Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Encryption Security

House subcommittee passes crypto bill 133

kabir writes "Computerworld Daily reports that a House of Representatives Subcommittee has just passed a bill (H.R. 850) easing crypto export restrictions. Interestingly, there are also clauses preventing government officials from forcing people to decrypt data. It's not law yet, but looks like it's headed that way. " It passed unanimously in the subcommittee and is headed out to the general House.
This discussion has been archived. No new comments can be posted.

House subcommittee passes crypto bill

Comments Filter:
  • For the children? This is dishonest. Its worse than faking video testimony in front of the court three times! We are talking about making laws here that are supposed to protect. The opposite will happen. Our lawmakers are spineless and crooked! Its lying and they are doing not a goddamn thing to protect children!
  • Apr 27, 99:
    Referred jointly and sequentially to the House Committee on Intelligence (Permanent Select) for a period ending
    not later than July 2, 1999 for consideration of such provisions of the bill as fall within the jurisdiction of that
    committee pursuant to clause 11, rule X.

    In other words, the Committee on Intelligence is on a deadline. Cool.
  • They'd have to prove that the encrypted messages are actually related to a crime. Of course, with the caliber of individuals (or in-duh-viduals for those in the DNRC) on today's juries, that is easier than it ought to be...
  • by Anonymous Coward
    Article [V.] (AKA 5th Ammendment)

    No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.


    It depends on how you look at the 5th Ammendment or to be exact on which side you are, but from my point of view phraze clearly states that you don't have to witness against yourself, saying ANYTHING, including PGP passphraze. Afterall, you might well forget your super-duper 101 byte white noise pass.


  • If I fail to decrypt files under arrest for a felony charge, I should be protected by the Fith Amendment.

    If there is a problem arresting and punishing people who cause harm towards people and property, why not change the laws in more constructive ways. This attempt seems to violate rights of people. If I stole enough candy bars from the store to qualify for a felony, sent dozens of encrypted emails about it, refused to open them, I could face life in jail?
  • While this is great news, and I'll be rejoicing with my friends if this passes, there's one part about it that's less than perfect.

    In Congress specifying that we have a right to use encryption of any length or method, we acknowledge that we are given the right to do that, and the possibility that it will be revoked at a later date/during 'emergency' periods. I'd much prefer a stronger protection, although I'm encouraged by its summary as an "affirmation" of the right to use encryption.

    One possible argument comes from the US Govt. itself and its restrictions on exporting crypto: they claim it's a munition. Could that mean the 2nd Amendment applies to encryption?

    Ah well. I'm just playing devil's advocate. I will be ecstatic if this passes. I think I just found out which House members are getting my vote in 2000.

  • I don't think any encyption products currently popular as free software or on the commercial market are ""custom-made" encryption products designed for "use in harming national security, use in the sexual exploitation of children [or] use by organized crime."

    There's a difference between "designed for" and "can be used for".

    I think what they're trying to prevent is M$ Terrorist [tm] complete with custom encryption specifically designed for use in harming national security. (Click OK to install!)

    So, unless there's a PGP whitepaper I missed out on... ;)
  • I've often thought of using the "encryption as a munition and protected by the 2nd amendment" defense before and wish I had posted it up here before you did. But i'm sure there is some law somewhere defining the legal difference between "arms" and "munitions"
  • by Steve B ( 42864 ) on Friday June 18, 1999 @09:11AM (#1843503)
    Everything that you stated either happened over 20 years ago

    At the risk of invoking Godwin's Law, is there some sort of statue of limitations beyond which government misconduct is not to be criticised?

    is not proven or is just plain wrong (waco)

    Huh? I can't find anything wrong with Kano's description of Waco. (Specifically, the ATF and/or FBI, I forget which, concocted a story about a methamphetemine lab in Davidians' village in order to invoke a "drug exception" to the Posse Comitatus Act.)

    Illegally obtained evidence cannot be allowed in court

    There are plenty of things corrupt government agencies can do with illegal wiretaps that don't involve any court -- recall for example the story of Martin Luther King's personal indiscretions being taped by J. Edgar Hoover's men.

    the government doesn't care one bit about the email you send

    Well, then, why are Louis Freeh's shorts in a knot because he won't be able to read it any more? He'll still be able to monitor the few hundred or so suspects who are legally targeted by search warrants using alternative technologies (planting old-fashioned bugs, Trojan Horsing the suspect's computer, reading van Eck emissions, etc).

    This law is a big step in the right direction.

    True, though as some others have pointed out there is some potential for abusing certain clauses.

    I have travelled and lived in most industrialized countries, and we definatly have the best government of all.

    Not as bad as the others, but I still see that particular glass as half empty.
    /.

  • Well, it would seem that congress has finally done something intelligent! We'l see, though, how well they hold to it. Personally, I'm a little skeptical
  • Posted by FascDot Killed My Previous Use:

    No gov't can force a decrypt? Perfect!

    Here's what you do: Build a module for Apache that auto-encrypts all pages before sending. Build a module in Mozilla that auto-decrypts the result and displays it. Get libraries to install Mozilla (fast, free, standards, etc).

    Now filtering is a moot point!
    --
    "Please remember that how you say something is often more important than what you say." - Rob Malda
  • by Hoonis ( 20223 )
    You know, having worked through a project involving encryption with a major university & various "high-tech" companies, the biggest problem is just explaining to people how stuff works and what it can be used for. As soon as anything sounds vaguely threatening (read: difficult to understand) they start trying to kill it
  • This one [techweb.com] relates to easing export controls on "supercomputing" hardware. (Like your new Playstation ;-)
  • Then all blocking software can just block encrypted content in general.

    I'm a little bothered by the "use of crypto to hide a crime is a crime" part; it's already a crime to commit a crime. What do they hope to accomplish with that?
  • by gavinhall ( 33 ) on Friday June 18, 1999 @08:05AM (#1843510)
    Posted by Lord Kano-The Gangster Of Love:

    Slightly off-topic, but not much. Major rant ahead.

    It's good to see eased crypto export controls, but the portion about forbidding the gov't from forcing people to decrypt data is a joke.

    It's not like our government obeys it's own laws or anything. In the 1960's-1970's the FBI used illegal measured to bring down the Black Panther Party. There are rules against shooting unarmed people, but that didn't stop FBI sniper Lon Horiuchi from shooting Vicky Weaver inthe face while she held her infant daughter(musta been one of those fully automatic assault babies). It's illegal for the US military to engage in domestic law enforcement, but that didn't stop the FBI and BATF from filing bogus charges to get through a loophole in the law to get the US Special forces to torture and barbecue babies in Waco Texas.

    This government also inturned AMERICAL CITIZENS for doing nothing more that being 1/4 Japanese. This government exposed mentally retarded people to radioactive substances just to watch them react. This government gave LSD to men in it's armed forces to gauge how well it could be used to interrogate prisoners. This government let men die from syphillis, while lying about giving them treatment, just to gain information about the progression of the disease. This government assisted the Russians in assassinating the leader of the Chechnian rebels, which is 100% ILLEGAL.

    I could go on for paragraphs on this, but I think you all get the point. Agents of government (all of them) will routinely violate or circumvent (but usually the former) domestic and international law if they believe that it serves their purpose. Just because they added a provision forbidding their agents from forcing us to decrypt on demand doesn't mean a thing. It's a paper tiger with no teeth or claws to back itself up.

    LK
  • by Fish Man ( 20098 ) on Friday June 18, 1999 @08:06AM (#1843511) Homepage
    Well, It's about time that the US congress dragged themselves into some semblance of reality on this issue.

    The laws in the US regarding the exporting of encryption and decryption technology were all derived from the premise that US engineers and scientists were the only ones on the face of the planet with any ability whatsoever to invent any sort of encryption/decryption techniques, and that the scientific/engineering/software community elsewhere were completely incapable of developing any such technology on their own and would only obtain it if they got if from us.

    Just a TAD bit stupidly arrogant, no?

    The laws are, in fact, so stupid that if I download a program that does encryption/decryption from a site in, for example, France, and then I translate the text in its GUI from French to English and stick it back up on the Internet, I have committed treason. (Because I transfered a program containing encryption/decryption from my computer, on US soil, owned by a US citizen, to the world-wide Internet. It was irrelevant that the encryption/decryption portion of the code originated in another country anyway!)

    From my reading of the article, (and it's kinda sketchy) it looks like this represents only the first small step towards sanity. But at least it's a step.
  • It has become rather tiresome hearing the old line that the law assumes that only US programmers can write cryptographic programs. This is simply not true; it is instead a straw man. The law assumes that it costs other countries to develop such programs. This is true; it does take considerable resources to write such a thing.

    While we cannot prevent our enemies from getting their hands on crypto, we can make it a bit harder for them. We do the same thing with chemical and nuclear weapons. There's nothing really wrong with it.

    That said, I would just as soon ease the restrictions because they no longer apply; this software is available outside the USA and we no longer profit by restricting it.

  • by Anonymous Coward
    One thing that I don't understand. Sony is a Japanese company. Why don't they design and manufacture PlayStations in Japan (or somewhere outside of USA) to sell to other countries? Besides isn't just about everything "made in Taiwan"/"made in China" anyways?
  • Posted by Lord Kano-The Gangster Of Love:

    >>I think it is going too far to say "Agents of government (all of them) will routinely violate or circumvent (but usually the former) domestic and international law if they believe that it serves their purpose." It happens, true, that was a prety good list, but is usually not routine, and frequently there are negative repercusions, especialy in the most grievous cases.

    I guess that I could have been clearer. when I said all of them I meant agents of all governments, not all agents of government.

    >>No mater the prevelance of violation (we seem to disagree there) it is still fruitful to have the laws in place to define the rules. They deter more than you think, and when they don't there is a chance they can be enforced. You can't enforce a law that wasn't passed.

    It's still a paper tiger. To be of any real consequence there must be STRONG pentalies and they must be evenly applied. Any government agent who abuses their power should be subject to either life inprisonment or execution. THAT would deter abuses more than a million new weak laws that never get invoked.

    LK

    LK
  • What I don't understand is how can an encryption be designed for use in harming national security. IF terrorist A sends terrorist B details of an attack on US soil and encrypts those details using PGP is not PGP therefore deisgned for use in harming national security?
    How would "M$ Terrorist [TM]" differ from any general purpose encryption product? I certainly can't think of any features that would be useful ONLY to spies, terrorists, mafioso and child molestors.

    My point is that any general purpose encryption product could be construed to fall under this phrase.
  • Yes, that's what I am. And lets not forget paranoid...

    What are the odds that the forms of encryption whose restrictions are being eased are only the ones that the NSA has learned to crack?

    (Had to say it, even if it does get moderated down.)

    --Threed
  • Posted by Lord Kano-The Gangster Of Love:

    The difference is this AC. Posting as an AC allows you to hide in amongst others who refuse to tie their posts to a name. Even though one would have to do a little work to find out my given name all of my posts are attributable to me.

    LK
  • The law assumes that it costs other countries to develop such programs. This is true; it does take considerable resources to write such a thing.

    This logic is quite correct for some technologies, e. g. nuclear weapons.

    It takes serious capital, and access to expensive rare resources to build a nuclear weapon.

    So, restrictions against exporting nuclear technology assumes that US researchers have some of the greatest economic resources available to them.

    This assumption is, at least, somewhat valid.

    However the development of encryption/decryption schemes is almost 100% an intellectual exercise. The best ones the world over have been developed by university researchers with negligible budgets allocated for such development.

    So, these laws assume that US researchers are simply way smarter than their counterparts elsewhere.

    A flawed premise IMHO.
  • Posted by Lord Kano-The Gangster Of Love:

    >>Yeah the government burned it down, right

    I never said that they did. You're lying and putting words in my mouth. The origin of the fire is still in dispute and until there's more evidence I won't accuse anyone.

    LK
  • According to the summary, the act also "[s]pecifies that the use of encryption shall not be the sole basis for establishing probable cause with respect to a criminal offense or a search warrant." Bravo!
  • I think what they're trying to prevent is M$ Terrorist [tm] complete with custom encryption specifically designed for use in harming national security. (Click OK to install!)

    Hmmm...that would put a damper in Win98/IE5 sales. The fact that these things tell Microsoft lots of tidbits about you over the Internet implies that it tells lots of tidbits about everybody over the Internet.

    I wonder how well this goes over at the Pentagon.

  • You DID accuse them, or at least inferred an accusation.
    " It's illegal for the US military to engage in domestic law enforcement, but that didn't stop the FBI and BATF from filing bogus charges to get through a loophole in the law to get the US Special forces to torture and barbecue babies in Waco Texas. "

    Later you qualify this some, by saying that the tear gas poisoned them (through conversion to a cyanide compound), but you said the US Special forces "barbecue babies" which they probably did not. They made a VERY bad (and illegal) assumption about the Branch Davidians, but they probably did not start the fire and they certainly didn't make the occupants of the building stay IN the fire. I would go so far as to say that even if they DID set the fire, it was to get the people out and not to kill them all.

  • One thing that I find particular amusing about the US law about encription software is that the US goverment comonly says that this law exist so that terrorists and drug dealers woundn't have access to this technology. Since terrorists and drug dealers are known to comit crimes, why they would obey that law???

    There are plenty of crypto-software available outside the US and they will use it, even if there is no american software available for them. I am a common person, brazilian, and have access to the technology, so why the US goverment think that the "bad guys" woudn't have it?


    --
    "take the red pill and you stay in wonderland and I'll show you how deep the rabitt hole goes"
  • >Everything that you stated either happened over 20 years ago, is not proven or is just plain wrong (waco).
    Randy Weaver's wife was shot less than a decade ago. If you are saying that it is wrong from an ethical point of view, I'll go right along with that. If you are saying it didn't happen that way, I suggest you check ANY news source, national, local, or even a militia zine for the facts on the situation.

    Geek-grrl in training
    "Always two there are. A geek and her sig."
  • "It shall be lawful for any person within any State, and for any United States person in a foreign country, to use " (or sell) "any encryption, regardless of the encryption algorithm selected, encryption key length chosen, or implementation technique or medium used."
  • 0, unless the NSA can crack any encryption. This bill frees all crypto, regardless of methods chosen or key length used.
  • ...but Clinton, et. al. will veto this legislation even if it does pass out of Congress.

    Clinton has had an opportunity to cozy up to the topic before, but Reno and other "national security" wonks have always turned Clinton to the standard government line.

    I remain highly skeptical that this situation will be improved by our silly government anytime soon.

    Anyone who is interested in the topic, I'd like to highly recommend Whitfield Diffie's book exploring the entire policy debate: Pri vacy On the Line: The Politics of Wiretapping and Encryption [amazon.com] . It's quite a good and succinct.
  • the orgional PSX used a Mips 3000 chip... that chip has been included into the bus controler (like a 440bx chip). it was american made. so it does have one american designed component (eventhough it's not the part that makes it a supercomputer) AFAIK, anyway... the PSX two is scedualed to be made in china at the monment... btw, what the hell does IIRC mean?
    ---------------
    Chad Okere

  • I believe that either 2/3 or 3/4 of the states can call for a constitutional convention without requiring any action by the Federal government.
    --
  • it's not the government, its people *in* the government that do illigal things. just look at this crypto bill, as an example of the way things are *supposed* to be. the "cannot force you to decript" is awesom, I mean, how could they force you to do it if you knew your rights?
    ---------------
    Chad Okere
  • While checking up the House Sub-Committee on Telecommunications, Trade, and Consumer Protection, I decided to look at some other bills that they are considering. This is highly misleading (w/o reading the text of the bills) but some of the titles are very interesting.

    H.R.543: A bill to require the installation and use by schools and libraries of a technology for filtering or blocking material on the Internet on computers with Internet access to be eligible to receive or retain universal service assistance. (obviously to screen out /.)

    H.J.RES.47: A joint resolution expressing the sense of the Congress regarding the need for a Surgeon General's report on media and violence. (where Dr Koop when you need him?)

    H.R.313: [loc.gov] A bill to regulate the use by interactive computer services of personally identifiable information provided by subscribers to such services. (Note: This one actually looks good, hence it will never pass)

    H.R.515: A bill to prevent children from injuring themselves with handguns. (Great title, totally misleading)

    Keep in mind that only a small amount of bills even get out of sub-committee. This is a good thing. Back onto the subject at hand, IMO the other sub-committees are going to gut the export provisions of HR850. IOW, those aspects (exports) may not reach the House Floor for a vote.
  • H.R.515: A bill to prevent children from injuring themselves with handguns. (Great title, totally misleading)

    Haha. Maybe they'll start jailing kids who injure themselves with handguns.
  • Like I said the first time. The operative words are "designed for".

    It doesn't say any encryption product that can be used for those purposes is illegal, it says any encryption product *designed for* those purposes is illegal.

    For example, a car is a personal transportation device. It is designed to move people from point A to point B. A wheelbarrow is not designed for moving people from point A to point B, it's designed for other non-people things. However, it can effectively be used to move people, also.

    So, if the criteria for judging the legality of the car & the whellbarrow were "any device designed for transporting people is illegal", the car would be illegal, the wheelbarrow wouldn't.

    In your example, whatever Phillip Zimmerman designed PGP for remains what he designed PGP for regardless of how people use it. From what I recall, it was designed to give individuals the ability to be secure in their electronic data from eavesdroppers.

    Now, if M$ Terrorist [tm] used PGP as its encryption engine, M$ Terrorist [tm] would be illegal, as it is would be a custom encryption product designed to harm national security, but PGP itself would still be legal. :)

    Of course, the politicians could say "Trying to ensure that people have access to the protections granted by the bill of rights shall be considered intent to harm national security". That would indeed result in PGP becoming illegal, but not for the reasons you stated. ;)
  • One note:

    > >>Unlikely. Judging by the window 2000 beta traces they run a BSD stack derivative
    > >>close to freebsd - and the BSD license permits such use
    > >
    > >Which is a good reason to *NOT* release open source code under
    > >BSD style licenses. You might as well just send your code
    > >directly to Microsoft.
    >
    > And the problem with Microsoft using all sorts of Unix code is...?

    is that they would never admit it, _and_ they would continue badmouthing
    Unix/Linux/BSD. They simply can take advantage of BSD code whenever they
    see fit - without acknowledging it and without giving back anything. It's
    unethical and abusive, and this is what the GPL prevents. It also drains
    developers from the BSD space (after all they could now just go and
    develop networking code for Microsoft), which is bad for the BSD project
    as a collective effort. These are just a few of the many naivities the BSD
    license has, and Microsoft Halloween documents pretty accurately point
    this out. They are afraid of Linux, but they are not afraid of *BSD.
  • I think you hit the nail on the head. It is the intent of the encryption application's author that is the key to determining what purpose the software is "intended" for. Unfortunately, I haven't found the actual full bill text of that amendment which defines what intent is prohibited and what is allowed. News reporters sometimes have the unintended tendency to manipulate the meaning of an original document by only including bits and pieces of it. Nonetheless, just the idea of regulating a programmer's intent is curious.

    For one, determining the intent or original purpose of encryption software is a messy, ambiguous world. For example, what criminal in their right mind would deliberately define their software as something for "penetrating and destroying national security defenses" or "exploiting and exporting child pornography"? The obvious implications are a very difficult and treacherous road to defining an author's intent.

    Secondly, what situation would we run into if for instance if a programmer unknowingly created an encryption application that was especially fast at encrypting 16 bit JPEG's (a semi- to hi-quality photo realistic image format), and made the picture 3/4 of its original size so that it became easier to transport via network or floppy? If such a hypothetical program, no matter how unlikely, appeared in the market it may just become the preferred vehicle for digital pornography (child or not) on the Internet. Possibly similar to the way MP3's have become the poster child for electronic piracy. If the programmer's intent was benevolent, say encrypting gnome applets, but it becomes a common criminal tool should the software still be allowed under this amendment? As was defined by ninjaz [ttp], a car is for people, and a wheelbarrow is for dirt. Regardless, this situation seems sticky, but until the entire amendment is read it is too early to pass judgment.
  • Hrm... it is kind of odd... the whole thing was completly self contained, they could have just left those people alone, it wasn't like the were going to attack the town or somthing... whatever
    ---------------
    Chad Okere
  • That was my initial thought also, but in the case that the police already had probable cause (they saw you hold up the bank, etc.) they can still arrest you, and if you had encrypted your plans to rob the bank then you could be prosecuted for both the plans and the encryption. Also, this just prevents use of encryption from being the "sole basis" of probable cause, but use of encryption could be a contributory basis. This was a step in the right direction, just not as far as it looks at first glance.

    • Any government agent who abuses their power should be subject to either life inprisonment or execution. THAT would deter abuses more than a million new weak laws that never get invoked.

    It would also prevent anyone from ever wanting to become a law enforcement agent. I agree that gummint agents should be punished for transgressions just like everyone else, but I cannot agree to the notion that they should be punished more than an ordinary citizen who commits the same crime.

  • ... except that most corporate filtering software restricts which Internet servers you can connect to by using a proxy server, and doesn't actually pay much attention to the content. There are large databases of categorized sites which can be restricted by the sysadmin for assorted reasons.
  • ...To be of any real consequence there must be STRONG pentalies and they must be evenly applied.
    Applied by whom? The executive branch has a decided conflict of interest when it comes to punishing itself. Congress does not execute the laws; besides, there are far too many bureaucrats for them to exercise detailed supervision.

    For effective results, you need to turn to civil penalties, together with removal of sovreign immunity for bureaucrats who break the laws. How does this sound:

    Unauthorized decryption and unauthorized disclosure of encrypted communications shall be subject to civil penalties of $100,000 per offense or treble actual damages, whichever is greater. Sovreign immunity does not serve as a defense from individual liability. No Federal funds may be used in defense against any such suit (no deep pockets). Loser pays double the court costs to the winner (I don't want to encourage frivolous suits, either).
    Tell me -- would there have been a "Filegate" if something like that had been in effect for the disclosure of confidential FBI files?

  • Since the U.S. has been officially operating in under the laws pertaining to a state of emergency for the last 50 (approx.) years, none of that was illegal.
  • Isn't that the same IR footage that shows Davidian's firing INTO their own building? I've seen the footage myself, some of the people attempting to escape were killed by their own comrades.
  • This is, I think, rather like the argument about whether a act by a monopoly, or an agent thereof, should be punished more harshly than an act by one who is not and does not represent a monopoly. Ideally there would be graded distinctions, not black and white cut-offs. And certainly I don't feel that a monopoly, or an agent thereof, should necessarily be punished more than, say, twice as harshly than the same act by one who is not acting in the role of a monopoly, or as a representative of one.

    But certainly they shouldn't be punished less stringently. And the punishment should be applied to both the individual agent, and to the sponsoring agency. (Although shares of guilt/blame/punishment would need careful consideration.)
  • Just out of curiosity, has the matrix come out in brazil, or have you only seen the pirated version?
    ---------------
    Chad Okere
  • Nothing more extreme than a little sodium penethol is usually necessary to get your pass-phrase.

    Crypto is nice, but if your opponent is powerful and serious (like the ATF in the waco case), you *will lose*. Piss off the gov't and they will whack you with a big bat - right or wrong, lawful or not.

    Often, I think we could do with a little more prime directive in government. I think we legislate morality far too often. This is a dangerous trend. Witch hunt anyone?

    -=Julian=-

    Love that Ben Franklin sig.

  • It's 3/4, and *BOY* am I glad that it's difficult! We were EXTREMELY lucky when the constitution was adopted that certain radicals held out for the Bill of Rights! Do you REALLY want to bet that we would be equally lucky the next time? The problem is getting the government to live up to the constitution, not how to replace it!
  • "It's 3/4, and *BOY* am I glad that it's difficult!"

    Actually, if I remember correctly(I could be all wet on this) We did come pretty close to having a constitutional convention. If I remember correctly it was passing "hidden" then it got relized and it ended there.

    "The problem is getting the government to live up to the constitution, not how to replace it!"

    See, that's why I like the second amendment so much. It gives us the ability to tell the goverment to stop reaming us in the ass if we so choose at a later date. :) Really in our current state it's the PEOPLE who are the problem NOT the goverment. We all have to remember all our goverment officals that make laws are elected(last I checked) So since while we still do have the ability to vote and go practice shooting goverment offices it is our DUTY to vote for someone who will uphold the constitution and not try to take things out. It is also our DUTY as people to ream goverment officals in the a$$ when they do NOT obay the law, else we get rid of the people are supposed to ream the ones who don't obay the law. We still have the ability to vote, it just seems no one uses that right to the fullest. I guess the way things are headed it's what people want, else they'd be exercising the little rights they have left or I guess they just don't care perhaps?

    It's stuff like that, that makes me so upset about the BS with the whole 2nd Amendment issue, you have to be blind, deaf, and dumb to not understand that it means that We have the right to own a gun. Who else could it be there for? I'm at a loss as to understand why it would be in there in the first place if it wasn't for the right of the people to own guns?

    Anyhow the problem isn't getting the goverment to live up to the constitution it's getting the people to use their power to force the goverment to live up to the constitution. Were not at the point(yet) Where we have to do anything more than vote to get our rights back.

    Let me just leave with this though, they'll have to pry my gun from my cold dead fingers before they take that right away, because that's the beggining of the end. I'm sure there's plenty of other people who belive close to the same thing too.


  • If a person is killed during the commission of a felony, then the person committing the felony is guilty of murder. That doesn't say anything about intentions, but that's the way the law reads. If the government agents were committing a felony, then they are guilty of murder. If the Dravidians were committing a felony then THEY are guilty of murder. If they were BOTH committing a felony, then they are BOTH guilty of murder. IANAL.
  • Really? So tell me. You own a gun, are you part of a 'well regulated militia'? Because *that's* the reason for giving the people the right to bare arms, its stated right there in the constitution.
  • Really? So tell me. You own a gun, are you part of a 'well regulated militia'? Because *that's* the reason for giving the people the right to bare arms, its stated right there in the constitution.

    Hmm, since you're in college, I guess there's no requirement for you to do research before making commentary, (minor rant about falling academic standards elided) so I'll attempt to educate you instead of flaming you. Yes, he is a member of the militia, as are you, if being a "fourth year student" means you're at least 17 years old", and "John Christensen" and your image on your homepage indicate you're an able-bodied male.
    By US law, (10 USC 311, 10 USC 312, and 32 USC 313) all able bodied males (with some exceptions pointed out in 10 USC 312, like postal workers and the merchant marine) are members of the militia.
  • HiThere, could you site the Executive actions to back this up? I know they Exist, but there are thousands of them to wade through. Maybe if these are brought to light, people would wake up.
  • Uhm. Thank you, I didn't know that. So tell me, who would command this militia and thus would have the right to pass standard weapons regulations?
  • Signatures would merely link the spam to a particular account. Spammers would simply get a new throwaway account (with a new signature) for each spam.
    /.
  • I found it interesting that the US government would deny exporting encryption products if they were designed to exploit little children. What does encryption and little children have to do with each other? Might as well ban cars that are designed to help child molesters. Its nice that the US is watching out for the rest of the world and wanting to play "big brother." I do not feel my taxes should be used in this way.

    Restricting encryption puts a damper on free distribution of solid communication tools and operating system distributions.
  • Posted by FascDot Killed My Previous Use:

    If you use steganography along with encryption (or even by itself) there's no way to know there's even data there, let alone block it.
    --
    "Please remember that how you say something is often more important than what you say." - Rob Malda
  • You can be prosecuted for multiple crimes in the course of one trial or as part of a larger crime. For example, you can commit a felony, use a firearm in the commission of said felony, and cross state lines, commit the felony in a building, use encryption in the commission of the crime... Each count can carry mandatory sentences, etc... That's how people get 2 life sentences. You may get off on one count of something, or plea bargain to get a charge dropped, but the others may stick. Welcome to the US legal system. ;) It may make sense, and there may be a reason for it all, but I'm not in posession of that knowledge at the moment.
  • One of the amendments grants the Secretary of Commerce the authority to deny the export of any "custom-made" encryption products designed for "use in harming national security, use in the sexual exploitation of children [or] use by organized crime."

    Is it just me or is this a giant loophole? It seems that anything other than SSL type commercial transactions could fall under this loop hole (e.g. PGP) They [Government/ Law Enforcement] seem to think that they have an absolute right to spy on people at whim.
  • Uh? You are describing SSL/TLS. Go get mod_ssl [modssl.org] for Apache and Fortify [fortify.net] to enable 128-bit ciphers in all Netscape browsers.

  • Obviously this subcommittee dosen't realize what this really is yet.

    How long before the NSA fires back? I love to see an all out war between the NSA and a powerful(supposedly) elected body. How quickly do you think congress could pass a bill outdating the NSA's usefullness? How many house members would be found floating in a river?

    Enough silly rant...This is the meat right here... (Sec. 3) Amends the Export Administration Act of 1979 to grant the Secretary of Commerce exclusive authority to control exports of all computer hardware, software, computing devices, customer premises equipment, communications network equipment, and technology for information security (including encryption), except that which is specifically designed or modified for military use.

    Which is exactly what we need for usefull protection without stale laws. A human being in charge and acountable for regulation of encryption. Who not only has the power to regulate (upon a 50 day review period) but not to regulate at all.

    This may be a rouse though, supposedly he is to compile data on impedements to law enforcment created by his policy. If the NSA could just buy him out...

    To learn more about the Secretary of Commerce... Department of Commerce website [doc.gov]

    How long until we can get a human being in a federal postition directly responsible for regulating cameras, I can think of a few I'd like an explanation for.

    I expecting the MIB in front of house any second now.

  • How coincidental! 256 cosponsors! And that should be plenty to get the thing passed (assuming they show up to vote, not a given)
  • Overall, seems a lot better than the status quo, but several problems remain:

    1. The bill seems to have an NSA/FBI/CIA inspired loophole - it only relaxes standards on user-"inaccessible" or non-"end-to-end user encryption" products. In other words, you can use whatever you want to connect securely to your ISP, but not to use strongly encrypted VPN tunnels, or send encrypted messages via PGP/voice scramblers/whatever. The intent seems to be that the powers-that-be will still be able to tap your cleartext (presumably only by warrant, but what about the NSA's reputed ubiquitous taps?) at the first unencrypted hop. Of course, with PGP et al. already out of the bag, this may be a moot point anyway.

    2. The tack-on penalties for using encryption in the furtherance of a crime, seem like they might run afoul of the Fourth and/or Fifth Amendment. Of course, our current batch of Supremes will likely not see it that way, especially if drug dealers and kiddie porners are the ones being prosecuted for encrypting the evidence. Besides, the cops will only be able to tell if the encrypted stuff was related to the bad stuff if they follow their current routine - seize everything that even looks like a computer, and try to crack all of it. This bill merely encourages that kind of overreaching behavior. More martyred Mitnicks to come? Start generating those 2048-bit keys now... maybe the statute of limitations on your crime will run out before they can decrypt your data. Does "self-incrimination" cover giving up your PGP pass-phrase?

    3. It still has to make it past the Senate.... and judging from our enlightened members of both houses ("Ten Commandments" in every school, anyone?) a lot more could go wrong from here.


    #include "disclaim.h"
    "All the best people in life seem to like LINUX." - Steve Wozniak
  • I found a few interesting points in the text of this bill (Note the search warrant/probable cause clause -- somebody was thinking on this one!):

    "It shall be lawful for any person within any State, and for any United States person in a foreign country, to use " (or sell) "any encryption, regardless of the encryption algorithm selected, encryption key length chosen, or implementation technique or medium used."

    "Neither the Federal Government nor a State may require that...a key, access to a key, key recovery information, or any other plaintext access capability be:"

    "built into computer hardware or software for any purpose;"

    "given to any other person, including a Federal Government agency"

    "retained by the owner or user of an encryption key or any other person"

    "The use of encryption by any person shall not be the sole basis for establishing probable cause with respect to a criminal offense or a search warrant."

    "The Attorney General shall compile, and maintain in classified form, data on the instances in which encryption (as defined in section 2801 of title 18, United States Code) has interfered with, impeded, or obstructed the ability of the Department of Justice to enforce the criminal laws of the United States."

  • Excuse me, did that trial not happen? If you were to argue that the evidence did not yield that conclusion then I would understand your reasoning. If you were arguing that the evidence was, in fact, legally obtained, then I would understand your reasoning. As it is, all I can presume is that you feel that the blaze of publicity created an emotional situation in which untoward thing could be expected to happen. I happen to agree with that, but still recognize that some of those untoward acts were performed by agents of the government.
  • German and Irish immigrants may have sabotaged war plants during WWI, but they were not interned (well, not en-mass) during WWII, so I don't understand your justification.
  • Well, the acceptance of strong crypto is a good thing. It could even end up being a good means of further securing the net and eliminating spam and anonymnity.

    With strong crypto and one-way functions, it will be possible to securely sign messages. This paves the way for a requirement that ALL messages (to Usenet or by e-mail) be signed. Without secure crypto that just isn't possible. It could pave the way for end-to-end validation of all email and Usenet traffic. Messages without validatable return addresses can be silently dropped at various points along the way. With signing, spammers won't be able to assume anybody else's identity. And we can all have permanent validated email addresses.

    I suspect there will be people who find this a bad thing. I don't.

    This could transform the 'net from being a 'wild west' environment into a civilized medium. Only the outlaws need regret that.
  • This clause is probably aimed at some hypothetical mole/traitor inside NSA that might manage to build a backdoor (or, more likely, introduce a small bug) that allows the crypto algorithm to be penetrated by a foreign power or someone else.

    A supposedly secure cryptosystem with a non-obvious flaw in the implementation could cause lots and lots of problems. This is very unlikely but possible, even with several layers of checking/testing of the cryptosystem.

    Other than that, yes, it could be stretched to cover just about anything the powers that be want it to cover. So what else is new?

  • Posted by Lord Kano-The Gangster Of Love:

    >>It would also prevent anyone from ever wanting to become a law enforcement agent.

    It would only discourage those who have a propensity for abusing their power.

    >>I agree that gummint agents should be punished for transgressions just like everyone else, but I cannot agree to the notion that they should be punished more than an ordinary citizen who commits the same crime.

    If you murder a police officer, you have a much greater chance of facing execution in the US than if you killed a suburban housewife. Is that cop's life worth more than someone's mother?

    LK
  • Well, It's about time that the US congress dragged themselves into some semblance of reality on this issue.

    Rather, it's about time that the U.S. Congress dragged the Executive Branch into some semblance of reality. The Arms Control Export Act only applies to cryptography because the Executive branch is delegated the authority to name what goods are covered by the Act.

    (Note that under the non-delegation doctrine, largely abandoned by the Federal Courts in the 1930's, giving the Executive branch this kind of authority is unconstitutional.)

    The laws are, in fact, so stupid that if I download a program that does encryption/decryption from a site in, for example, France, and then I translate the text in its GUI from French to English and stick it back up on the Internet, I have committed treason

    No, you're just illegal international arms dealer. See Article III, section 3 of the U.S. Constitution for the definition of treason in the U.S.

  • Posted by Lord Kano-The Gangster Of Love:

    >>The people in the compound HAD time to come out long before the government went in forcefully.

    They did not come out beause they were afraid that they'd be shot. They had people shooting from helicopters. David Koresh took a 9mm round in the abdomen.


    >>The main reason for the military assistance was to get armored vehicles to prevent even MORE deaths. As I recall, more than one agent was shot by the Davidians. Blame goes both ways.

    I don't care what the reason was, they LIED in order to get ILLEGAL military assistance. Not a single FBI or BATF agent or supervisor lost his/her job because of this.

    LK
  • There are no statutes in the U.S. that ban the use or export of cryptography.

    You read that right. Instead, we have a law that controls the export of articles of defense that allows the Executive Branch to define articles of defense.

    That means President William Jefferson Clinton, since he is in charge of the Executive branch, could unilaterally authorize the export of encryption software right now. He could also unilaterally redefine SUVs, Metallica CD's, and sex toys as articles of defense subject to all the export restrictions to which cryptogrpahy is currently subjected, right now.

  • Posted by Lord Kano-The Gangster Of Love:

    Well, speed. Do you know anything about eschelon? If not, then read up on it. The US government can tap into any telephone conversation in this country. They have the ability to track vehicles using sattelites. Only the US government and it's allies have the ability to track someone that precicely. Why do you think other nations resort to terrorism against the US? Because they can't muster an army that can attack us on our own soil.

    Use your brain speed. That's why you have one.

    LK
  • Signed spam means that notorious spammers can get identified very rapidly. People can forward the return address of spam they receive to a database that pools the addresses of offenders that all subscribers can draw on for killfiles. It would prevent victimisation of account holders whose addresses get spoofed by spammers and would allow anti-spam efforts to focus on specific accounts rather than whole domains. Nothing that isn't being tried already, but if forging an identity becomes impossible, spammers will have far fewer ways to hide.
  • Posted by Lord Kano-The Gangster Of Love:

    >>During WWI German and Irish immigrants did sabotage the US and Canadian war production.

    None of them were hauled off and put into camps. Only the little yellow guys were. It was definately because of the remant racism of the time. It had NOTHING to do with national security.

    >>It can be argued that greater security would have been the solution, but it was war and war is hell. Stalin killed people he susspected.

    And this means what? We don't live in a communist nation where individual citizens have no rights.

    >>I have no idea how would have solved it and I sure as hell don't need any "racist-pig" flames.

    I don't know enough about you to be able to tell if you're a racist pig.

    LK
  • Monty Python's Quest for the Holy Grail, and I claim my Holy Hand-Grenade of Antioch.
  • Posted by Lord Kano-The Gangster Of Love:

    >>Maybe if these are brought to light, people would wake up.

    Don't bet the farm on that my friend. We've got video tape of the big man committing a federal felony (perjury) and the average 'merkin thought that it was "all about sex".

    It's taken decades to stupify and pussify this country, it'll take decades to reverse that,

    LK
  • Well it depends if it's a Federal, State, or 'self' commissioned miltia. :) Nothing illegal about having either of the 3 militas. :)
  • Ooops, my Bad, according to Sec. 311 which can be found at: http://www4.law.cornell.edu/uscode/10/311.html

    the 'self' militia is really called an unorganized militia.

    So anyhow for the Federal milita Bill Clinton is currently the commander of the Federal Milita. Then the state militia's which is now called the National Guard I guess is commanded by the Govener? Then for an unorginized militia's I think the memebers of the milita vote for the commanding officers. So you could go join your local state unorgnized milita then vote for the commanding officers. I'm really not sure how a lot of that works(seeing as I'm not a member of an unorginized militia), just search for "militia" and I'm sure you'll get a whole slew of information on it. I'm sure there's even an unorgnized militia in your state that would be more than happy to accept members.

    Anyhow stanard weapons for the Federal milita is things like Air Craft carriers, Atomic Bombs, M-16's, TOW missels, Apache choppers, F-16's things like that, then I guess the National Guard has the same things? Then for unorgnized militas it's whatever is in common use. So I'd imagin if everyone owned a F-16 to get to and from work it'd be considered common use? Realasticly I guess these days common use is any type of firearm.

  • Mmm. Right. However, the constitution stil gives the right to regulate the arms use of the unorganized religions which, since they were allowed for in a US law, must likely still answer to the US congress.
  • Posted by Lord Kano-The Gangster Of Love:

    It was because of the instructions of the Army that the BATF and FBI poked several holes in the branch davidian home. These holes allowed to fire to burn hotter and spread faster. They alsy know that the branch davdians didn't have child sized gas masks.

    Torture and barbecue no doubt. The only doubt is as to who started the fire.

    LK
  • One of the amendments grants the Secretary of Commerce the authority to deny the export of any "custom-made" encryption products designed for "use in harming national security, use in the sexual exploitation of children [or] use by organized crime."

    This was obviously put in to ease the concerns of the clueless and has no legal meaning whatsoever. Come on - custom-made encryption products for child pornographers? Anybody know of any?

    Of course, anything that helps this bill get passed by people who don't really understand it is great in my book.

  • Here's a link to an analysis [cdt.org] by the Center for Democracy & Technology. It's actually a bit more informative than the House of Representatives page.
    --
  • It is true that governments, like the people they should be protecting, sometimes break laws.

    I think it is going too far to say "Agents of government (all of them) will routinely violate or circumvent (but usually the former) domestic and international law if they believe that it serves their purpose." It happens, true, that was a prety good list, but is usually not routine, and frequently there are negative repercusions, especialy in the most grievous cases.

    No mater the prevelance of violation (we seem to disagree there) it is still fruitful to have the laws in place to define the rules. They deter more than you think, and when they don't there is a chance they can be enforced. You can't enforce a law that wasn't passed.
  • by Fizgig ( 16368 )
    It doesn't look like it says they can't decrypt things. It just says they can't force you to file a key with the government or a government agency (outlawing key escrow). Maybe I missed the part about not decrypting.

    It also makes it a crime to use encryption to hide criminal activities. Seems akin to mail fraud. Watch out for encrypting those MP3s, though! That's an extra 5 years in jail.

    And it says that using encryption is not by itself "probably cause" for decrypting. Good! You know they'd use that if that clause weren't in there.
  • When campaigning for re-election, the politicians want to be able to make statements like: "I voted for n bills that protect the little children of the world from exploitation."

    By tacking this amendment onto this bill, that of course has absolutely no relevance to the issue of child exploitation, the politicians can count this bill in that total of n.
  • The laws are even MORE stupidly arrogant that that: they make the assumption that only US citizens will have the ability to use a text editor a hand-copy a program from a textbook and then run a compiler on it. (There is no restriction on printed materials--mostly.) In other words, they assume that all non-US citizens have the technical savvy of a congresscritter.

  • by DiningPhilosopher ( 17036 ) on Friday June 18, 1999 @08:30AM (#1843610)
    I'm not convinced anybody ever thought there weren't comparable crypto products available outside the U.S. If this were the real reason for the export restrictions they would have been removed long ago. Now the European crypto market is quite well developed.

    As I see it, the only reason for the restrictions is to put economic shackles on U.S. based crypto companies. Keeping these companies small and unprofitable limits their ability to sell crypto products domestically, and therefore slows the inevitable adoption of real crypto in this country.

    (In the interest of disclosure, I work for such a company)
  • Encryption products are general-purpose and content-neutral. PGP can be used to encrypt business plans and negoitations, love sonnets, nuclear weapons designs, harmless gossip, discussions among illegal drug dealers, political campaign plans, kiddie porn - i.e. anything that can be stored in a disk file (a stream of bits). That provision is just for pandering to computer-illiterate "middle america" - but it seriously weakens the value of the proposed law.
    --
  • They still can't take away the right for having a gun though, which would be unconsitutional see 2nd Amendment. :)

    The whole idea was originally put there so no one group of people would be stronger than the other or the goverment becoming more powerful than the people. The 2nd Amendment like the first 10 Amendments is an unalienable right, which is a right that can not be taken away. So the day the goverment says you can't own a gun is the day every US citizen looses all their rights listed in the constitution since if they can take take the 2nd Amendment out then there's nothing stopping them from taking any of the others out. You can't even amend the second amendment out. Which is why I think it pisses the gun control advocates off, having gun control is like having Speech control, or like the police being able to search your house without a warrent, or any of your unalienable rights.

    Which is why I say the same thing others say: you can take my gun away when you pry it from my cold dead fingers.

    This is a very simplistic issue I really can't see why there is so much debate about it. The right of owning a gun is the same right you have to free speech, or anything else listed in the Constitution.

  • Posted by Lord Kano-The Gangster Of Love:

    The FBI, CIA and NSA have a vested interest in keeping strong crypto out of everyday life. It means that they'd have to obey the laws. But when the laws get in their way they just have them changed. For example, you can be indicted in a secret hearing by a secret grand jury using secret evidence which you never have a chance to see, know about or refute.

    This was instituted to help bring down the "mafia" and "drug dealers" but it can be applied to anyone among us by liberally interpretting the law.

    Two or three drug dealers in a gang can now be prosecuted under the federal RICO statute due to a re-interpretation of 20 year old laws.

    How long before the definition of a "criminal enterprise" is re-interpretted? Will /. be next? After all, many of us support things that the government wants to make illegal. (crypto is the prime example).

    LK
  • Okay. Admittedly I don't have a copy of the constitution in front of me and since I am at work I don't have the time to look this up, but: couldn't a constitutional amendment nullify any one of the original 10?

    Anyways, you're still ignoring that the Amendment provides for a *well-regulated* militia. Which seems to imply that the people who control the militia, presumably the government under the same laws that got tossed in my face the last time I made this post, can therefore pass any gun control rules that they want. They're just regulating a militia.

    For the record, btw, I don't know how much gun control will help(if it will at all). I believe that we need to enforce the rules we have on the books already. I also *firmly* believe, however, that guns should be treated like automobiles. If you want to own one, you're going to have to take a *mandatory* gun safety class, or pull out the documentation that says you already have. Furthermore, I believe fully in mandatory trigger locks.
  • Yes the Matrix has come out here. :-)
    --
    "take the red pill and you stay in wonderland and I'll show you how deep the rabitt hole goes"
  • Someone around here was telling me about a local election in their hometown for city council. One candidate had only one plank on their platform: Child Safety. When the other candidate said he wanted to talk about something else, our hero would simply say "Don't you think Child Safety is important?"
  • I read the text. One question. Does this include ANY bit length, or did I miss something?
  • It's a pre-emptive strike against the bill's
    likely opponents. The favorite tactic in American
    politics lately is to claim you're doing whatever
    it is you're doing "for the children" and that
    what your opponent is doing will "harm the
    children". By throwing in useless language about
    protecting children, it short-circuits the
    opposition's propagandizing. (Note that I
    believe bith sides of the aisle are guilty of
    using this ploy, early and often.)

    Whenever I hear "for the children", I start
    looking to see who it's *really* for (either
    that or bend over and grab my ankles...)
  • So, we can look at the list who voted for this bill and see the spineless and possibly corrupt. Preventing export of encryption that is designed to exploit children? That has nothing to do with protecting little children in the US and its not honest to say they are voting for our children. Something's fishy.

    If one wants to protect little children, there are better ways. This is ignoring a problem and creating a new one.

"Everything should be made as simple as possible, but not simpler." -- Albert Einstein

Working...