Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Government Encryption Politics

Symantec Restricts Crypto Export 186

PhilK writes "Symantec is now refusing to sell LC5 (the Windows password cracking tool, previously from @stake) to anyone outside of the USA and Canada, claiming new Homeland Security laws. Symantec declined to field questions on the rationale for its policy and whether it applies to other products." From the article: "Symantec's restrictions recall the dark days of the crypto wars when users outside the US were not entitled to buy products featuring strong ciphers. These rules, relaxed by the Clinton administration and following a long running campaign by cryptography experts and net activists, are once again rearing their head. Symantec's response to our reader (below) suggests the policy was imposed on it by the US government."
This discussion has been archived. No new comments can be posted.

Symantec Restricts Crypto Export

Comments Filter:

  • Back in the day, crypto was classified as munitions under ITAR [wikipedia.org]. This restriction was lifted principally because some smart eggs figured out that since the U.S. doesn't have a monopoly on math (no matter how much they might wish that to be the case), foreign countries could develop their own algorithms, so all the U.S was doing was shooting themselves in the foot by restricting what they could do in the international market.

    And now, Dubya & Company want to try to restrict crypto once again. I really wi
    • Re:ITAR Revisited? (Score:5, Insightful)

      by dada21 ( 163177 ) * <adam.dada@gmail.com> on Thursday December 22, 2005 @11:21AM (#14318262) Homepage Journal
      Last I recall, there are about 201 Democrats (and 1 Socialist?) in Congress. This isn't a republican versus democrat issue, this is an issue used to make both authoritarian parties in Congress more powerful, along with the Executive Branch. It is the Feds versus the States and the Feds versus the People. I wouldn't say Dubya (or Clinton or anyone else) is alone in violating the rights they're precluded from violating.
      • It is the Feds versus the States and the Feds versus the People

        How true. Everything from the abuse of interstate commerce laws to abuse of executive privledge and secret laws are all the fed's grab for more power. There is no true state power since SCOTUS decided that fed law can trump state law.

      • This isn't a republican versus democrat issue,... It is the Feds versus the States and the Feds versus the People. I wouldn't say Dubya (or Clinton or anyone else) is alone in violating the rights they're precluded from violating.

        True enough. After all, Clinton forced the DCMA on us; is using the law to prevent the distribution of LC5 any worse than using it to stop the distrubution of DeCSS?

        Which gives me an idea. Since most DRM schemes are essentially a form of strong encryption, could this "Homeland

      • hummmm. In order to override W, takes what? 2/3 or 3/4 of both houses? At any rates, in the reps, dems represent something like 40%, and in the senate, they are something like 48%. They will have a difficult time outdoing the pres. unless there are republicans who are willing to do the right thing. That will be hard to get. So, at this point, I do not blame the dems for this.

        Besides, there are so many other things to nail the dems for. For one, almost all backed W in wanting to invade Iraq, but now call fo
    • Re:ITAR Revisited? (Score:5, Insightful)

      by garcia ( 6573 ) on Thursday December 22, 2005 @11:23AM (#14318280)
      And now, Dubya & Company want to try to restrict crypto once again. I really wish I could say I was surprised, but this is sadly a completely predictable move.

      Well, obviously because Clinton relaxed those laws the "terrorists" were able to get these products and then use them against the US! What don't you understand?!

      This strategy is doomed to failure, not only because foreign companies are perfectly able to develop their own products, but because these 'restricted' products are easily available on warez servers all over the world. If I want a copy of LC5, I can get one in less than five minutes, entirely free of charge, and I don't need to be in the U.S. to do it.

      Just like anything that we try to restrict the "terrorists" from getting their hands on. It's a losing battle but one that's not meant to do anything to stop terrorism. It's meant to control the US population.

      You might think that D&C would at least try to just keep tabs on international users of LC5 (after all, a wasp in a tent is a lot friendlier when you can see it), but instead, they choose the option to ban export, insuring that truly malicious users will stay well under the radar. Well done, George.

      It's just another way to help the trade deficit!
      • Please explain how a crypto export ban is designed to control the US population.
        • Please explain how a crypto export ban is designed to control the US population.

          Well, literally it restricts what US citizens can do in some way.

          More specifically, it means that businesses can't make money selling export-banned products to the rest of the world. I assume it also means that researchers can't collaborate on projects related to banned technology with foreigners.
    • Time to sing... (Score:2, Flamebait)

      by dpbsmith ( 263124 )
      Die Gedanken sind frei
      My thoughts freely flower,
      Die Gedanken sind frei
      My thoughts give me power.
      No scholar can map them,
      No hunter can trap them,
      No man can deny:
      Die Gedanken sind frei!

      I think as I please
      And this gives me pleasure,
      My conscience decrees,
      This right I must treasure;
      My thoughts will not cater
      To duke or dictator,
      No man can deny--
      Die Gedanken sind frei!

      Are you listening, Dubya?
      • My thoughts will not cater to duke or dictator no man can deny-- Die Gedanken sind frei! Are you listening, Dubya?

        Your song sounds subversive. Your name has been added to the aviation watch list. Have a nice day, citizen.

      • Re:Time to sing... (Score:4, Insightful)

        by Tackhead ( 54550 ) on Thursday December 22, 2005 @11:54AM (#14318581)
        > I think as I please
        > And this gives me pleasure,
        > My conscience decrees,
        > This right I must treasure;
        > My thoughts will not cater
        > To duke or dictator,
        > No man can deny--
        > Die Gedanken sind frei!

        "The thought police would get him just the same. He had committed--would have committed, even if he had never set pen to paper--the essential crime that contained all others in itself. Thoughtcrime, they called it. Thoughtcrime was not a thing that could be concealed forever. You might dodge successfully for a while, even for years, but sooner or later they were bound to get you."

        >Are you listening, Dubya?

        "SMITH! SMITH, D.P.B., 263124! Yes, you! Bend lower, please! You can do better than that. You're not trying. Lower, please! That's better, citizen. Now stand at ease, the whole squad, and watch me... Anyone under forty-five is perfectly capable of touching his toes. We don't all have the privilege of fighting in the front line, but at least we can all keep fit. Remember our boys on the Iranian front! And the sailors in the Freedom Fortresses! Just think what they have to put up with. Now try again. That's better, citizen, that's much better"

      • Ein Penny für Ihre Gedanken...
    • Back in the day, crypto was classified as munitions under ITAR.

      Yeah, and it was actually easier to import strong crypto than export it, so alot of companies outside the US became very popular with the security vendors not only for the talentthat exists internationally, but also for the import capabiity.
    • Hasty Generalization (Score:2, Informative)

      by Anonymous Coward
      "Back in the day, crypto was classified as munitions under ITAR."

      It still IS controlled (US Department of Commerce) and has been for a while; check your facts.

      "foreign companies are perfectly able to develop their own products"

      That is not the point. The point is that you don't want US companies AIDING foreign companies in creating cryptography systems to which the details are not known. Yes, I know, the strength of crypto lies in the mathematics not how it is done (read source); but having the algorithm d
      • but having the algorithm details is also important.

        The only cryptosystem protected by hiding the algorithm is a weak one. Strong systems flaunt their mathematical foundations, daring all to attack them--and survive that rigorous, even hostile, examination.

        Coddle the weak and guarantee pwnage. The weak system, used unquestioningly, will fall easily to black-box examination of ciphertext or other system artifacts. And the users will not know!

    • Re:ITAR Revisited? (Score:5, Informative)

      by Decius6i5 ( 650884 ) on Thursday December 22, 2005 @12:19PM (#14318868) Homepage
      This isn't news. When encryption software was removed from the ITAR list it was added to the Commerce Control List instead. Encryption export in the US is regulated by BIS [doc.gov] "Dubya and Company" didn't do this. This has been the case since the Clinton years. And, no, the government isn't completely confused about the Internet, and they don't think these regulations are useless.

      Cryptoanalytic items are more strictly controlled then encryption items because the regs are immature. Few people actually make and export them, and most cryptanalytic stuff is designed for snooping on people and not protecting computer security. The regs are designed with snooping equipment in mind. I don't think Lopht Crack is the droid BIS is looking for, and I figure Symantec could probably get a license to export it if they tried. Furthermore, I figure that if you had an open source cryptanalytic program you could probably distribute it online with the same sort of TSU notification you have to do when you ship open source cryptography software. However, IANAL, so don't take my word for that...

    • Re:ITAR Revisited? (Score:3, Insightful)

      by pete6677 ( 681676 )
      I really don't understand this line of thinking. If you ask a conservative what they think about banning guns they will tell you that it can't be done because criminals will have guns anyway. Yet in this case, they somehow think the same exact principle doesn't apply. Do they really think international money launderers will no longer be able to get encryption software just because its not legal for export?
  • by dada21 ( 163177 ) *

    I can't believe that few people see the flagrant violation of the 1st amendment in restricting expression and speech when government prevents code from crossing borders. Even without looking into COnstitutionally protected actions, why do you allow your government to make these victimless-crime laws? You can't stop code from crossing borders (not even in China). If the code does leave this country, it has hurt no one in the process. If some madman uses a Windows password cracking tool to steal a passwor
    • I'm not in favor of this, but calling it a violation of your right to free speech is totally ridiculous. Free speech clearly means personal expression, not technical data. Or do you somehow believe people be able to send munitions plans to Iran in the name of free speech?
      • Or do you somehow believe people be able to send munitions plans to Iran in the name of free speech?

        I do. I should be able to trade with whomever I want to trade, without restrictions by the State. That's what freedom means. If we had open trade and didn't stick our noses in other countries' business, we wouldn't be living under fear of restribution.

        Nonetheless, I do believe that the Feds can restrict trade by declaring war. They didn't declare war on Iran, or Iraq or Afghanistan or Bosnia or Vietnam, s
        • Your personal freedom stops where your actions begin to infringe on the rights of others. Selling munitions plans to Iran would greatly jeopardize the right to life that Americans enjoy.
          • Your personal freedom stops where your actions begin to infringe on the rights of others. Selling munitions plans to Iran would greatly jeopardize the right to life that Americans enjoy.

            Americans have the right to arms. Defend yourself. Form a militia in your town. Learn to love your neighbors, and to be fair to other people. Iran has no power to attack us, and they already have all the munitions plans they need. Iran has the right to self defense just as we do, and I have no problem with every country
            • Why would I want to form a militia? That would take up a lot of my own time and prevent me from pursuing the career and hobbies of my choosing. A professional military provides defense and free time for all. In addition to that, 50 small militias can't provide the same amount of force as one federal military can.

              Characterizing a serviceman as a "cruel murderer" is extremely out of order. Coupled with your unhealthy fanatical reverence for strict constitutional constructionism I'm just going to have to concl
          • That act of sale does not infringe on the rights of others. A criminal act by the recipient of your goods or services may do so, however. If you were to sell plans for a gun to someone, and then someone used the plans to make a gun, and then committed a crime using it, who is at fault? The modern approach is to blame both. The problem is that only the last person in that chain actually *caused* harm.

            Laws and procedures, such as this, restrict the freedoms of everyone, for the supposed reason of stopping
            • If you were to sell plans for a gun to someone, and then someone used the plans to make a gun, and then committed a crime using it, who is at fault? The modern approach is to blame both.
              If you sold in the knowledge that he was going to commit murder with it, I think that approach would be correct. Look up "accessory".
              • In that situation, then I agree with you. You would have helped to orchestrate a crime, so you are accessory to that crime; you were a knowing participant. The act of sale is still not the crime, but, rather, the act of helping to commit a crime.
        • Your definition of speech is somewhat all-encompassing. If I were to want to "express" myself by taking pictures of naked children (without their knowledge, perhaps) and display them on billboards throughout the country your argument would permit that. You base your argument on some sort of arbitrary freedom that you think you have as a member of this country. Nowhere in the Constitution are you granted that freedom.

          In fact, the Commerce clause gives Congress the right (and the power) to regulate commerc
          • Your definition of speech is somewhat all-encompassing. If I were to want to "express" myself by taking pictures of naked children (without their knowledge, perhaps) and display them on billboards throughout the country your argument would permit that. You base your argument on some sort of arbitrary freedom that you think you have as a member of this country. Nowhere in the Constitution are you granted that freedom.

            You picked one of maybe 5 places where I don't have a good response -- yet. I do believe th
            • In the Constitution, a property owner DOES have the right to take pictures of anyone on that property without warning. See the 9th and 10th Amendments.
              I call bullshit. People have been prosecuted for hiding cameras in changing rooms etc.
      • A violation of "freedom of speech" would be the feds telling Symantec that they cant create the software in the first place. Restricting where they sell it is not. The first Amendment only guarantees freedom to create speech/expression, not an audience for said expression. By your theory, do you think that porn not being sold to minors is a violation of the publisher's free speech "rights"?
    • OR (Score:3, Interesting)

      by TubeSteak ( 669689 )
      From TFA

      "I guess I'll just have to go back to using John the Ripper."

      JTR + Rainbow Tables = Teh Shit

      http://rainbowtables.shmoo.com.nyud.net:8090/ [nyud.net]
      Bittorrent to Download.

      FYI
      Alpha-Numeric and 14 Symbols = 11 GB
      All Characters and the Space Character = 43 GB

      It helps if you have enough RAM to load each 700MB section of table into memory. The longest part of this process (for me) is waiting for my puter to finish reading the tables off the DVD I burnt them too.

      BTW- If something is illegal for export, that means th

  • Piracy (Score:2, Redundant)

    by Gr33nNight ( 679837 )
    In other news piracy of crypto applications have risen dramatically in non-US countries.

    Really now, do they think if they just dont sell it that it wont end up in the hands of those who they dont want to have it? Please.
    • Well, since ITAR is no more, why would @stake do this? Marketing, of course! "Our product is so good, we can't sell it to just anyone!" Balderdash... Anyone in the biz knows that LC is obsolete anyway. Don't believe me? Google "Rainbow Tables" and see for yourself...

      If you just have to have an automated tool for hash cracking, skip LC and do SamInside. Same functionality, cheap, no copy protection, and integrates with Rainbow Tables as well. Hey Mudge! Still think selling out was a good idea?
  • Now... (Score:5, Funny)

    by wishbone ( 740565 ) on Thursday December 22, 2005 @11:26AM (#14318307) Homepage
    All your Cyphers are belong to U.S.
  • by sunderland56 ( 621843 ) on Thursday December 22, 2005 @11:27AM (#14318317)
    Bad news: I can't buy a copy of LC5.

    Good news: According to another Slashdot story, I can download one for free from a French web site!! [slashdot.org]
  • by Anonymous Coward
    Nobody would be stupid enough to think it is possible to keep a commercial product out of foreign hands. Maybe making it illegal to export this product is just a way to provide an excuse for search/wiretap warrants.

    Since I think the administration is at least semi-intelligent, I am looking for the ulterior motive.
    • Nobody would be stupid enough to think it is possible to keep a commercial product out of foreign hands

      It's a bit of stupidity mixed with deviousness. This isn't about restricting tech to foreign countries so likely as it's the ability to arrest/incarcerate anyone who distributes them. The might not be able to control the flow of such tech outside of the country, but it gives them another reason to arrest anyone who they can nail as a distributor should they need an extra charge or two to lay down.
  • laughable (Score:2, Funny)

    by eyrieowl ( 881195 )
    hey, the government is just worried that scary e-terrorists that don't know how to download the software for free will break into the dept. of homeland security and compromise the sensitive windows 95 [com.com] network they've got running.... i, for one, feel safer already.
  • LC5 - L0phtCrack (Score:5, Interesting)

    by spacerog ( 692065 ) <spacerog@spa c e r o g u e.net> on Thursday December 22, 2005 @11:34AM (#14318389) Homepage Journal
    It is quite a shame to think of what could have been only to see what has become.

    Yeah, I know, I'm partly at fault. Still, things could have been great.

    But hey, we were all just a bunch of FBI Snitches [theregister.co.uk] anyway. Which if true means that there is probably a secret back door in L0phtCrack and still in LC5 that transmits all cracked passwords direct to the FBI so that they can get into any server anywhere. Of course if that is true (and of course it is) DHS and Symantec should actively promote the use and distribution of LC5. All the more passwords they can get. Whatever.

    - Space Rogue
    L0pht Heavy Industries
    Whacked Mac Archives
    Hacker New Network
    Sell Out
    FBI Snitch

    (Pay no attention to this rambling bitter old man.)

    • Do you feel like a sellout for, well, selling L0pht to Symantec? Or are you just bitter at being labeled a sellout for doing so?

      (I worked for Symantec for 4.5 years. The money was really nice, but I didn't feel like I sold out to get it...)

      • by drwho ( 4190 ) on Thursday December 22, 2005 @01:24PM (#14319637) Homepage Journal
        Hi Chris (Space Rogue)! and to rewt66, SR left @Stake a long time ago. He had nothing to do with Symantec.

        I think what Symantec has done to @Stake is sad, really sad. They're sitting on some really cool software technology and not doing anything with it. My guess is that the same heebie-geebies that make them do export restriction on L0phtCrack (a.k.a. LC5) are making them sit on this decompilation technology.

        I'd say that I'd like to see l0pht reborn from the ashes, but differently. Hasty Pastry is close to it, and I am glad I was able to my part and start it, and sad I couldn't afford to stay involved. But I think that more than HP is needed. Hasty Pastry is specifically non-commercial. L0pht become overly commercial. There needs to be something that's commercial but not a part of The Machine. A place where there's both money and fun. But that's not going to happen in Boston, this city has become too expensive.
      • Do you feel like a sellout for, well, selling L0pht to Symantec?

        I'm sure that when you sell your company for a swimming pool full of cash, you automatically earn the ability to drown any such feelings in a sea of hot girls/boys and recreational psychoactives.
      • Both.

        I wasn't around when @Stake was bought by Symatec. I was around for L0pht's sell-out to @Stake.

        There were two issues back then, one we were greedy, we all were. We all saw $$ signs and ran towards them. However it wasn't just the money (Which really there wasn't that much of but some of us got more than others.) We had grand visions, "Make a dent in the Universe" and all that. We were niave and believed them. It took me a few months to see the writing on the wall, then HNN got canned and I saw the @S
  • by merc ( 115854 ) <slashdot@upt.org> on Thursday December 22, 2005 @11:35AM (#14318401) Homepage
    What sad times are these when passing ruffians can say 'Ni' at will to old ladies. There is a pestilence upon this land. Nothing is sacred. Even those who arrange and design cryptographic software are under considerable economic stress at this period in history.
  • cince it was probably written in the former soviet union.

    Almost ALL the good pro cracking tools for passwords come out of the former USSR. We purchased a suite of them to crack documents and databases for use her at work and they work fantastically.

  • Oh come on... (Score:4, Insightful)

    by Noryungi ( 70322 ) on Thursday December 22, 2005 @11:44AM (#14318473) Homepage Journal
    I travel regularly between the USA and Europe... What's to prevent me from buying several copies of this tool and take them back with me to Europe? Do you think Symantec and/or the shop owner will ask me for my passport before selling me this software?

    For that matter, there is a good chance that there are mirrors and/or legal copies of this tool in Europe already. So what's the point? This type of restriction is ridiculous.

    Oh, and by the way, I have a copy of O'Reilly's 'Knoppix Hacks' on my desk somewhere. I think there is a recipe in that book to remove or replace the administrator password of a Windows machine using Knoppix. Again, what's the point behind this restriction?
    • I travel regularly between the USA and Europe... What's to prevent me from buying several copies of this tool and take them back with me to Europe?

      The TSA/customs. Remember! We are fighting the terrorists on many fronts including right here on our "homeland". Everyone in the government must do their part to stop those that are aiding terrorism.

      If you think I'm joking, you're unfortunately only half right.
      • Here is something really funny for you: I also travel with several CDs (music and/or data) in my luggage. I have never been stopped, not just once, by the US customs.

        I mean, seriously, what's to prevent me from slipping the Symantec CD-ROM in a little Case Logic CD folder, among dozens of other CDs? Do you really think the customs officer are going to check me? Do you think they are going to review each and every CD in my little folder, looking for the illegal-to-export LC5 CD? (short answer: NO).

        What abo
    • Re:Oh come on... (Score:3, Informative)

      by ncc74656 ( 45571 ) *

      Oh, and by the way, I have a copy of O'Reilly's 'Knoppix Hacks' on my desk somewhere. I think there is a recipe in that book to remove or replace the administrator password of a Windows machine using Knoppix.

      It gets even easier than that. Just grab this [eunet.no], put it on a floppy or CD-R, boot it, and follow the prompts. IIRC, the current version works with everything up to at least WinXP SP2. It'll unlock any account and clear the password; after that, you can boot normally and set whatever password you wa

      • XP encrypts the crypto keys with the current password value, so if you reset the password, you still dont have access to encrypted bits of the HDD. Unless, of course, the system you have acquired is a laptop/PC in hibernate mode, in which case they will probably be stored in the clear somewhere (I guess :)
    • Re:Oh come on... (Score:3, Informative)

      by optimus2861 ( 760680 )

      I think there is a recipe in that book to remove or replace the administrator password of a Windows machine using Knoppix.

      Shameless karma-whoring, coming right up:

      Emergency Boot CD [pcministry.com]. Has a Windows password-reset tool on it. Run it, shows you the list of accounts, pick one, reset its password to anything you want.

      So, anyone care to start a pool on how soon the US requests my extradition for posting that?

  • So instead of having the opportunity to buy it, they will pirate it. Doesn't seem very effective. If they would let them buy it, they would also have records of people who have bought it.
  • Imposed? (Score:5, Informative)

    by HardCase ( 14757 ) on Thursday December 22, 2005 @11:50AM (#14318535)
    Although the Reg article claims that Symantec appears to have had the restriction imposed by the government, both Symantec and the Register seem to have things a little bit wrong.

    For starters, section 5A002 of the ECCN covers hardware. Perhaps Symantec meant section 5D002, software. 5D002.c.1 covers their situation. But the list of restricted countries hasn't changed for quite a while - it's the usual gang: Syria, North Korea, Sudan, etc. It seems to me that Symantec is being a little lazy here. Yes, they have to have an export license to sell the software outside of the US, but the restrictions aren't any more onerous than they were in 1999, when the EAR was updated to move cryptographic software from munitions to commerce.

    Oh, and this "news" is almost a month old.

    -h-
    • Re:Imposed? (Score:3, Informative)

      by mpapet ( 761907 )
      Mod parent up.

      Having personally gotten a crypto product approved for export, this fellow is right on.

      What's interesting to me is this is most likely a "business decision" more than anything else. A Suit at Symantec put a stop to this potentially evil tool for no other reason than it's too small potatoes for them to deal with the risk of it being used by bad non-Americans versus the sales numbers.

      What this also suggest is there's a bit of a figurative "circling of the wagons" at Symantec. It suggests very
    • But the list of restricted countries hasn't changed for quite a while - it's the usual gang: Syria, North Korea, Sudan, etc.

      Sure, because there's no possible way that any of those evil hackers and terrorists could get a copy without buying it from Symantec.... [snicker]

      Yet another stupid law that only penalizes people that actually obey laws in the first place. Hackers will just download a copy off of BitTorrent and be done with it.
      • Re:Imposed? (Score:3, Interesting)

        by HardCase ( 14757 )
        Sure, because there's no possible way that any of those evil hackers and terrorists could get a copy without buying it from Symantec.... [snicker]

        Well, no kidding, Captain Obvious, but that wasn't the point of my post. Let me try again. The Reg claims that Symantec can't sell the software outside of the US and Canada because the government imposed a regulation on them. Not true. Symantec claims that a certain section of the EAC prohibits them from selling overseas. Not only not true, but they cited the
    • So what? You're suggesting that Symantec is being blocked by US export restrictions because they haven't bothered to renew their export license?

      Seems the other way round from how 99% of the other comments read, including the summary at top. To read those, you'd think that it's the export laws themselves that had changed. Or that Symantec are hiding something (cue the conspiracy theorists).

      • So what? You're suggesting that Symantec is being blocked by US export restrictions because they haven't bothered to renew their export license?

        Seems the other way round from how 99% of the other comments read, including the summary at top. To read those, you'd think that it's the export laws themselves that had changed. Or that Symantec are hiding something (cue the conspiracy theorists).


        I'm not suggesting that Symantec is being blocked. I'm suggesting that if they want to sell their product outside of No
  • Comment removed based on user account deletion
    • "No they don't! This time, Canadians can buy them too!"

      Yeah, but we're all raging terrorists up here. You guys are *so* screwed now! We've been waiting years to be able to crack your Windows passwords, but now that we can buy Symantec software we can finally bypass the Win98 login screen on all the covert CIA workstations.

      Muhahahaaaa
    • OK, so this is a US law, but the product is available in Canada. So what about Canadian resells? How about me as a user. I could buy the software, and then resell it to somebody in another country. EULA preventing that... how about if I leave the shrink-wrap on, then I haven't agreed to anything.

      Not that such laws would actually have a snowball's chance in hell of preventing this software from reaching other countries, but I do wonder when the US includes Canada in their private little party whether or no
  • I have carefully read other people's comments, and noone can come up with a rational explanation so I shall try.

    Let us suppose the NSA wants you to put backdoors into your security products and you refuse, what leverage does NSA have? Well, perhaps they might put commercial pressure on the company to comply: by refusing to allow them to sell the product until they do.

    I am not sure this is the real reason, but it seems possible.

    • Mystery is the leverage the NSA has. It's kind of hard to say what they would do, but the sky is basically the limit as far as what they could do. I think a couple of guys in a black SUV conspicuously following someone around for a couple of weeks could convince them to go along with it.
  • Arrogance? (Score:5, Interesting)

    by Goth Biker Babe ( 311502 ) on Thursday December 22, 2005 @12:00PM (#14318657) Homepage Journal
    The export ban always made me laugh because it arrogantly assumed that no one outside of the US/Canada was capable of developing their own encryption technologies.

    This is something that British Secret Services have used to their advantage. Public key encryption technologies were developed at GCHQ [gchq.gov.uk] in the early 70s but unlike the US, they didn't tell anyone until recently [ladlass.com] so they could use it without anyone knowing.

    Something similar was done with Enigma. The fact that Enigma had been cracked was kept very quiet so that Enigma machines could be sold by the Brits to foreign governments after the war and we could listen in! News that we invented the World's first electronic computer was also kept secret [picotech.com] for the same reason.
  • four words (Score:3, Funny)

    by martin ( 1336 ) <maxsec@gm[ ].com ['ail' in gap]> on Thursday December 22, 2005 @12:07PM (#14318740) Journal
    stable, horse, bolted and door

    Q. make a familiar phrase out of the above
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    .
    A. Closing the stable door after the horse has bolted
  • Finally a product I can buy with guaranteed Tech-Support in America.
  • by Anonymous Coward on Thursday December 22, 2005 @12:20PM (#14318883)
    The crypto regulations haven't changed since they were relaxed under Clinton. Either Symantec is just too lazy to follow the export licensing procedures which are unchanged, or they're trying to drum up interest for a faltering product by pretending that "the US government doesn't want you foreigners to have it,"or it could even be a crass political ploy to cause the usual fly-off-the-handle sorts to rant against some imagined sin of Bush.

    It's quite difficult to take The Register seriously when they post articles such as this. So many of The Register's articles are breathless screeds of the form Civil Liberties to be Abolished in the USA, Film at 11. Remember that the UK has oppressive laws (e.g., the Official Secrets Act) that make the PATRIOT Act in the USA look like a model of civil liberties protection by comparison. I wonder if The Register is secretly funded by the propaganda arms of the UK government.
  • I suspect that the real reason behind this move is actually that Symantec doens't like the L0phtcrack product. I understand from an @Stake/Symantec contact that Symantec views the password-cracking utility almost like a tool of the enemy. Since Symantec is devoted to data protection, while L0pht/@Stake is more about active intrusion, Symantec would probably just as soon see some of the old @Stake products die, most especially L0phtcrack. This may be just a first step, or else Symantec bowing to pressure
  • Meh (Score:2, Troll)

    by bill_kress ( 99356 )
    America is pretty damn close to being irrelevant anyway. If we re-ban crypto and these technologies, it will simply give some developing nation a new economy.
  • by matthew_pang ( 935577 ) <matthew.pang@gmail.com> on Thursday December 22, 2005 @12:31PM (#14319003) Homepage
    Hello, my name is Matthew Pang, and I live in Selangor,Malaysia.(This isnt in the U.S or canada just incase you didnt know that. 5:18pm (GMT)-Decides he wants to get lc5 (just because he saw this on /.) 5:19pm (GMT)-performs this search "http://www.torrentz.com/search_lc5_9_0_0.html" 5:20pm (GMT)-Downloads the torrent file from "http://www.seedler.org/en/iindex.x?a=info&id=1952 55" 5:21pm (GMT)-Launches Azureus and starts torrent download. 5:26pm (GMT)-Azureus completes download.Also seeing. 5:26pm (GMT)-Runs lc5 Setup 5:27pm (GMT)-lc5 setup complete,runs lc5,runs keygen and unloacks lc5 5:28pm (GMT)-Runs a dictionary attack on all password the program sniffed from the local network.Found 7 exposed accounts.2 of which are privelaged. 5:29pm (GMT)-Starts comparison against pre-computed hash tables The moral of the story: Dont restrict export.It`ll just make angry people like me run out and get it.Also making sure to save a copy to distribute to his friends.
  • Thank God! Because everyone knows that terrorists and other bad people have no contacts in Canada or the US.
  • Got this in the mail yesterday:

    --

    Subject: Sunset Plan for L0phtCrack (LC) Products

    Dear LC Customer,

    The purpose of this letter is to notify you that Symantec Corporation is
    discontinuing its L0phtCrack (LC) product line and will no longer
    provide product code updates, enhancements or fixes to this product
    line.

    Key dates in this process are listed below.

    Last Order Date: February 28, 2006

    Last Ship Date: March 3, 2006

    Customer Help Until Date: December 16, 2006

    Syman
  • Here's the Dept. of Commerce website that describes the classification and licensing of exported goods: http://www.bis.doc.gov/Licensing/ExportingBasics.h tm [doc.gov]
  • Symantec has been told by the Feds to stop exporting LC5? Oh, the horror. Except it's horseshit. I was part of Symantec's aquisition of @stake, and if the Feds have anything to do with this, it's far and away a secondary reason for the restriction.

    The truth of the matter is that Sym's Legal dept is terrified of LC5, and this is a convenient excuse if it's true at all. Just as they were frightened by the liability and publicity implications of @stake's decompilation and automated app security checking to
    • It's a damn shame

      Come on - you cannot tell me that nobody @@stake didn't know that this was bound to happen.
      It's not rocket science - just mentally create a "short-list" of successful Symantec-aquisitions, compared to a "short-list" of aquisitions where the product ended as pure and utter crap.
      Or how else can you explain the comment "Oh no - that was the only such service that was actually good and usable" someone blurted on a (mailserver-)mailinglist about the recent aquisition of Brightmail by Syman

    • Yes, Zeno, you've pretty much hit the nail on the head, from what the ex at-stake people tell me. Except that they don't want to spin off the decompiler tech, they want it to die. If you have any knowledge that conflicts with this, please gimmie details, I'd love to know more.

      It makes me wonder what Symantec DID buy @Stake for, if they're getting rid of the talented people and canning the products. The paranoid part of me says that they were put up to this task by some 'sinister force' that wants @stake gon
  • ...The playstation 3 is banned from export from the US entirely. Sadly, Japan is where its made anyway so its everywhere.

    Hmm. I'm a terrorist from Al Qaeda on a computer somewhere in Pakistan/Afghanistan/MiddleEast with an Internet connection. I need strong cyphers.

    So hmm lemme see. What do I do? Either:

    (1) I cry and whine that the US wont let me BUY a copy of symantec, in a country where 99% of the software is pirated. OR

    (2) I google it up and download any tool I need. OR

    (3) I goto the local software store

In practice, failures in system development, like unemployment in Russia, happens a lot despite official propaganda to the contrary. -- Paul Licker

Working...