Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Encryption Security

New Encryption Bill in House 43

Posted by CmdrTaco from the bits-bytes-and-the-boys-in-dc dept.
TDO writes "A new encryption bill has passed a sub committee. Next it will go to the main Judiciary Panel. It may also have to go through up to four more Panels before it goes to the floor. The bill would loosen restrictions on encyption that could be exported. Read the article here. "
This discussion has been archived. No new comments can be posted.

New Encryption Bill in House More

New Encryption Bill in House

Comments Filter:
  • Nothing good ever came out of the House Judiciary Comittee, and the few good things that come out of other comittees (and state governments) always get clotheslined at the kneecaps by McCullum & Co.

    This is the same bunch of losers that headed up a sense of the house resolution that read something to the effect of "Marijuana is a dangerous and addictive drug", smacked D.C. voters across the tender bits by not letting them count the votes for one of their ballot initiatives, and I'm pretty sure they're the ones that started the whole Monica/Clinton investigation.

    The Judiciary Comittee should be disbanded.

    --Threed
  • Does anyone have a link to the text of the bill? This would be useful material for a research paper I'm doing on exporting encryption.


    --Phil (My English teacher is probably going to regret letting us pick our own subjects...:)
  • Just tried to get a peek at what's on your site, can't get in from my .gov workstation. :)

    I've got to get out of this place.
  • Checkout ftp://ftp.replay.com

    It's safely offshore, and has all the crypto you could possibly want.
  • Here [wired.com] is a Wired News article with a few more details on this bill. According to the EFF, the bill actually does nothing for individuals who want to write software. This includes most free software projects.

    Any step towards loosening restrictions is a good one, but this bill does not address the concerns that the free software community cares most about.

  • I have a free program that I wish I didn't have to restrict access to. [samiam.org] The article in question is vague about this--will it allow people who make crypto software to make their program available on a web page in the us without having to play the "Are you a US citizen" games.

    Frankly, I doubt it. I think most people with programs like this will not go to the bother of filling out 15 government forms.

    - Sam Trenholme

  • If you continue to have problems, send me a private mail affirming that you are a US citizen, and I will give you a temporary 1-hour password, or will try to resolve things at my end if you give the ip of the address you are trying to access my software from.

    - Sam Trenholme
  • they already can. only the honest kiddie porn and foreign spies will no longer be able to send messages since they don't want to break crypto export rules.
  • It's the widespread obedience of them.
  • Exactly, there aren't 275 million people doing
    exactly this. Therefore, civil disobedience is
    risky. There are too many people obeying the rules. Making too much noise about it.
  • Let's see how many examples of "they shoulda used some kind of encryption" we can come up with...

    Newt Gingrich probably wishes that he was using at least a digital cell phone with minimal encryption when he got scannered down in Florida some years back. He was discussing with GOP leaders how to dodge an ethics charge over a course he taught. It was a mild scandal, both for the political content of the call and for the accusations of illegal (wireless) wiretapping.

    I think one of the British royals had an analog cordless phone conversation with his girlfriend taped too. It showed up in the tabloids.

    Then there's the Reagan administration's email trail that came up during the Iran/Contra hearings. I think I recall this coming up when Ollie North was in front of congress.

    There were the break-ins of liberal/left organizations in the US, where nothing was taken except the disks and address lists. The Central America group at least.

    ...The best argument for crypto I've seen, is in the user feedback section of Zimmerman's site:
    http://www.nai.com/products/security/phil/phil-l etters.asp . There, someone from a human rights group talks about police trying to get information.

    Personally, I've had my email snooped by an unethical sysadmin once.

    Other examples?
  • Well, what I got from the article was that if a given country already allowed encryption A to be exported from their country, then the US would allow encryption A to be exported into their country. This of course could potentially cause more head aches for developers like yourself, since you would have to say something like: "If you are in the UK, France, Japan, or the US, feel free to download..." Maintaining a list of countries where export was possible would be a pain.

    ---
  • Didn't this get posted a few weeks ago:
    "Clueful Crypto Legislation [slashdot.org]"
  • Oh no, the NSA and other law enforcement and security agencies will never be able to decrypt messages sent by technical laypersons using exported encryption software. I'm sure that even if this bill is passed with wording that allows strong encryption software to be exported out of the US, which this bill wouldn't allow anyway, my dear anonymous coward, there will in all likelyhood still be NSA/CIA meddling/tracking going on. Perhaps users of encryption software overseas will be wary of encryption technology exported from the US, thinking that the exported software will have backdoors which allow for a key to be easily reconstructed or a message to be easily decrypted with a special key. Many feel this way about the technology which is currently exported: the US won't give out its strong encryption because it wasn't to be able to spy on other countries. I wouldn't be surprised if that suspicion was extended to exported string encryption. In any case, only a moron, whether pedophile, terrorist, drug dealer, soccermom, or middle aged white male, assumes that a message he or she sends will be impossible to decrypt if intercepted, regardless of the software he or she is using.
  • While it is illegal to export it is not illegal to import encryption in the US.

    So all they have to do is purchase OpenBSD and set up a VPN. 384 bit blowfish (effective key length above 96 bit).

  • See subj:
    Absolutely incorrect.
  • haha =)

    Fuck all gore!
    let BILL GATES save us!
    we can make us a unbreakable 2bit encryption!

  • I'm going to be optimistic and assume this is sarcasm.

  • Okey-dokey. I understand that we are not allowed to send really strong encryption off the US shores. But here's my question: Why does this matter? Are there no strong encryption programs that exists outside of the US mindshare? Surely, there are other programs just as strong that exist oursite of US lines, not beholden to idiotic US laws. Right?
  • IIRC, another important aspect of this version of SAFE is that it prevents the government from imposing Key Escrow requirements on encryption software. I presume that this provision is still intact.
  • Software requires a 15-day review, and it only happens once. In fact, only the MODULE that does the encryption needs verification... I intend to take full advantage of this if this bill goes through.

    It's a first step, anyway. You know the saying about the rock rolling down a hill...
  • You know, as a Canadian in the business of Cryptography, it's a lot better if we can sell to international customers and you guys can't. After all, your cryptographic software is *so* much more advanced than ours... :) HA ha!

    Just jokin' - we support this bill, trust me.

Slashdot Top Deals

"An ounce of prevention is worth a ton of code." -- an anonymous programmer

Close