words, when host A wants to send a packet to host B, it makes an https connection to B (if one isn't already open) and sends the packet along that. At the other end, B interprets the packet as coming from some special 'crypto' network interface, and handles it just as if it had come from the network card or modem.

    The advantages of doing this would be that ISPs wouldn't want to block https, since it is used for ecommerce. Likewise governments. And because https is encrypted, there's no easy way to tell that you're engaging in subversive activities (eg encrypted telnet) rather than approved activities which involve buying lots of stuff on the net. (please bear in mind that this whole post has been run through a conspiracy-paranoia filter.)

    Also, it could be totally transparent to the user; if such a feature got put as standard into the Linux kernel (for *example*), traffic between Linux boxes would form a sort of 'cryptobone' (!) while communications to other OSes would proceed as normal.
  • Well I've already commented once to you but I'll do it again because frankly... your annoying. First off if you know so much about a hush-hush policy then why are you opening your mouth about it on Slashdot?

    As for going into detail of course you can't. You don't have any. If you were so involved with security like you claim then you would be much more tight lipped and be able to keep your mouth shut. By the very act of saying you know so much but can only say these little tidbits you show yourself as a person who has never worked in, around, and/or with people or things that deal with security. If you did then you would know never to mention secrets (or hush-hush as you say), even little teasers. Please at least try to be a little more subtle in your trolling.

  • I don't think the war on drugs has anything to do with fears or insecurity of the people, it has everything to do with an ideology that some very influencial people hold. Nor do I see any major crackdown on guns, its about as easy to get a gun as its ever been.

    The problem has everything to do with keeping powerful uncontolable tools out of the hands of the populace.
  • by randombit ( 87792 ) on Tuesday May 23, 2000 @06:39AM (#1053568) Homepage
    Besides, all of the major encryption standards were developed in the US, so the EU's decision will not really affect distribution of the well-known algorithms

    All of the 'standards' (OpenPGP, SSL/TLS, S/MIME) have been published in RFCs. And documents describing almost every algorithm known are available online, either in RFCs, or the conference proceedings where they were first presented. Only code is restricted from export - textual descriptions are fine. And of course reference code for algorithms invented in Europe, Canada and other non-restrictive areas is available too.
  • you also might like to check out the story on Slashdot [slashdot.org] :+)
    --
  • The widespread distrust of American Products is not because of the encryption laws. The laws just provide a reason for Europen nations to distrust American Products, if the laws weren't in place someother reason would pop-up.

    That is not to say that I believe encryption restrictions should be in place, just there is always more happening than what is being screamed about.

    *ASIDE* I noticed you didn't chide him for not thinking before posting when you reposted... :)

    Devil Ducky
  • in the business sector.
    This is exactly the sort of development that is needed in order to push the US into dropping restrictions on the use of strong crypto. The US govt. has limited concern for the demands of lone privacy advocates and crypto-lovers, but it has a hard time ignoring the concerns of big business, particularly now with the spotlight being on the one's and zero's industry. From the look of the article, a lot of the motivation behind the EU changing these restrictions was economic; companies that have to wait 6-8 months every time they want to sell products containing encryption to someone in another telephone exchange are less competative than those that don't. So this change makes European cryptography exporters (which could include a very wide range of products now a days, not just PGP style personal crypto managers, but also products with embedded protection) more competative. US businesses don't like being less competative than there overseas counterparts. It leads to the creation of "buy American" commercials (in this case, "Encrypt Americans". . .) and general bitching and moaning on the part of industry lobbyists to Congress. Eventually, Congress will have to make amends or risk continuing flack and re-election problems from companies who feel that their interests are being hurt by the current crypto laws. The recent reforms in the crypto laws in the US were a nice, if ambiguous start, but this development may be the flahspoint for a nice, unambigous movement of encryption technology out of the sphere of 'restricted munitions', and back into the hands of people who would like to prevent everyone in the world from reading everything they own.
  • For the short term, I'm not very hopeful. In the longer term, it is inevitable now. Our current policy made no sense even before this. Now, it will be much more difficult for the politicians and bureaucrats to pretend it still makes sense. But, rest assured, they will stupidly resist for as long as they can.
  • It's about time. But i do have mixed thoughts on if globally it's a good idea. Being an American I generally have a scewed Amarican view on global policy, especially when it comes to the net, privacy and basic freedoms. This case however makes me grin however because the American government beleives the global internets, their policy and technology is subject to American laws and policy.

    It's nice to see the American government slapped down a few notches and maybe this will be an "time to end the ignorance" wake up call for Captial Hill and the FCC.

  • by mattdm ( 1931 ) on Tuesday May 23, 2000 @09:04AM (#1053589) Homepage
    I think I subscribe to the "malice" theory on this one. Sure, it's not terribly difficult to get strong encryption -- but it's extra steps, and if there's one thing we've learned from MS IE's standings in the browser wars, it's that most consumers aren't going to bother.

    --

  • by pallex ( 126468 ) on Tuesday May 23, 2000 @06:45AM (#1053593)
    "Higher-level encryption products, notably PGP, are available free to everybody over the Internet provided that they *say* they are from the US. "

    You dont have to `say` you`re from anywhere...

    www.pgpi.com

    has version 6.5.1i (i = international)
    a wholy legal, inside and out of the states, version of pgp.

    a.

  • With all of the talk of the US government wanting backdoors built in to all encryption so that they can protect the good ol' states can you really blame them? The power to access what should be confidential information should never fall into the hands of the government..t.here is no garauntee that it would not be used for purposes other than what it was intended...not to mention that if one of our agencies can get in then no doubt some youngster will find a way... if they open it they don't have to buy it from us as the article said...I agree


    My Home: Apartment6 [apartment6.org]
  • by Yardley ( 135408 ) on Tuesday May 23, 2000 @06:47AM (#1053602) Homepage
    Some Background on Crypto in Early U.S. History [americanpartisan.com]

    Encryption is the process of coding and decoding information to ensure its privacy. The encryption of computer data may well be the most powerful tool peaceful individuals have to protect themselves against Big Brother. Predictably, Big Brother is eager to control it. The rationale, as expressed in A Report to the President of the United States (Sept. 16, 1999): "American history has been punctuated by periods in which the National government had to respond to sweeping social, economic and technological developments." Speaking of cyberspace as a "new tool", the government claims that technology raises new issues to which it must respond in new ways.

    Buncombe. The issues are the same as they have always been. In 1785, a resolution authorized the secretary of the Department of Foreign Affairs to open and inspect any mail that related to the safety and interests of the United States. The ensuing 'inspections' caused prominent men, like George Washington, to complain of mail tampering. According to various historians, it led James Madison, Thomas Jefferson and James Monroe to write to each other in code - that is, they encrypted their letters - in order to preserve the privacy of their political discussion.


    The U.S. Founding Fathers used encryption to avoid government monitoring. Today, the U.S. government has relaxed much of its crypto export restrictions, but after reading the above article I can see we need to be a lot more vigilant about insuring free, unrestricted communications for everyone. The police-state policies of the NSA and FBI need to stop.
  • Its about time. Its not like clicking "YES" to the question "Are you a terrorist" when your downloading Encryption software is a good way of stopping people. I really don't think Terroists use the Honor system that way =)
    Secondly what the point to the USA being pissed off?
    Its not like there are any major threats anywhere anymore. *cough* Iraq*cough* (giggle) and the UN has already made them their Redheaded Step Son. And anyways, Everyone knows that Russia has the Best Coders in the world and If they want strong encryption they'll get it through Russia. (and it will probably be better than *cough* blowfish or DES or what ever we can't export anymore)
    On a Sad note. Guess I won't be applying to the NSA anymore....
  • I disagree. Encryption, even non-hardware assisted, is easy to have setup.

    Look at theTEA project [lemuria.org] (Transparent Encryption Agent), or look at the methods for transparent PGP of mail I outlined in Gnu Privacy Guard tutorial, part 2 [kuro5hin.org] towards the end of the document.

    So, unlike your tank cars, this can be implemented easyily and quickly -- with no extra material cost. Replication of software and data through computers is essentially cost free, which how the GNU project [gnu.org] can get away with giving away free [libre, beer] software :-)

    I'd prefer constant, perversive encryption to having someone listen into even the most insignificant private conversation I hold any day.
    ---
  • One trite cliche which only exists because someone said it a few years ago and which has been repeated over and over again since then is nothing to build your whole philosophy on. It isn't very realistic, for one thing; there are many things attributable to malice that cannot be explained away by stupidity. Just ask any of Jeffrey Dahmer's victims. To say "never" in that statement is just plain misleading. It wasn't even real life; it was Robert Heinlein, in a fictional novel ("Logic of Empire", 1941). You want something more reality-based to quote as a cliche? Try this one:

    "The less believable a conspiracy is, the more likely it is that it's true."

    Here's another one:

    "When you can't say 'Fuck,' you can't say 'Fuck The Government.'"

    Ahhh, that Lenny Bruce; such a wise man.

    I try to avoid cliches completely, myself. They're just so trite, so cutesy. Instead of telling someone "A stitch in time saves nine," I'll tell them "You better fill up your gas tank now before you run out of it in the middle of nowhere and get beaten to death by gangs of hooded hoodlums who would really like to steal everything you own and perhaps rape you in the process." It has more of an impact that way. Similarly, I say now:

    Since strong encryption is so easy to come by outside the US and EU, and always has been easy to come by, why have the US, France, and the UK (mentioned in the story) always been so against it? Why not, say, Germany? They seem to be just about even with those other three countries in their maniacal approach to the internet (a side note here for France: Lighten up, guys!! Who cares if you can get Nazi helmets in an online auction, for christ's sake???) so why not on the encryption issue? There are many countries that simply don't see it as a threat. Israel, for example, has certainly had its share of terrorist activity over the years, and I doubt it's gotten any worse because of the internet in any country, whether the terrorists are using strong encryption or Cracker Jack Secret Decoder Rings to secure their transmissions. The law enforcement agencies of the world have no right intercepting and reading the mail of whomever they please. They do it anyway, of course; violating our human rights at will, then either denying it or becoming aloof -- "We have every right to read anything we want to; we have to keep the world safe from (______), don't we?" You may fill in that blank with any perceived "threat" you wish; whether or not it really exists, the end result is the same: it lets the Powers-That-Be do whatever they want to "prevent" or "combat" the real or imagined threat. Look at Communism in the 50's; what a joke that was. McCarthy was an idiot. How about the Nuclear Threat, which has been around for more than 50 years now? Ever since the US permitted their use, people have been terrified of nuclear weapons. It wouldn't have been much of a deterrent if they hadn't used them, of course. Japan had been trying to surrender to us for weeks before we wiped two of their cities off the earth. Why didn't we accept their surrender? Ask Henry Stimson, US Secretary of Defense ("War") at the time. They couldn't let Japan surrender to us until we were ready with the A-bomb and had a chance to use it... and not just use it, but use it on real humans! That's the whole reason Hiroshima and Nagasaki were wiped off the earth: to scare the Russians. Because then the Russians knew that not only did we have the bomb, but (crucially) that we were willing to use it on people. The A-bomb didn't "bring the war to a swift end;" the war was prolonged to make its use possible. After Hiroshima, the Japanese were begging us to take their land, their sovreignty, their women... but no, we hadn't made our point yet. We had to drop another one just to show Russia we meant business. Now, how believable is this conspiracy? I swear to you, it's the God's honest truth, but I bet 90% of you out there have already rejected it simply because that ain't how it happened in the history books you read in school. But remember something: history is always, always written by the victor. Do you honestly think the US History textbook your child reads every day would have the aforemention true story in it? Assume it really happened for a moment. Assume the US decided to slaughter a few hundred thousand Japanese, who just happened to conveniently be our enemies at the time (but they're our friends now; wouldn't you try your damndest to keep on the good side of someone who'd nuked you twice??) just to make a point to the Russians that we wouldn't hesitate to do it to them. Do you really think that would get written down as the Official Version of History? I think not. Whatever people believe to be true because they've been told it's the truth by people they believe and trust is what will be put into the history books. And people with power who are capable of the things the US government has done over the years (biological weapons testing in New York subways in the 1960's; injecting women and children with plutonium just to see what it did to them in the 1950's; the Tuskegee experiments where black men were allowed to die of syphillis just to see what it did to them in the 1940's -- and they called Dr. Mengele evil!) are capable of anything, believe me. Do you truly doubt it? Do you have that much faith in the leaders of this country? They are humans, you know, and thus susceptible to overpowering greed, lust, fear, hate, and all the other things that make people do bad things... and the more power you have, the worse the things you can do and get away with doing through a cover-up!

    There's another reason why they want to keep encryption out of our hands: to save face. If we can keep secrets from them, the most powerful "intelligence" agencies on earth, anyone can... and they just can't have us realizing it. Perhaps this whole "Echelon" thing is just disinformation; whether it exists or not, if we believe that it does, and thus they can hear every phone conversation we have, read every email we send, intercept every fax we transmit, and view every web site we look at along with us, it severely limits what we feel "safe" doing, doesn't it? And the less secure we feel in doing what we do, the more we Fear them. That's the key: Fear. If we don't fear them, they pretty much become obsolete. Same as with God. Without our fear of them, they cannot control us.

    And "control," the terror that comes with it, the feelings of utter helplessness, the impetus to Obey Thy Master or Suffer The Consequences, are the things without which they cannot continue to enslave the world. So, of course, encryption they can't break Must Go because otherwise, we might feel a bit safer and more secure... and They can't have that. Does anyone out there feel safe in today's world? At any instant you could become just another one of the victims of violent crime. You could die in a drive by shooting 30 seconds from now, or some crazed person could run into your workplace with an Uzi and shoot everyone in it, or terrorists could detonate a nuclear bomb in your city (do NOT laugh at this one; it's truly amazing it hasn't happened yet, what with the 100 missing suitcase nukes from Russia -- Read Schroedinger's Cat by Robert Anton Wilson if you need some convincing); if you're gay, you could be gay-bashed; if you're an ethnic minority in your neck of the woods, or even if you aren't, you could become a victim of hatred at any moment. Matthew Sheppard. Rodney King. Columbine. Waco. Oklahoma City. Ruby Ridge. Paducah. How endless is this list? How far back in time does it go? How far into the future will it go? And every time something like that happens, are we allowed to just forget it happened and move on? No. CNN has to blare the news for weeks afterward, sometimes years. Every anniversary they remind us of just how unsafe we are, how much we need Them to "keep us safe." We're supposed to just blindly let Them have all the control and power over us They want, because otherwise they might not "be able to" prevent another Columbine massacre. It's like Mafia insurance; "Ya gives us what we wants, and we'll make sure nothin' happens to ya..." And strong encryption is just the tiniest aspect of that. It's all about power and them keeping it... and keeping it from us, the ones who actually deserve it and who might even be able to use it wisely without exploiting everyone along the way to keep it.


    "The best weapon of a dictatorship is secrecy, but the best weapon of a democracy should be the weapon of openness."
  • I forgot to mention, I have a web page that explains why regular people, even your mom, should use encryption:

    Why You Should Use Encryption [goingware.com]

    Note that while, yes, encryption is processor expensive, I suspect the work to decode all the JPEG images on a "content rich" website is probably a lot greater than the work required to encrypt and decrypt all those images for transmission.

    The beauty of today's modern processors is that there is really no problem with just running encrypting everything. If the BIOS would support decrypting the OS as it boots, most of us would have no objection to encrypting pretty much everything on our disks, maybe even including the virtual memory. Really.

    My 450 MHz pentium III laptop has no problem playing MPEG movies off a PGPDisk encrypted volume that is stored either on NTFS or FAT (where the encrypted volume is either NTFS or FAT itself - and you know FAT's not a fast filesystem).

    Where the performance issues really count is for the servers and for those you'd certainly want hardware encryption. I'd be happy to donate a couple hundred bucks to Slashdot if it went toward implementing an SSL encrypted slashdot server, wouldn't you?

    Clients have no problem with encryption in software. PGPDisk you have to pay for but I believe there is filesystem encryption for Windows PCs that is free. Let's see... ScramDisk [clara.net], lots of good links at Yahoo 's encryption software page [yahoo.com]

    I remember seeing an australian partition encryption utility there, I recall it implemented an australian government encryption standard as well as the more common ones, but I don't see it anymore.

    And of course there's the linux encrypting kernel.

    No, there's no reason not to encrypt. I think the main obstacle isn't export controls - it's user interface. Encryption is hard to learn. Compare using an encryption tool to, say, downloading an image from your new digital camera via USB on Windows or Mac. It should be really easy or no one will use it.

    Mike

  • Another thought is the fact that with linux clusters becoming more common it doesn't take as long to break the encryption. With a very powerfull cluster the encryption becomes a minor anoyance, to the average hacker its a bit harder.

    (Warning: I'm not a cryptography wonk.)

    It's all a matter of degree. The reason public key cryptography is an attractive prospect is because the difficulty involved in cracking the scheme grows exponentially as key sizes increase. At that rate of increase, you can't just add more/bigger computers into the mix and expect to get results. Of course, no one is actually sure of exactly how hard it is to perform the computations necessary to crack big-key public key algorithims, but they all seem to agree that it's pretty damn hard. Check the sci.crypt FAQ, part 6 [faqs.org].

    The reason that the government is concerned is because, for the first time, they're really worried that they can't crack these codes. Or, at least, not quickly enough to be able to do anything with them.

  • by 31337 d00d ( 190097 ) on Tuesday May 23, 2000 @07:55AM (#1053628)
    Do you also recommend that all cars be built like tanks, able to withstand a 60 mph crash?

    The point is that while it's a worthy goal to encrypt everything for the heck of it, it is not cost effective. Just like it is not cost effective to install two-inch armor plating and internal gel padding on cars, even though it would cut automotive fatality rates by 90%.

    As a security expert, you know that encryption is EXPENSIVE. The only way to bring down the cost of custom encryption devices is commoditization. Just like awesome 3-D graphics has fallen within the reach of the masses due to commoditization (anybody remember the $15K+ Elsa & E&H cards that rendered 50K triangles/sec? It wasn't that long back). You basically want a DES (or, more likely, AES) encryption chip on each motherboard.

    For this to happen, we need the following:

    1) A publicly accepted AES standard. All AES standards require hardware implementations, and I believe all the final proposed candidates have efficient hardware implementations.

    2) A cheap chip (or, even better, build it into the mobo chipset).

    3) A well-defined API to this device. I assume 2 and 3 will go hand-in-hand.

    4) Intel or VIA (through Asus, Abit & others) to buy into this and start building it on their chipset. Alternatively, Once one manufacturer does it, all the others will, too. It's just too big a competitive advantage.
  • by goingware ( 85213 ) on Tuesday May 23, 2000 @06:49AM (#1053633) Homepage
    I subscribe to the notion that just about any traffic on the Internet ought to be encrypted, just for the hell of it, whether it has any interesting info in it or not.

    I'd like to see Slashdot, for example, have the option of being served up on 128-bit SSL. I mean all the pages on the site. It would probably be best for the slashdot folks if this were done with hardware encryption support.

    For one thing, encrypting all one's casual traffic helps to provide cover for people who really do have something to hide.

    I recommend using a web hosting service which provides secure shell login access. One such web hosting service is Seagull Networks [seagull.net]. Here is how I retrieve my POP mail through SSH port forwarding [betips.net]. The tip entry gives BeOS specific instructions but the basic idea should work on any platform for which SSH is available.

    And yes I know my email is sent to seagull in the clear, but what this does is generate encrypted traffic (generally a good thing) and also prevents my ISP from snooping on me unless they hack into my hosting service.

    If you work in a company and are concerned that your employer may be snooping on your personal email (you're not mailing out your resume are you? Know how an ethernet sniffer works?) then you should definitely use SSH for your mail.

    Also on my laptop I use PGPDisk [pgp.com] to encrypt my Quicken Checkbook and source code on NT, and the Linux Encrypting Kernel [kerneli.org] to encrypt source code on Linux. If someone steals my laptop, my clients won't have all their trade secrets stolen too.

    Mike

  • Speed matters. When you have a server doing thousands of SSL transactions per second, the extra time it takes to generate a 512bit key vs a 128bit key becomes very very real and very expensive. It may not matter if it takes 17 seconds on your P133, but the server can't dedicate itself to doing your encryption for more then a split second.

    Besides, in terms of non Public Key Cryptography, 128bit is reasonably secure for current applications. Just look at Distributed.net trying to crack 64bit encryption. 128bit is 2^64 stronger then that. Thats reasonably secure from brute force attacks.

    If its a cryptoanalyitic attack your worried about (such as someone knowing how to quickly decrypt the messages), what you need is better algorithms, not longer keys. Longer keys don't stop a cryptoanalyitic attack.
  • by tytso ( 63275 ) on Tuesday May 23, 2000 @06:49AM (#1053635) Homepage

    The funny thing is that the other slashdot article doesn't appear on the mainpage of slashdot, even though it's new enough that it really should.

    Perhaps this is a bug in slashdot? That would explain why the other article has only four posts in it....

  • since by and large, the public does not care about this issue
    Industry cares about this for two reasons:
    1. They would like to feel more secure about their own communications and secrets (not like Microsoft who are quite happy to use an unecrypted zip file with a click through license, explains a lot about our online privacy and security doesn't it!).
    2. Personally the industries employees don't feel secure sending their own personal details using low-grade security
    So perhaps the pressure has come from the companies, but a large part of the reason is to try and accelerate the uptake on e-commerce because too much of their target audience feels that web security is not secure (despite the increibly insignificant levels of fraud actually perpetrated by breaking encryption let alone where the internet can accept any blame, ask your banking friends how many cases of internet credit card fraud they have seen, mine have all answered none).
  • Besides, I'll bet there are quite a few companies that would move encryption development overseas to take advantage of lax laws.

    IIRC, Sun already has done: back when I worked as a Solaris admin, we received a new version of Solaris which said on the packaging that the encryption components were from Holland. At that time, MS were still selling crippled versions of NT; Sun just moved development somewhere they weren't affected by these dumb laws.

    I do wonder why MS didn't do the same - anyone got any ideas?

    Incidentally, I received an updated WWW browser by e-mail a few days ago, including 128 bit SSL support, from a UK company. The attached text indicated that the only restriction was that the software must not be exported to the usual places (Iraq, North Korea etc.) and that this was in line with govt. policy - i.e. the restrictions had already been lifted! Is something wrong here, or is the UK just ahead of the rest of the EU?

  • by pjl5602 ( 150416 ) on Tuesday May 23, 2000 @07:04AM (#1053639) Homepage
    The US (in particular the FBI and probably the CIA/NSA) wants to keep encryption out of the hands of USians.

    The reason that the FBI wants to keep crypto out of the hands of the citizens is indirectly our own fault.&nbsp We clamor that we want security and safety and we bitch and moan when our law enforcement (part of our government) doesn't provide it for us.&nbsp The war on drugs, the crackdown on guns are simply responses to people's fear and insecurity.&nbsp Crypto does make law enforcement's job tougher and that is a fact that everybody should just accept.&nbsp

    Personally, I'll take the freedom to use crypto in any way that I see fit and I'll argue that even those that wish to use crypto in a way that is counter to my beliefs should be allowed to do so.&nbsp The benefits far outweigh the problems that it brings.

    "When you trade freedom for security you get neither" - Thomas Jefferson

  • "Country X in Europe comes with a new encryption. US and no one else can break it. They then decide to start taking over other countries. They have a unbreakable encryption method that no one can tell what they are doing. Morse code and other codes were used in previous wars to send messages, with an unbreakable encryption method it could be a new way to send secrete messages."

    Been there, done that, cracked it. That little scenario took place during WWII. The Allies won out over the "unbreakable" code. There is NO SUCH THING as an unbreakable code in reality. There is always someone who will spill the beans. There is always someway to capture an encoding device. I'm more worried about Country X launching nuclear missiles than wether or not Country X can talk in private or not.


    Bad Mojo [rps.net]
  • by jbarnett ( 127033 ) on Tuesday May 23, 2000 @07:08AM (#1053643) Homepage

    From: WhiteHouse
    To: Joe Public

    The Whitehouse, on behalf of the United States Goverment would like to clear up a few rumors that have been causing an uproar with the citizens of this Great Country.

    There was been some acusations and rumors going around that the White House and the United States Goverment are not fully happy with the state of the union. To clear this up, and to fully put out or offical statement on this, on behalf of the United States Goverment we would like to state for the record "We are really fucking pissed".

    I know this may come to a surpise to most of the citizens of this Great Country, but ever since the CIA and rosewell conscripies, the Goverment and the White House of this Great Nation of ours, have not really been getting any, and this makes us really pissed off. We (the United States Goverment) watch our citizens going day in and day out getting laid by great looking women, and on behalf of the United States goverment I would like to say "Where is my booty, why don't I get any hoes?" and also like to add "And the United States Goverment is pissed about this"

    Thank you for taking the time to read this press release and hope this clears up any details the American public might not be aware about.
  • by MosesJones ( 55544 ) on Tuesday May 23, 2000 @07:10AM (#1053644) Homepage

    Many rulings in Europe do come about because of big company pressure, but this almost smacks of something else.

    Prediction:It means that the European crypto stuff will become the world standard.

    Thus all that US investment and current export regime which hurts the consumer in Europe as well as companies can be ignored as a free to export crypto will be more attractive to both US and European countries.

    IMO this is an excellent move for Europeans, both in business and the consumers.

    So maybe the EU did it _knowing_ it would piss the US off, and with the _express_ intention of reducing the US' control of crypto.
  • While I like this from a crypto standpoint, I can't help but wonder why the sudden change in policy

    Most of the EU countries have previously supported encryption (UK and France being notable exceptions). The change in policy is "sudden" only if you consider that previous policy to be the one specified in the Wassenaar agreement, which was pushed down the throats of other countries by US bullies.

    I'm guessing that corporations have been pushing for this and exerting power to make this happen. While I'm glad they did, it is another example of money buying policy (and for once, not in the US).

    While there certainly are economic incentives to protect the interests of the european cryptography industry, the conspiracy theory is needless in this case. The idea for the change probably came from the Directorate-General for the Information Society, which is spear-headed by Erkki Liikanen (who was also quoted in the article). See these links for more information:

  • As we know Echelon has been a joint venture between European countries an the US, one wonders how that partnership will be affected.

    Further, if something "bad" were to happen (i.e. plane blowing up), you know the US Gov't will blame the EU, saying that lift on encryption resulted in that tragedy. Lawsuit to follow?
  • It is about time. The overarching question is whether this change in policy and a corresponding change in US policy would really have any effect in the use of encryption. The highest level of encryption used in e-commerce is 128-bit, which even the US government now allows to be exported. Higher-level encryption products, notably PGP, are available free to everybody over the Internet provided that they *say* they are from the US.

    Besides, all of the major encryption standards were developed in the US, so the EU's decision will not really affect distribution of the well-known algorithms (except RSA, whose patent will run out and whose algorithm could be integrated without permission into a European company's product).

    For once, it's EU that is leading the way. Technologically, we're (US) ahead--but, we seem to be farthest behind when it comes to developing appropriate policy in regards to new technologies.
  • Actually, you can do SSH through any port you want to. It works really well through IP tunneling and IP masquerading, and you can tunnel things through it, as well.

    All you need is access to your SSH configuration information. Another interesting approach is to run VNC (Virtual Network Console) over SSH. On the VNC web page, there is information on how to run a VNC session over SSH on any port number.
  • This is just one step further towards forcing the US gov't to relent and allow free export of encryption. This is something that most of the computer industry has been demanding for a long time. This is something that is necessary for the growth of worldwide electronic commerce.

    This is an obvious sign that the Wassenaar (sp?) treaty is breaking down, thich is a good thing.

    The big celebration will happen when the RSA patent expires later this year... Get ready Uncle Sam, your days of being able to casually eavesdrop on every communication are slowly fading into history.

  • by taniwha ( 70410 ) on Tuesday May 23, 2000 @08:02AM (#1053659) Homepage Journal
    It used to be they couldn't tap telephones .... that's something that's only happened recently - because telephones haven't been around for that long.

    Before that they started opening mail - that's why people would put those elaborate wax seals on their mail .... and before there was an organised mail delivery system intercepting mail was hard ....

    My point is that there's been an ongoing technological battle between those who want their privacy and those who want to breach their privacy .... it's been going on for centurys .... maybe the spooks will give up when we're all using quantum entanglement to comunicate .... or maybe they'll juts get a lot more spooky :-)

  • Complete bullshit. Europe has *more* problems with gun toting terrorists than the US. Remember the Red Army faction, the Basque separatists, the IRA, Baeder-Meinhof(sp?). Europe is a good example of what happens when you disarm the people and the trigger-happy fanatics run wild. Except for Switzerland. God Bless their machine-pistol toting hearts...
  • Obviously this renders the crypto export restrictions in the US
    redundant: you can export anywhere from the US in two hops. I see
    three main options for US policy makers (from least likely to most
    likely): drop their own export restrictions, reimpose crypto
    restrictions or pretend it is not happening.
  • The article says that the US was pressurising the EU not to go ahead with the move. Why did CmdrTaco say that the "US is pissed"? What further indications are there in the article that the US is indeed pissed?

    It would not be surprising that the US is pissed about this development. But please don't try to stir the sauce - it's hot enough as it is.

  • Your post reminds me of what my Cryptography prof at Berkeley said during the first day of class.

    "I'm not going to teach you how to make unbreakable encryption in this class."

    (Class, as one, groans in disappointment)

    "I will teach you how to break every encryption method known to man."

    (Class Cheers!)

    The moral of the story, encryption is breakable by those who have the reasources and knowledge. Hey, maybe someone will finally find a p-np solution.

  • by Ngwenya ( 147097 ) on Tuesday May 23, 2000 @06:53AM (#1053670)
    &gt For example in the UK it is actually illegal to do encryption in hardware You mean like the nCipher [ncipher.com] device which performs RSA and DH operations in hardware? Produced in Cambridge (not the one in MA)? A little more care required before you post inaccurate stuff like that It is not illegal to perform encryption in hardware, software or via two packs of playing cards in the UK. Much to the security services' annoyance.
  • I would like to inform you that they are now watching you. Think about it.

    By the way, please turn around, there is a gun barrel at the back of you...

    Only if you where a little quicker boy, what a shame, and a smart one to.

    For everyone reading slashdot, all of GreyFox's posts from now on are really from CIA agents.

    Which is somewhat cool, because Agents rack up a lot of karma, but on the down side Agents have a stuble way of brainwashing you though their period and question mark placements.
  • by FascDot Killed My Pr ( 24021 ) on Tuesday May 23, 2000 @06:23AM (#1053687)
    The US (in particular the FBI and probably the CIA/NSA) wants to keep encryption out of the hands of USians. (The reason doesn't matter for the purposes of this post). The best way to do this is to keep there from being any "encryption infrastructure" and the best way to THAT goal is to keep from having any standards.

    And if you disallow exports, you can't create a world-wide standard. But whoops, the EU allows exports now, so we can standardize on that.

    So the US is pissed for two reasons:

    1) The EU will be the encryption (and thus privacy, etc) standards-bearer for the 21st century. This causes loss of money and face for the US.
    2) The US can't keep EU encryption out of the hands of USians unless it also bans encryption imports. And since that action isn't compatible with the nominal "munitions" argument, it would tip their hand too much.
    --
    Have Exchange users? Want to run Linux? Can't afford OpenMail?
  • Technology will always be one step ahead of whatever is trying to squash it. The government wants to control encryption to save them the trouble of cracking new techniques, but it's never going to be that easy for them. They'd be better off accepting the technological advances and working around them, instead of focusing so much on the past and hoping that nothing changes.
  • Sorry, but your NOT ahead anymore (technologically) in the US. Take for instance the major progress made in Europe concerning the PKI secured Java based smartcard platform.

    I believe the difference between Europe and the US faded away, just because Europe has a far better policy regarding technology advances.

    Tim Dobbelaere
    Smart Card & Cryptography
    Keyware Technologies [keyware.com]

  • Americans aren't pissed; just the gov't is.

    Pretty much shows that our gov't is *not* representative of the people or our interests, eh?

    --

  • by Anal Surprise ( 178723 ) on Tuesday May 23, 2000 @07:17AM (#1053705)
    Ok, so first, the EU enacts privacy laws that do a good job of protecting the privacy of citizens. Then, it sets crypto free, which also helps with the first goal, making sure that information that is transferred is secure.

    Meanwhile, the US goes on with its laissez faire "privacy" laws (feel free to collect anything you want, and to cross-correlated to your heart's content). Furthermore, we have these lame crypto export restrictions, making secure interoperability on the Internet difficult.

    Can anyone call the United States the "Land of the Free" without a touch of sarcasm?
  • The EU does recognize software / algorithm patents, but there are procedural issues that made RSA not patentable in Europe. An example of a Euro-patented algorithm is the IDEA symmetric crypto used in the RSA versions of PGP. The reason Diffie-Hellman and RSA aren't patentable in Europe is that the US allows a publish-first-then-apply-soon procedure, whereas most European countries require you to apply for the patent before publishing.


    The reason D,H,R,S,A and many other US-based cryptographers published first and then apply for patents is that back in the 70s and early 80s, the NSA still had a heavy thumb on the crypto world, and while the good guys were establishing that, yes, they could publish crypto even without permission, there's a bit of American patent law that lets the NSA (and probably other military agencies) seize and classify any patent applications that are critical to national security. So if you published first, it didn't do them any good to steal your patent, but if you applied for the patent first, they could steal it and squelch it. So you published, took your US and Canadian patents if you wanted, and gave up the European patents. Sometimes the dance was more obscure, and you had to carefully time submissions to the patent office and journals to work the time lags in both of them.


    Back in the mid-90s, the cat was out of the bag, and I developed a login protocol based on Diffie-Hellman. After some online literature-searching, I was annoyed to find that some guy at Siemens in Germany had also developed it, and patented it in Germany and then the US a couple years before, though I hadn't seen anything about it in print. In US patent law, you can't patent something that would be obvious to anyone skilled in the trade (in spite of all the totally lame and obvious software patents out there, where the patent examiners were clueless about the subject area.) Believe me, if *I* found it, it's pretty obvious (:-) -- it was simple enough I'd expected to see it in the usual references, I was doing the literature search to find if I'd missed some flaw that makes it useless. But the German patent predated the US one, so it wasn't worth pursuing.

  • I see both issues about Universal Access to the net and the relaxing of data encription export controls as being important and related. Companies in the US eg: MPAA, RIAA and eTOYS seem to think that they can set the international agenda. Well, first France tells eBAY it cnnnot auction Nazi stuff and then the EU tells the US that all export control on data encription is being lifted. What goes around, comes around. Important issues about who controls the universally accessed net have not been decided. Which contries law's control the net? Who defines TLDs? Should we all work together to get the UN in control of the net, not that the UN is anything like a world goverment or anything but it may be the closest thing we have. We'll never get into the Federation of Planets without a world goverment.
  • As a security expert, you know that encryption is EXPENSIVE
    This could not be further from the truth. You're line of thinking, that everyone must have a chip on their motherboard before encryption can be widespread and cheap, is nothing short of delusional:
    • You don't need a chip to do encryption
    • Chips wouldn't be (and arne't) that expensive, anyhow
    • You can put such chips on an ISA/PCI/USB interface, as they don't need to be on the motherboard (e.g. hardware that enhances SSL processing)
    Did you even read the post you were replying to? How much do you think that individual spent to be able to apply encryption to so many aspects of his computing and communications methods? Virtually nothing.

    Your argument is not unreasonable; in fact, I think it's a common misconception. It's not some huge monumental ordeal to deploy encryption for yourself, casually. It should be obvious after reading the parent post that it encryption can be employed almost everywhere, cheaply and effectively, in the status quo.
  • I don't have any mod points at the moment, so I'll have to content myself with...

    APPLAUSE!
  • This is not the opinion of US citizens it is the US gov. I think that the gov is afraid that if other countries do better and stronger enryption than we have here then it could threaten national security and global security. The US gov may be a bunch of control freaks, but after WWI and WWII (both started by Europe and Japan, there is reason to fear. Think of it this way. Country X in Europe comes with a new encryption. US and no one else can break it. They then decide to start taking over other countries. They have a unbreakable encryption method that no one can tell what they are doing. Morse code and other codes were used in previous wars to send messages, with an unbreakable encryption method it could be a new way to send secrete messages. So maybe the US shoudl not be able to stop this, but someone should have control over this. I think it should go to the UN maybe.

    send flames > /dev/null

"The only way for a reporter to look at a politician is down." -- H.L. Mencken

Working...