Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Encryption Security

SAFE rewritten to be more law-enforcement friendly 137

Alex Bischoff writes "According to this article, SAFE (the Security and Freedom through Encryption act) has been rewritten to be more law enforcement friendly. 'The House Armed Services Committee voted 47-6 Wednesday to replace an industry-endorsed encryption bill with substitute legislation drafted by law enforcement advocates.' " And for once, it looked like the US Gov't was going to get a /clue/ about crypto.
This discussion has been archived. No new comments can be posted.

SAFE rewritten to be more law-enforcement friendly

Comments Filter:
  • Disclaimer: I did read the article.

    While it is true that this bill does not contain any regulation of domestic encryption, it does contain certain ominous particulars. The most obvious of these is the clause which places the whim of the president above any law or court.

    Don't assume that it will be found unconstitutional. When the issue of 'national defense' is raised, we have done far worse. Remember the atrocities committed during world war II, towards the general asian populace? Once this has been established, the framework will have been laid for much more extensive legislation. This is exactly analogous to the anti-gun movement, the pro-welfare movement, etc.

    The first step in erasing freedom lies in restricting a basic right in such a way that no one will complain. No one needs field artillery or heavy machine guns. Later, this becomes 'cop killer' bullets and assault rifles; note that neither of these terms existed before they became illegal. In crypto, it will become 'strong' domestic crypto, or possibly 'military-grade' crypto. Why would anyone need that if they weren't using it for something illegal?

    Later, someone will be caught dealing drugs or *gasp* helping illegal immigrants into the country, and it will be discovered that they used encryption to hide their nefarious activities. The brady bill of domestic encrytion will be passed, and everyone who stands against it will be a child molester just like everyone who opposes handgun control is a psychopath today.

    After all, my mom doesn't understand either subject and votes the way the minister tells her to on sunday. Millions of other people do the same. The number one concern Curt Weldon and JC Watts have is getting re-elected, and the masses will be happy to do it as long as it makes them feel safe, regardless of how accurate that feeling is. In a democracy it is very dangerous to be a minority.

    BTW back to the president's newest empowerment: if it passes, and he chooses to make all cryptography illegal to keep saddam from blowing us up or something, we won't be able to revoke it. Ever. Unless he decides to change his mind.
  • Won't work. Canada respects the US's Crypto export laws, so it's still the same. Except that your violating canadian law instead of US :-)

    DISCLAIMER: IANAL, This could kill your grandmother or dog. (Or, in some extreme cases both).
  • governments don't give rights, they only take them away. noodge.
  • Why do you think it's so hard to take away guns from people here in the US? Because it's our right to have guns. Law abiding citizens have the right, given to us by our government, to own firearms. I don't know if that was a good idea, and that isn't the point of the argument. The point is that when the government makes movements to abridge that right, people get angry. Because they have learned to exercise the right.

    Sorry, I have to call you on this one. I have the right to own a gun only because 200 years ago a bunch of people got really pissed off and thumbed their noses at the government. The government is welcome to come knocking at my door and ask for my encryption keys. They won't get them, but they're certainly welcome to ask. And if they give me a choice between surrendering my keys and dying, well, you may fire when ready, Gridley.

    The government hasn't given me anything it didn't take from me in the first place in the form of taxes. Certainly not the right to freedom of speech or any other right in the Constitution. When people stop claiming rights as belonging to them instead of being granted to them, we're in trouble.

  • My understanding (being canadian) is that the US gov't wants to limit the use of strong crypto to protect the american people and their way of life. Assuming I am correct in that assumption.. even if they pass this law.. what is going to stop criminals from using strong crypto anyways?? If they are doing illegal stuff anyways.. what is one more thing like using strong crypto? Makes little sense to me.. but then again I'm canadian as I said before.

    Lord_Rion
  • Well, just like handguns require a 7 day wait in massachusetts. If one wanted, they could do like that guy in new york did and spring $300 for roundtrip airfare to FL, buy a gun and come back to Massachusetts with it. But just because I can do that doesn't mean its legal or right.

    We don't export nuclear missiles to other nations. Oracle isn't allowed to sell their database software to enemy countries. SGI IBM and Sun can't export their computers to enemy countries. They all manage to get this technology anyways. Does this make it right? No. But should we make it easier and say its okay? I don't think so.
  • I'm sure the LEAs behind this re-write would force us all to accept brainwave tranceiver implants if they could figure out how to do it. As far as they're concerned, your average law-abiding citizen is just a mark to be hustled.

    Congress, on the other hand, are just lazy, uninformed, spoiled, sub-par human beings who don't give a hoot in hell about the laws they pass as long as they are returned to their gravy train every few years. Most of them never bother to read the bills they vote on, even though they all fight for the chance to give a little "Give me this law, or give me death!" speech every time the C-SPAN cameras' little red lights flicker. They don't care if the laws they pass actually accomplish anything useful, as long as there will be another checkmark next to their name in the "Tough on crime" column in some lame "Voter Guide for The Braindead" in 00. Anti-crypto laws have just about as much effect on criminals' use of crypto as gun control has on their use of guns. The law-abiding are the only ones who obey these stupid laws.

    Judging by the conduct of the folks from Washington, they think the laws they pass are for suckers. Kinda' makes me wanna' puke. Sorry for the rant, but I'm fed up.

  • That I create a new super-strong, criminal, whatever crypto software in the US and say that I made it in Mexico, or Canada, or Japan, or any otehr country out of the reach of Big Brother. How would they go about proving I wrote it here? The burden of proof is on them, remember.
  • > if it *substitutes* the industrey endorsed bill,
    > then why would it be more favoreable as hemos
    > suggessts?

    More favorable to law enforcement agencies, not the industry.

    *sigh*

    This sort of legislative bait-and-switch is not all that uncommon, you know. People get fired up about a certain piece of legislation, then at the last minute it gets replaced with another completely different piece of legislation under the same name. Of course, then the new bill gets voted in mainly because of the momentum the original had gained.

    > do your part to keep the /. piece -- daveo

    I'm keeping my piece in a shoebox under my desk.
    ---
  • I worked in political campaigns for 4 years... promoing bills that I felt were right. Now, the problem with that is, after working on a bill that passed, we found out that the president/house/senate had added, removed, or in some way butchered the bill so it no longer did what it was supposed to, or it did something bad. Line item veto takes care of getting rid of the real point, and just keeping the pork.
  • Come on... Like the guys in Finland don't have all of the commonly available encryption packages. It isn't that hard to get them over the internet and out of the country. What's the point in writing more legislation that says "No exporting Encryption" when all you need is a US based shell to get all of the encryption software you want?
    Idiots.
  • by A nonymous Coward ( 7548 ) on Thursday July 22, 1999 @04:49AM (#1790063)
    Five committees have passed versions of this bill. The Rules Committee decides which one to send to the entire House, and they are friendly(er) towards the bill. It almost certainly won't be the fascist inspired version from the Armed Services committee.

    --
  • This is just my little blab on government linguistics, but this just another example of how what a government service is called one thing, it usually means another, like the "Defense Department" or Nixon's "cointelpro". This "SAFE (the Security and Freedom through Encryption act" is just another example of how the title of one bill does the exact opposite of what it proposes to do, in order to decieve the public into believing that maybe progressive change is occuring.
  • by Erich ( 151 ) on Thursday July 22, 1999 @04:50AM (#1790065) Homepage Journal
    They have a clue alright... it's just that they're not concerned with your privacy or rights. They are much more concerned about keeping order. If they can stop 1 terrorist by infringing on everyone's rights, then they think it is worth it.

    You think that they don't know that if you use strong encryption that they can't read your email? Of course they know that. But they don't care that you don't want them to read your email. They want to be able to read it, screw you. And they realize that few enough people care today that they can go ahead and abridge rights now, and then people will never have them later to miss... they can seize the right now, before people realize they have it. And they know that if most people never become accustomed to it, they won't ever want it or miss it.

    If you never saw a computer, never used email, and nobody else did, then you wouldn't miss it. If someone took it away from you now, you'd be pretty angry. I know I would. And it is the same way with all sorts of rights -- if people learn that they have a right, they will fight to keep it, however if they never think they have a right they won't really care.

    Why do you think it's so hard to take away guns from people here in the US? Because it's our right to have guns. Law abiding citizens have the right, given to us by our government, to own firearms. I don't know if that was a good idea, and that isn't the point of the argument. The point is that when the government makes movements to abridge that right, people get angry. Because they have learned to exercise the right.

  • You can bear arms. Youn can arm bears. What you can't do is take that gun onto a plane. Try entering Britain with that gun. Nor can you buy a gun and give it to a felon.
  • Canadian encryption policy is similar to the US. We can use what we please, but we have fallen in line wrt the Wassenaar agreement (Read US policy) in the relm of exporting.
    I believe Wassenaaur states: (along with you can't export cool stuff like cryogenic systems for rocket fuel...)
    Anything open source export is fine. (horsey outa da barn!)
    56bits (piddley) fine
    greater than 56 bits-- must apply on an individidual basis.
    http://e-com.ic.gc.ca/english/fastfacts/43d7.htm l

    For entertainment check out the analysis of the submissions to the feds' policy paper. Of all the groups and individuals *nobody* wanted anything but market/no-restricitons except the police which wanted prefered restrictions and access to your keys. And we still get Wassenaar!
    http://e-com.ic.gc.ca/english/crypto/631d6.html

    Of note is that there were submissions from law enforcement agencies, but no submissions from security agencies. They have other avenues...

    Cheers,

    Bobzibub.
  • Well, would you want to use MS Crypto if they did??? ;)
  • What the US restrictions are effective in doing, however, is to cripple the development of cheap, commercial, embedded crypto. No US company want to develop a domestic-only product, that will qualify as munitions per export regulations. So they don't bother.

    In short, they make it illegal for US companies to create top-notch secure software. I guess that if the job really requires the security, our only legal option would be to import software from Europe.

    This isn't crippling the world's ability to do crypto. It's just insuring that the US won't be able to cash in on it.

    Methinks that the NSA came up to Washington one day and strongly encrypted some legislators' minds. In some cases, the point is that it inhibits rights. That aside, my problem is that it won't work to do the job it is supposed to do. It will just move the suppliers overseas, and let them legally export the tech to us.

  • by DonkPunch ( 30957 ) on Thursday July 22, 1999 @06:17AM (#1790071) Homepage Journal
    It has been mentioned already by two other posters, but I have to chime in.

    Yes, I also have a problem with the "rights given to us by our government" phrase in your post. It seems like a pretty small thing, but I find it indicative of an attitude in the U.S. which is starting to bother me.

    I don't believe that the current seperation of government from "the people" is what was originally intended for the United States. The Constitution starts with, "We, the people", not "We, the Government of the United States of America". The original goal was for government to be controlled by the people, not the other way around.

    The Constitution enumerates what the branches of government may/should do. In effect, it is a document in which the people grant rights to the government, NOT the other way around. IMO, American citizens have forgotten this fact.

    There were members of the constitutional convention who were against adding the Bill of Rights. Their argument was that enumeration of specific rights would lead to the government infringing on any rights which were NOT specifically mentioned. 200+ years later, I think they had a good point.

    The assumption that anything not mentioned is, by default, outside the domain of federal government is long lost. Today, when something happens, we ask, "What will the [federal] government do about it?"

    /* Not a lawyer. Just a guy with a deep interest in the U.S. Constitution. */
  • Now, is anyone interested in my One-time-pad encryption system? $40 per disk set. Guaranteed no two disk sets the same!

    I hope you are not relying on a computer's pseudo-random number generator to produce your one time pad. If you are, then the encryption is only as secure as the pseudo-random algorithm you used (very bad). Also, your essential key length would only be as long as the random seed. I can try all random seeds quite quickly for all common random algorithms.

    --brent nelson
  • The problem is that cryptography is not a secret. It's not some great knowledge that only US companies have. Any moron can go buy a copy of Applied Cryptography and a copy of Visual Basic, and within 2 hours can create a 2048-bit encryption program (using known, published, secure algorithms) that cannot be cracked in a reasonable timeframe. Don't you think Saddam Hussein knows this?

    The only people that these laws hurt are honest people who want to protect their private correspondance.

  • From the article: "It [the new bill] says any White House export decision cannot be challenged in court"

    This is a democratic government? This all sounds highly dictatorial to me.
  • Thank you for pointing out something I forgot.
    someone Mod my comment out of existance, plz.
  • from the press release

    Provisions of the committee approved Weldon-Sisisky-Andrews amendment would:

    • Reaffirm authority of the President to control export of encryption production products for national security purposes.
    • Establish statutory framework for export control of high performance encryption products.
    • Require the President to establish a performance threshold for encryption. Encryption products
    • that fall below the threshold would be permitted for export without a license. Encryption products above the threshold would require an export license for export.
    • Require a one-time technical review for all encryption products proposed for export.
    • Allow the President to establish certain sectors that would be subject to license free treatment of encryption products above the threshold, consistent with current U.S. policy.
    • Require the President to review the adequacy of the performance threshold every six months.
    • Establish an advisory board to review and advise the President on the foreign availability of encryption products.
    I don't like these provisions either, but everyone here should admit that this should be better than the current state of affairs. My problem is that it appears that the decisions will be solely made by the president. We all know how the president feels about issues of "national security." This means that things basically won't change until someone intelligent coms into office, which will happen eventually. Also it does not define who issues export liscenses, which might mean that they would be impossible to get if the wrong people are in power
  • Okay. We should start thinking about what we can do to make this bill ineffective right now. I have a few ideas, but one in particular seems easy to do and feasible.

    The problem for Linux isn't that crypto development work can't be done in the US -- although that is a problem. The real issue is that distributions in the US can't include strong crypto. (And the kernel can't either.)

    So how do we get around this? Easy! Change your makefile to depend on a file which doesn't exist. To resolve the dependency, have wget pull the file from a web site. For distributions, this would fix the problem for people with great network connections. For others? Well, maybe somethign else can be worked out.

    For the kernel, distributions will still have a problem, but there could be a small program called secure_kernel which downloads the relevent code and recompiles and installs the kernel.

    And, of course, applications can link into a library for which the source is downloaded and installed at install time.
  • Does MS include Crypto in Win9x? No, partly because they couldn't export it if they did.

    Yes, indeed, they do. Win 98 includes Internet Explorer (remember, it's a part of the OS...repeat that enough times and you might believe it). Internet Explorer is an HTTPS client, and thus has SSL encryption. Now, are there two strengths of Win98/IE, one for domestic and one for foreign?

    And so what if they did ship Win98 with the full 128-bit crypto? The government seems to have little control over Microsoft anyhow. Would the DOJ come by and issue a cease-and-desist?

    Win98 ships with IE. IE ships with cryptography. The state department defines cryptography as a munition. Win98 comes with munitions.

    Or, in short, Win98 bombs.

  • This is a message I sent to Congressman Weldon (a representative quoted in the article) and to my Congresswoman, Sue Kelly. It could make a difference if a lot of people did the same.

    Kyle


    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Dear Congressman Weldon and Congresswoman Kelly:

    I don't know why people have a hard time getting this through their
    skulls, you included. Let me make it plain:

    Foreign countries already _have_ strong encryption technology.
    Restricting export only causes inconvenience and financial loss for
    providers of encryption within the United States.

    Witness RSA Data Security's creation of a partner business in
    Australia which will allow them to finally compete in the
    international market for an encryption protocol that the three MIT
    scientists created in the late 70's. Witness the hoops free software
    developers have to jump through to get encryption code out of the
    United States: printing it out on paper and then scanning it in
    overseas.

    Other countries already have access to all the major encryption
    protocols: RSA and Diffie-Hellman/El-gamal on the public-key side,
    IDEA, Blowfish, 3DES, RC5/6, et al. on the symmetric key side. This
    is a _fact_: you cannot contest this. In fact, not only do they have
    access to such algorithms, they have polished applications allowing
    them to apply it! The following websites detail just two of many
    such applications and libraries that are outside the control of the
    United States and are available to anyone, anywhere in the world:

    GnuPG, a free software replacement for PGP
    http://www.d.shuttle.de/isil/gnupg/ (Germany)

    OpenSSL, a free software library for the secure socket layer,
    supporting encryption keys of arbitrary lengths
    http://www.openssl.org/ (Switzerland)

    Therefore, it is illogical to restrict the export of encryption
    technologies from the United States with arguments based on
    law-enforcement, because _everyone_ -- criminals and non-criminals
    alike -- already has full access to the strongest available
    encryption.

    Since I refuse to believe that any of our elected representatives are
    actually stupid, it remains that you must have _some_ reasonable
    motive for retaining these inane, damaging, and futile controls. What
    that is, no one else can figure out; but we, the people of the United
    States, would certainly like to hear it. I would appreciate your
    sharing this with the rest of the committee because I cannot honestly
    believe they would support these controls if they actually knew the
    information contained herein.

    This email, by the way, is signed by my GnuPG private key. You can
    verify its authenticity with my public key, which can be found on my
    homepage.

    Yours truly,
    Kyle R. Rose
    Registered NY State voter

    - --
    Kyle R. Rose "They can try to bind our arms,
    Laboratory for Computer Science But they cannot chain our minds
    MIT NE43-309, 617-253-5883 or hearts..."
    http://web.mit.edu/krr/www/ Stratovarius
    krose@theory.lcs.mit.edu Forever Free

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v0.9.5 (GNU/Linux)
    Comment: For info see http://www.gnupg.org

    iD8DBQE3l0qp66jzSko6g9wRApD0AJ928fzYTNSaZG+/wUcw +ByqDFc17wCeKJT6
    zp5Mfmmy/4uAbN+v6dcJwsM=
    =He4J
    -----END PGP SIGNATURE-----



    --
    Kyle R. Rose, MIT LCS
  • Good point. If you read the Bill of Rights closely and grammatically, something few people do, you will note that they are not giving rights to anyone. What they are doing is guaranteeing that the government does not take away preexisting rights. What it is fact saying is that poeple have a "natural" (my word) and preexisting right to free speech, practice of religion, owns arms, associate with whomever they want, and the government that obeys these Amendments will not take them away.

    Of course, the attitude these days seems to be that anything we have is because the government gives it to us, but the Founding Fathers realized differently. We have all these rights as humans
    and a just government will not take them away.

    I just wish our Congress would start legislating for everyone rather than passing draconian measures to deal with a very small minority of people. There's too much, "How will this hurt the bad guys?" and not enough of "How will this help the good guys?"


  • Well, let Saddam shell out the $$ for the book, programmer and Visual Basic. Everythings doable, but just because you can do it doesn't mean it should be legal.

    I'm all for privacy - I encourage everyone i know to use PGP, but I just because the internet has created this global community, i don't feel its appropriate that we just give up on our sense of law and order.

    I'm all for privacy. I can send PGP'ed email back and forth with my friends, Saddam can develop his own, I don't think that we should say that its fine that since he can we'll just give it to him is all
  • Every time crypto export regs come up for discussion, people say that the regs are nonsensical, that the theory is that the rest of the world is too stupid to develop strong crypto. This is incorrect on both counts.

    Let me state at the outset that I support an elimination of the crypto export regs as I do not believe that they are effective. They have not prevented strong crypto from reaching the rest of the world, and esp. not the black hats, who are after all the sole legitimate target of this sort of thing anyway.

    The idea that crypto is a munition is correct. It is a tool which is used to defend oneself (in this case, one's data) from an enemy. It can be used by one's enemies to defend their data from your perusal. Lest you think that this is a minor argument, recall that we won WWII mainly through the strength of our cryptology work; without it the Germans and Japanese would have controlled the globe (I discount the Italians for the simple reason that they would have in time been absorbed by the Germans).

    The logic of denying one's enemy weapons is not that he cannot develop them for himself; it is rather that there is no point in developing them for him. Anyone can make an atomic weapon; it's not that hard to do. But we don't allow them to be sold. This keeps the barrier to entry higher than it would otherwise be. Ditto for cryptology. Anyone with a semi-decent grasp of programming and a book on cryptology can come up with a workable encryption program. But why should the US do the work for him?

    There are legitimate concerns about cryptology. It makes intelligence gathering much more difficult, forcing it to rely on fallible human agents much more than on intercepted transmissions. Our national status is at present due in large part to the efficiency of our intelligence apparatus. Without it, we are much weakened (although not entirely; we also have an excellent military and a top-notch economy).

    Unfortunately, the cat is out of the bag in regards to cryptology. With modern software only one person need duplicate functionality for the entire world to use it. Our export restrictions on cryptology now do more harm than good (and they do do good, by making it more difficult for encryption to be used); they have hurt the international competitiveness of our industry. Hence they must be revoked.

    Crying that they're holding back technology means nothing; it's like a chemical firm complaining that chemical weapons restrictions are holding it back. It is futile and wastes precious political capital.

    As regards encryption with the borders of the US, it is quite rightly allowed. This is a nation which deems rights more important than security. Hence the First, Second, Fifth and other Amendments. This is why we are innocent until proven guilty. This is why the right to encrypt one's data is preserved. IMHO, we should add a new amendment to the Constitution guaranteeing that right.

    However, an internal right does no mean that it means anything when crossing international borders. A right to say what one wishes here does not nec. mean that one can carry that tape out of this country or into another. Otherwise espionage would be legal. Restricting export is not a free speech issue. It's a bad idea for other, equally important, reasons.

  • actually you could use the thermal noise thru a resistor, a sound sample of white noise (filtered sufficiently to remove all the repeatable patterns) from your radio or any other random source. there are limitless cheap random number noise sources.
  • As "kabloie" said, the French have reversed their position on strong crypto by allowing 128 bit keys, IIRC thanks to Lionel Jospin (although I am not sure whether the law has actually been passed yet).

    This means that on the latest crypto-list [epic.org], the French have progressed from "YELLOW/RED" (1998) to "GREEN/YELLOW" (1999). (Warning: Page is 272 Kb)

    Note also all the other European countries who have gone from "GREEN" to "GREEN/YELLOW" by supporting the Wassenaar agreement.

  • First:
    http://www.house.gov/hasc/openingstatementsandpr essreleases/106thcongress/990721spence.pdf


    Secondly: as far as "internal" vs. "external" rights, there is no such distinction. Rights are what they are, by our nature as living, breathing human beings, not a politician's fiat. A government that fails to recognize those rights is simply wrong (e.g. our policy concerning human rights in China, our involvment in the Balkans, etc...)

    The ASC's arguments that "experts" in intelligence should dictate crypto policy is ludicrous. The military is NOT a legislative body. It should have NO domain over US citizens and their liberties!

    And, of course, that the very crypto technology these "experts" are railing against is freely available OUTSIDE the US makes the whole point moot. I simply can't believe that people THIS STUPID are making decisions more important than what they will have for lunch today.
  • Furthermore, the Bill of Rights states that other, unenumaterated rights exist. The right to privacy which many of us here zealously guard is not enumerated in the Bill of Rights, but rather, was declared by the Supreme Court.
  • "to maintain an information-based advantage over our enemies"

    In the "anti-terrorist" legislation, the American public was defined as an enemy of the government. So which "enemies" is the government talking about? Just something to think about.

  • The problem with the various provisions of the amendment is that they take us right back to where we started. A centralized body with no incentive to allow free exchange of ideas decides whether US citizens can export any given piece of encryption software.

    Clearly they're not doing this to prevent strong encryption from exiting the US, since it exists in quite usable forms elsewhere. They're doing it to advance an agenda that links privacy with illegality.

    It's worth remembering that even representative governments are not reliable defenders of civil liberties....

  • NSA: Sir, will you please look into this light.
    Representative: What is this some kind of eye tes...
    (flashy light thing)
    NSA: Now sir, remember you work for us, you do everything we tell you. You are being placed inside Congress as a representative, so act the part. But remember you must always report back to us. Now sit straight BOY.
  • I, personally, would always choose freedom over order here's why:

    1. The government isn't protecting you. They just clean up the mess when the crazy part's over.

    2. When the government crashes, the underground will still be completely intact.

    3. The human race started free. We are the only species on the planet to surrender our freewill to legaslative control. This is not necessarily because we're smart. That's just what we've been taught.

    I say, let the government get more and more and more oppressive. Bend it back and forth, see what breaks off. Let's go to the end of the road and see what's there. I'm not scared, just paying attention.
  • governments don't give rights, they only take them away

    Without government, the strong crush the weak. Without government, we have anarchy, where the concept of rights is a farce.
  • Won't work. Canada respects the US's Crypto export laws, so it's still the same. Except that your violating canadian law instead of US :-)

    Not exactly. Canada respects the U.S. export restrictions... on software that was imported from the U.S. Any strong encryption we get from stateside we get on the condition we don't export it anywhere they wouldn't. Anything developed here in Canada, or elsewhere outside the U.S., does not fall under U.S. export restrictions and can be exported legally.

    -- Bryan Feir
  • No, they are just under the impression that they have a clue. Any semi-competent international-terrorist/drug-lord/whatever will realize they can get their strong encryption abroad. The only group of people that these restrictions effect are those that follow the law... I don't understand why they can't see how utterly pointless these restrictions are!

    Do the majority of US citizens actually support the regulation of strong encryption? Does the gov't really represent the people?


  • ... and there has never been a gov't that has crushed the weak?

    I think the government's job should be to protect people's rights, and not take them away.
  • err...the strength in PGP is *not* comparable to RC5. RC5's shorter keylength is more secure than a PGP encrypted with the same or slightly greater keylength i.e. 64bit RC5 is as strong as 1024bit PGP (check any crypto site for more explanations). Note that RC6 (successor and more stronger than RC5) 64bit takes 7 minutes to crack (read the /. stroy on the cracking machine a few days ago). RC6-128bit or RC5-128 bit or greater are supposedly less vulnerable to cracking. 64bit is dead. Any PGP keylength 4096bits is also dead.
  • Exactly! The final bill will most certainly not look like the version that the Armed Services committee passed.

    Come to think of it, it was to be expected that the Armed Services committee would magle the SAFE bill the way they have done. Now let's just hope that the people dealing with finalizing the bill have a lot of common sense and do listen to all sides, including citizens at large.
  • personally, when I read that,
    I got REALLY scared...and still am.
    As my AP Goverment teacher pointed
    out to us back in high school, the only
    way bad US laws really get taken down
    is when someone makes a fuss about them,
    challenges them in court, and the
    Supreme Court eventually rules them
    unconstitutional. That power right there
    is the only thing which has managed to
    keep the corruption of congress from going
    wild. So now they just pass a bill which
    states "you can't challenge this in court!",
    and as soon as Pres. Billy signs it,
    no one can ever challenge it at all,
    no matter what is done?
    Just tack that on to every bill they pass,
    and the Judicial branch becomes completely
    irrelevant in the system of checks and balances.

    The courts were the last refuge US citizens really have for fighting their government...everyone knows "writing your congressman(woman)" NEVER works.

    I'm really scared that someday I'll be arrested,
    and never be able to challenge the law, because the courts aren't allowed to challenge it.

    -A scared US citizen, looking towards Canada.
    or europe. or, better yet, Antartica.
  • I honestly think we'd be in a worse position. Today, we have a body of law that is being challenged with some success in the judiciary branch. I don't know if the evolution of this would repeal crypto-export restrictions, but a new legislation would render a lot of this work null and void. You would have to litigate the new law all over again, and maybe not have the same success.

    Additionally all the other arguments about presidential control would still apply.

    What scares me even more is bullet #5. What sectors would be subject to license free treatment of encryption products above the threshold, consistent with US policy? Can you imagine the abuse and administration needed to establish this objective. First, you would have to have a committee to classify and recommend sectors. Is Be an OS, multimedia product, internet browser, etc. Is it all of the above. A new corporate legal war emerges to determine product's class and industry sector. Until now, we left this to the marketing departments and trade journals. It would now be an issue of law.

    Furthermore, think of the political lobbies necessary to get sector or product exemption. It could be prohibitive for all but large companies to lobby for an exemption. This is just for the legal methods. Imagine the abuse possible for illegal methods... bribery of officials, back corner deals to escrow keys with the NSA.

    As mentioned previously, it would also be a first step toward controls for domestic encryption controls.
  • by Anonymous Coward
    Who wants to lobby for getting Samuel Jackson on the Supreme Court just for the decision overturning this version, should it be enacted?

    It says any White House export decision cannot be challenged in court -- an attempt to block lawsuits like one brought by a math professor that won a recent victory in the Ninth Circuit Court of Appeals.

    Do we look like bitches?
  • Ooooooh! Poor programmers don't get to make encryption products to sell overseas! I feel for them. Not like they can find a job doing anything else, like maybe making that multithreaded TCP stack that linux seems to need. Last time i looked there was a huge need for C, C++, PERL, Python, you name it developers in the Boston area.

    So, please don't say it hamstrings our programmers!
    :)
  • Just wait for the Ministry of Peace to be established.
  • by Anonymous Coward
    Read up on so called "executive orders" (sorry, I don't have the URL handy). It turns out (via FDR's "War and Emergency Powers Act") that we have been under a "state of emergency" since 1934. It was never repealed.

    The president can basically do ANYTHING HE WANTS and congress has sixty days to overturn each order. They never have.

    Billy Boy issued more executive orders in his first term than all the other presidents combined.

    If he can't get what he wants through congress he simply issues a "royal proclamation" and boom, it has the same force as law.

    Now THAT'S SCARY!

  • Well, why don't we just have ourselves a dictatorship, eh? That would bypass pesky old congress. I trust a one person gov't even less that congress!

  • I'm not a an anti-government nut,
    but I think it's kind of obvious that the
    "enemies" the bill refers to are not international terrorists, child pornographers, or whatever...the "enemies" are the average American public.
    I don't think the US government is smart enough to engage in a conspiracy, in the words of Bill Maher, "conspiracy? they can't even deliver the mail!". But I do think that they are as smart as the bullies on the school playground...they know who they should fear. Criminals, intellectuals, etc...they aren't a threat, as far as numbers go. But the general american public, the masses, the "sheeple" (love that phrase), must be kept in line. If _they_ get out of line, the government is in trouble.
    look act the facts:
    - Export control in the US doesn't affect the outside world at all...numerous postings have made this clear.
    - Export control does limit US companies from making exportable, strong encryption products.
    Many therefore won't bother making them at all.
    - Therefore, "export controls" limit the presence of crypto _within_ the US, without explicitly saying so. No real effect on non-US citizens, but internally, they can now monitor the sheeple, who won't really use encryption unless it's pressed under their maws.

    For the note, I'm NOT an elitist.
    Put me in a large crowd, whip us up to a frenzy
    against something or other, and we'll all
    mindlessly move that way without individual
    thought. The archetype of Star Trek's Borg is but a reflect of the darker side of our minds, wherein we lose individual thought amongst a crowd...the most dangerous thing in the world is a _group_ of angry, cornered prey, especially humans.

    Fear the people.
  • This is a recurring pattern. Brave ideas about a reasonable crypto regime, them a major jellyback act as congress caves in.

    Back in the J. Edgar Hoover days, when the FBI's budget was threatened, certain incriminating photos and other information would be brought to the attention of those involved.

    Suddenly the FBI's budget would be off the agenda.


    Anyone got a better theory about what happens with the crypto laws?

    The article makes it pretty clear the aim of restricting crypto export is to make it easier to spy on people. The US has a long record of spying on friend and foe alike and using the information to protect its interests, especially commercial interests.

    The fact that the export regulations make it considerably more difficult and inconvenient to get strong crypto WITHIN the US and presumably makes it easier to spy on US citizens - in the hypothetical scanario that they wanted to do that - is just a bonus.
  • anyone in the world (except perhaps China) can freely download the latest in crypto technology from a number of countries.

    So what? Availability is nice, but law enforcement folks don't care whether it's available, they care whether it's used. It's clear that availability isn't enough to promote use. It needs to be ubiquitous and effortless, and that means building it into popular software systems.

    If Microsoft, Netscape, and AOL all built strong encryption into their mail software, everyone would be using it. That's what law enforcement is afraid of, and the current legislation is effective at preventing it. They're not stupid; they're getting exactly what they need.

  • The jurisdiction of the courts has _always_ been under the control of Congress. Read the constituion a little closer and you will see this. In fact, this is hardly the first time nor even the most controversial use of such power. Following the U.S. Civil War the Congress removed from the jurisdiction of the federal courts all cases arising from the reconstruction acts.

    The only exception to this rule are cases which have _original_ jurisdiction with the U.S. Supreme Court. These are cases of admiralty law and suits between the states themselves IIRC. Last year was rather noteworthy because the court heard one of the first such cases in something like 50 years (New York and New Jersey were fighting over which state Ellis Island is in...NJ won.)
  • Yes, I have to agree with that. A very scummy move on the part of the American Government(TM)... now if possible, I'd love to develop a very heavy duty encryption scheme out of the United States. Just one question on American legality definitions, though: Free software under the GPL can be (and usually is) developed by many people around the world, in many different countries. Does the US have any right to stop the spread of encryption algorithms developed under a GPL and by people in other countries as well as the US?
  • Well, to be fair, I don't think anyone has devised a means to kill another person purely by using cryptography as it is designed to work. I'm not sure the handgun analogy is apt.
  • Since JFK Jr. and family were reported missing and the popular news media have been *cough* *cough* 'reporting' on it, I've been waiting to hear through my favorite other sources (e.g. /.) that the 1st Amendment to the U.S. Constitution has been repealed. (For non-U.S.A.: 1st Amendment is freedoms of religion, speech, press, assembly, and petition) I guess this and the other Wired headlines for today indicate how close they (congress) dare, since most of America is watching the sea-burial.

    So is this convenience, conspiracy, or coincidence?

    Oh, yeah. M-x spook. :)
  • I'm not sure what are you talking about. I thought that line item veto was found unconstitutional by the supreme court.

    --
    In the land of the blind the one eyed man is burnt at the stake.
  • by Anonymous Coward on Thursday July 22, 1999 @04:54AM (#1790127)
    Notes from the article:

    "Proliferation of encryption technology would harm our ability to gather vital intelligence, jeopardize our early threat warning and attack assessment, risk our ability to maintain an information-based advantage over our enemies, and place our nation's most secure systems at risk," said Representative Curt Weldon (R-Pennsylvania), who introduced the amendment.

    Bullcrap. Our enemies already have encryption that's probably good enough to hide what they're doing, if they want to use it. And if they haven't got it yet, they can order the books from Amazon.com and code it in themselves! Do all US Reprehensibles think the enemies of the US are stupid?

    The version approved by the House Armed Services Committee would grant the president complete authority to deny any expert controls that he considers "contrary to the national security interests of the United States."

    So the Prez will have dictatorial control over that aspect of our lives. Sieg heil!

    Weldon's bill contains no domestic restrictions on encryption, but the measure is hardly what tech firms had hoped for.

    Hmmm.. guess they haven't figured out a way around that pesky 1st Amendment yet, or they'd ban domestic encryption too....

    It says any White House export decision cannot be challenged in court -- an attempt to block lawsuits like one brought by a math professor that won a recent victory in the Ninth Circuit Court of Appeals.

    THIS is what burns me up. Either is is blatently unconstitutional, or we need to shoot the buggers and start from scratch. NO law or decision should be immune from challenge in court -- that's what the bloody courts are for in the first place!

    I'll say it again... it's time for us to head for the moon and live there.
  • The NSA (and this is their long spiny fingers in action) is made up of either morally devoid or completely brainwashed people ("Must not give freedom, freedom leads to chaos, must not give" etc), but they are no doubt intelligent. They know they cannot stop crypto, they know that terrorists and foreign governments mostly have, or could have, unbreakable crypto today.

    But, just like Microsoft who can't stop Linux, they know that if they use everything in their power to make it as clumsy and complicated for Crypto to be widely used, they can keep it out the hands of the every day man (their real favorite targets) for as long as possible.

    And its working, until people either smarten up or the courts do, Crypto will never reach widespread use.
  • "It says any White House export decision cannot be challenged in court.."
    IANAL, but isn't this clause blatantly unconstitutional?
  • Elected officials vote against privacy of communicition again. Why? To protect little children from terrorists and pedophiles?

    I think it is different. They are mostly lawyers. Lack of encryption and privacy causes people to snoop and encourages trouble. Spouses catch another cheating, people in the workplace tattle on eachother over usual human behavior, lawsuits, lawsuits, lawsuits. Lawyers win over any stupid laws passed. They decide the legal rules to ensure their economic success.

    Its job security and best for the economy if encryption is restricted to Americans. More chaos is encouraged. It keeps people alert...
  • Posted by Lord Kano-The Gangst:

    This is about allowing the police to have an open window into all of our daily dealings. When broadband internet access is available to all do you think that the average idiot is going to know how to control the shares on his windows 9x, or 2k box? Hell no. Your local LEOs will be able to get a list of IPs from your ISP(just by asking), and browse HD's. Some of you may think "If there's nothing illegal then there's nothing to worry about."

    I disagree, what if you're dating the cop's ex-wife? What if she left him for you? What if a cop has some other reason to want payback (like you beat him up in HS or whatever)? One picture of a naked kid gets "found" on your computer and you're getting butt-raped in a cold dark cell and the guards don't care because they think that you're a child molester.

    This isn't about "early warning" systems. It's about big brother wanting to see everything that we do. I'm again going to borrow from Phil Zimmerman, this would be akin to the police trying to outlaw the use of envelopes on international mail. They want us to use postcards so that each piece of mail can be easily read in transit.

    Screw that. I've seen cops lie in court, I've seen cops falsify reports, I've seen cops beat the tar out of an unarmed 15 year old kid. F*CK LEOs, I don't trust them, especially if they don't trust me.

    LK
  • Does anyone know about Canada's crypto export laws? Are they similar to the US's? Because exporting crypto software to Canada is legal, right?
  • by sjames ( 1099 ) on Thursday July 22, 1999 @05:02AM (#1790133) Homepage Journal

    I think that the Open Source community should try and come up with a really heavyweight encryption algorithm outside the US.

    GNUpg is already out there. It looks to be as strong, and more versitile than PGP.

    Abject stupidity is the only explaination of US crypto policy. They might as well ban the export of sand to the middle east.

    The only people they are hurting in the name of US national security is the citizens of the US.

  • The line item veto has not been found unconstitutional, since it's really just a procedural motion (all appropriations bills are automatically broken up into lots of little bills that each stand individually). Congress is permitted to define its own procedures on matters such as these.

    This, however, is not an appropriations bill and therefore the line item veto doesn't apply.
  • the URL of the press release is
    http://www.house.gov/hasc/openingstatementsandpr essreleases/106thcongress/99-07-21HR850mar kup.pdf
    for some reason it apparently didn't like me linking there...
  • Comment removed based on user account deletion
  • Take a look at Stronghold. They are hiring people outside the US and have been for months. It's just a matter of time that all the Crypto companies split out from the US and go buy a small island somewhere and export all they want.

    Does anyone out there in Slashdot land work for a company that's been sued for exporting crypto? Who sued you? How'd they find out? Where was the server that send out the file?

    Aside: Anyone here email their national offical recently? It's cool! You can say what you want to the people that you've chosen to form your gov't for you, and you get a nice form email back! It's worth ten minutes of time.

    --
    "The Truth is one, but the wise call it by many names." -- The Upanishads
  • Shooting down the government's excuse (that the regs prevent the hob-goblin du jour from hiding behind strong crypto) is trivial in itself.

    More fundamental is the government's actual reason for the restrictions (to hobble the process of building strong crypto into the communications infrastructure for routine use). For obvious reasons, the government does not wish to acknowledge this motivation; it would then be too obvious that the real agenda is to preserve the ability to pull COINTELPRO-style dirty tricks against law-abiding but annoying citizens.

    Blowing away the excuse smokescreen is valuable not so much for refuting the government's official argument, which is so weak as to be a straw man, but for exposing the government's underlying dirty laundry.
    /.

  • Since I refuse to believe that any of our elected representatives are actually stupid, it remains that you must have _some_ reasonable motive for retaining these inane, damaging, and futile controls. What that is, no one else can figure out; but we, the people of the United States, would certainly like to hear it.

    Oh, some of us figured it out long ago -- it's to make the use of strong encryption enough of a PITA so that the government can continue to use Echelon-style driftnet fishing expeditions.

    Of course, neither Weldon nor anybody else is going to 'fess up to that.
    /.

  • ... this is a fairly hard question of the law of federal jurisdiction. A number of federal laws limit the jurisdiction of the courts. If you'd like to see a few, search the U.S. Code [house.gov] with the search term
    'no court shall have jurisdiction'
    or
    'shall not be subject to judicial review'
    IIRC, however, most of these provisions only limit the sort of remedy which the court may order (e.g., courts can award damages but can't enter injunctions), or require that certain administrative procedures be taken prior to suit (e.g., "no court has jurisdiction unless the plaintiff has jumped through hoops 1 through n"). (There are exceptions, however -- see 22 U.S.C. 2778. [house.gov])

    Whether this particular restriction is constitutional is a harder problem, as it would seem to foreclose all avenues of relief for violation of a constitutional right. It's not a foregone conclusion, however.

  • The first step in erasing freedom lies in restricting a basic right in such a way that no one will complain. No one needs field artillery or heavy machine guns. Later, this becomes 'cop killer' bullets and assault rifles; note that neither of these terms existed before they became illegal.
    I think "assault rifle" was and is a legitimate term refering to rifles of intermediate caliber that can be set for either semi-automatic or automatic operation, such as the famous Kalashnikov rifles (the real military versions, not the "civilian" replica models) or the M-16. (I am not a firearms expert, so anyone who is feel free to correct the details here.) "Assault weapon", on the other hand, is a tool of politcal FUD, with no clear definition.

    I'm waiting to see the news reports about "assault crypto" or "assault computers"...

  • _Logic_ wrote:

    The ASC's arguments that "experts" in intelligence should dictate crypto policy is ludicrous. [...]
    I simply can't believe that people THIS STUPID are making decisions more important than what they will
    have for lunch today.

    Everything's OK! In the House cafeteria, trained experts are deciding what these people will have for lunch today. (when I visited it was tuna salad on white bread)

  • I believe you are wrong. The Supreme Court ruled that the line item veto was unconstitutional last year. They said that it unfairly altered the balance of powers setup by the Constitution.

    The method breaking up the bill into many other bills was discussed, but as far as I know, they never used that method. Congress simply had passed a law saying the president could veto certain items, and keep the rest of the bill.
  • This WAS a government created by the people, for the people. The original intent of the government was to protect the people from foreign interference, so we could remain free. The reason we get so pissed off when our rights are whittled away is because there's some of us who actually remember what it's supposed to be like.

    With unbreakable encryption as a standard part of a product, we gain a thing called free communication, which could have the capability to take the government out of the communications loop. This could make the people more powerful, and the government less powerful. Governments are inherently power freaks, or they wouldn't be who they are. From there, it becomes fairly simple to predict the direction of most legislation.

    However, there's nothing stopping someone outside the US from making a mainstream product that has strong encryption. That's what the US industry doesn't like. It's half about greed, half about privacy. I'm in favor of the privacy end, but I think privacy should be free, so the greed end is irrelevant.

    Before we talk about guns, I need to go clean my Mini 14.
  • I think you are confused.. basically the law would prohibit the DENIAL of export permission to be challenged. You could still challenge the law itself on Constitutional grounds.
  • It did follow normal procedure:

    It was introduced to the House on 25 February 1999, and reported to a total of four committees: Commerce, Judiciary, International Relations, and Armed Services. Those four committees each considered the bill, held hearings, and listened to both Industry and Law Enforcement opinion of the bill.

    Before -any- amendments, it garnered 257 cosponsors -- 257 Representatives who say it's a good bill they support. Remember: 218 have to vote Yea for it to pass, and it has 257 behind it.

    On April 27th, the Judiciary committee reported it to the House, saying "Good bill, as is"

    The Commerce committee also liked it, and suggested a couple of small amendments -- still a very pro-encryption bill

    The International Relations committee added a couple of more things to it, but left it mostly intact.

    Most interesting is reading the finding of the committees: None of them particularly agreed with Law Enforcement. International Relations even went as far as stating that the Administration policy that Law Enforcement supports doesn't meet Law Enforcement's stated goals -- and no attempt is being made by the Administration to tighten the restrictions currently in place.

    The 106th Congress bill query page [loc.gov] will allow you to search for h.r.850 and read the reports for yourself (I can't figure out how to link directly, sorry).

    Now the fourth committee has marked up the bill -- but not reported it yet -- and has apparently supported Law Enforcement over Industry.

    The House as a whole hasn't even officially seen the Armed Services Committee's amendments, although they've seen the other three committees. It's a little early to say the bill is deal.

    I will note that the first committee to report (Judiciary) refused to consider one section of the bill because of jurisdictional grounds.

    So at this point, assuming the Armed Services Committee reports it as reported, there will be four versions of the bill -- three very similar, and pro-Industry, and one very different, and pro-Law Enforcement. This is what the Rules Committee will have to sort out.

    Then, it will go to the full House, then to the Senate, and finally to the President.

    I wouldn't say it's dead yet. It might not be mortally wounded. But we should let our congresscritters know that we favor the original version.
  • That must have been one embarrassing URL! By the time I hit it (approx 1630 PDT 7/22) it was taken off the server. Maybe someone could tell the rest of us what Spence said . . .
  • This is only stage one folks....
    Once they have a Bill saying what is xbits allowed they will pass the next one. The next one will say any US-Citz using >xBits to send Any Data(even if they could crack it) to a NON-USA target is a Spy/terrorist/kiddler QED. Wave byebye as you are taken for Re-Grooving.
    Tell me I am full of FUD...please!!!
  • You are full of FUD...

    What -will- happen:

    The House Rules committee will take all 4 or 5 versions of this bill to date, and hack them together into something similar to what Commerce, Judiciary, and International Relations approved, dropping most, if not all, of what Armed Services did.

    The full house will debate. Some killer amendments will be proposed, and defeated. Some weakening -but not killer- amendments will be accepted.

    The Senate will take the bill, and have the same type of wrangling that the House has had. In the end, they will come up with a bill which is more LEA friendly, but still a good bill. They will pass it

    Conference committee will debate it, and hack up something with some key LEA-appeasing unenforceable provisions, and send it back to the House and Senate.

    Both will pass it, and it will go to the President, who will veto it.

  • I don't need to say it hamstrings programmers, because you just said it yourself. Regardless of whether they can write other software, they fact that they cannot export crypto software does hinder them. By your logic, a law banning pro-Communist speech does not violate the First Amendment, because you can still say other things. Furthermore, you have also admitted that the current regulations do not prevent bad guys from getting crypto. Saddam doesn't need us to give him crypto, in fact he doesn't even need to hire his own developers, because he can freely download it from non-US servers. The only people hurt by the current restrictions are law-abiding Americans for whom real Internet security has been made very difficult. Oh, and the NSA types who believe they have a God-given right to spy on everyone's correspondence, but I don't really care about them.
  • If they can stop 1 terrorist by infringing on everyone's rights, then they think it is worth it.

    Ten minuts of actual research on the internet would show them that anyone in the world (except perhaps China) can freely download the latest in crypto technology from a number of countries.

    The only explaination I can find is that they honestly believe that non-Americans are too stupid to develop strong encryption. Sombody's stupid, but it's not non-Americans.

  • The new bill contains NO restrictions on domestic crypto. It only upholds bone-headed restrictions on export.
  • Why do you think it's so hard to take away guns from people here in the US? Because it's our right to have guns. Law abiding citizens have the right, given to us by our government, to own firearms. I don't know if that was a good idea, and that isn't the point of the argument. The point is that when the government makes movements to abridge that right, people get angry. Because they have learned to exercise the right.

    We need to learn to exercize our right to use strong encryption. I'm not a lawyer, but it appears to me that not only is encryption covered by the First Amendment (freedom of speech), but also the Second (right to bear arms..the US gov't. has declared cryptology to be a weapon) and possibly the Fifth (right not to incriminate yourself...giving up your keys *could* be considered self-incrimination).

    How about sending your Senator and Representative a list of strong-crypto products based outside the United States (as well as homepages to such products)? Let them know that the genie is out of the bottle already and that criminals both inside and outside the US have plenty of opportunities to get the high level of encryption that they want.

    We also need to figure out what to do in the worst-case scenario (Congress actually passes the bill). How about lobbying for a provision that products where the source is available would be exempt? I think that's even a provision in the Wassenar "Agreement".

  • by Zach Frey ( 17216 ) <.zach. .at. .zfrey.com.> on Thursday July 22, 1999 @05:12AM (#1790159) Homepage

    You are absolutely right that, for any saavy internet user, the US export restrictions are a joke -- just surf over to a non-US site and grab any crypto you want.

    What the US restrictions are effective in doing, however, is to cripple the development of cheap, commercial, embedded crypto. No US company want to develop a domestic-only product, that will qualify as munitions per export regulations. So they don't bother.

    So, are the export restrictions effectiving in preventing all use of crypto? No. Are they effectiving in keeping the Bad Guys from using crpto? No. But, they are highly effective in preventing the widespread use of crypto. They are highly effective in preventing the use of strong crypto in part of the underlying communications infractructure.

    I will leave it as an exercise to the reader to determine for themselves if we have this situation because the spooks at the NSA are so darn clever, or because the politicians in Congress are so darn stupid.

  • by fable2112 ( 46114 ) on Thursday July 22, 1999 @05:12AM (#1790160) Homepage

    Of course, and here is where it gets sad, there's another problem:

    It's not the "government" that doesn't want us to have any rights, it's the majority of the American population. You think there's any way in this universe that the First Amendment would pass if it were being proposed as law today? "What Communist drivel!" would be the likely response to it.

    I'm fully aware that for various reasons the FBI's probably got a file on me (due to my connection with organizations that are "subversive" or perceivable-as-such, and possibly my ex-boyfriend who has ties to the IRA and probably has an even-more-interesting file on HIM lying around in some corner of the FBI).

    I'm also fully aware that I held a job in a secured area of a bank, a job that required me to be bonded, with no problem.

    I'm not paranoid about the "government" or "law enforcement." Not yet. I AM "paranoid" about the grassroots conspiracy in this country to take away our rights. It's much more of a threat to the not-so-average American, which probably includes most if not all /. readers.
  • It's just unbelievable to me that they really think they can do anything about strong encryption in other countries with these dumbass laws. Either they are, as you say, idiots or they have a different agenda in mind.

    The only thing that these laws seem to accomplish is to prevent U.S. companies from putting strong encryption into their mainstream products in order to (a) avoid managing two versions and (b) avoid the legal liability of accidental exports of the products.

    Therefore, I think this law is aimed at us, the regular citizens of the United States, rather then foreign countries. While there are undoubtedly "useful idiots" helping in this effort, I'm afraid it is optimistic to conclude that idiocy is the core problem. The real problem is people who don't want to be inconvenienced in reading our "private" correspondence.
  • excuse my language, but damn! ... doesn't anybody get it yet? ...

    "to maintain an information-based advantage over our enemies"

    enemies? ... the whole thing sounds like 'cowboys and indians' ... doesn't anybody get that the world doesn't care ... the whole thing is like a bunch of old men playing chess ... the average man/woman doesn't care ... it's so archaic ... there are no 'enemies' on the net ... there are only handles ... what a bunch of crap ... they can't stop it ... it's too late for that ...

    it always amazes me how on the money the movie hackers was "you may stop me, but you can't stop us all"
  • I see that my fellow alum (Declan) does not have good proofreaders ("expert control"?). Oh well, it's _Wired_, not the NY Times... hope he got the details right, anyway. I'll assume he did.

    Yes. That bit about removing the export decisions from the jurisdiction of the entire judicial system does seem utterly unconstitutional according to Article III, Section 2.

    If they argue that the President's decision does not fall under any jurisdiction because it does not directly fall from a law (as an executive decision; not one encoded by Congress), then I'd be more than happy for the "executive order" process to be completely and utterly destroyed.

    Hmm. gv is claiming it can't parse the first page of 99-07-21HR850's "Post Mark Up Release" pdf. On the second page, it does note a few interesting details:

    * *All* encryption products proposed for export must undergo a one-time technical review [by whom?]. And what defines an encryption product? For instance, if a program translates English into Sanskrit (for all purposes, incomprehensible to the vast majority of the current population -- and probably unrecognizable) or a similar dead or nearly-so language, is that encryption? Would da Vinci's style of writing left-handed and (backwards?) be considered encryption? If it (reversibly) transforms words into art, is that encryption? How about into a binary stream of 1s and 0's that passes over digital media, ala Ethernet? Is an "MS Word" document file encrypted? And so forth.

    * POTUS would have to establish a performance threshold (no license required below it), and review it every 6 mos. At least that's a tacit acknowledgement of obsolescence.

    * "Certain sectors" could be established by POTUS that would be subject to "license free treatment of encryption products above the threshold". "Sector" seems to be undefined. Perhaps I'm just being cynical, but the word "patronage" comes to mind...
  • Do all US Reprehensibles think the enemies of the US are stupid?

    Perhaps -- it would be a textbook case of what psychologists call "projection".

    Either is is blatently unconstitutional, or we need to shoot the buggers and start from scratch.

    "America is at that awkward stage. It's too late to work within the system, but too early to shoot the bastards." -- Claire Wolfe

    I'll say it again... it's time for us to head for the moon and live there.

    Nah, let's send Weldon and his friends to the moon. Since they know so much more about how to properly manage technology than mere industry experts do, I'm sure they'll have no trouble at all extracting oxygen and water from the rocks and otherwise sustaining themselves there without any input from us geek peasants.
    /.

  • Bingo! In fact, it doesn't really prevent individuals from exporting strong crypto. The primary effect is essentially that businesses cannot sell strong crypto nor products having strong crypto as a component.

    This is an incredibly dangerous economic position. A significant portion of the gross national product is computer-related. Increasingly, the money is in network-enabled products.

    Spread spectrum phones and the like show that the average consumer is catching the whiff that their privacy is important (note that the same encryption that protects the terrorist from the law protects my sister from a tech-savvy stalker with a scanner).

    If I were an IT manager at a large corporation, I would not even consider a networking product without good encryption. Increasingly, information equals money, and I would not want my competitors to be able to snoop.

    Q.E.D. The government of the U.S. has denied its corporations the right to participate in one of the largest software markets of the next century. From the perspective of a software/hardware engineer, I'm quite seriously considering emigrating. Any suggestions on destination?
  • Windows 98 and Internet Explorer, indeed, does ship in two flavors: 128-bit and 40-bit. The 128-bit strong encryption version is only for use in the US and Canada.
  • Of course, if you are a resident of Washington, DC - the capital of the US .... you have no voting members of the House or Senate at all.

    Might as well email a brick wall.

    No democracy here.

  • That's what I meant. I know, it's not what I said. But I meant it. Really officer, don't take me away! Think of my 8 children and my wife! :-)
  • sorry couldn't resist :)

    But a lot of people get into this "Ohh protect my children from the evils of the world" Like cann't people be bothered to rase there own kids?
  • Reading this thread, I can't help but be reminded of all of the rights that I, as a resident of Washington DC, do not have. No right to a representative government while paying FULL Federal Taxes, AND, it is illegal to own a firearm of any kind here.

    All of these rights you guys are talking about losing, half a million people in the capital of the US don't have currently.

    And, you are right. I don't see anyone really fighting (that hard) to get them, because it has been this way for a very long time.

    It's a little disturbing.

  • Strong encryption will be built in to many products, they just won't be made or sold by American companies. This is a great opportunity for lesser known companies to get themselves into the market based on providing strong crypto.

    American companies know this, and so would like to compete in that market. Unfortunatly, the Clinton administration just doesn't get it. Strong crypto WILL happen and WILL become ubiquitous. All it's going to take is the ineviatble stories of corperations loosing millions because of weak communications security. The only question is will U.S. manufacturers be locked out of the market.

    As for law enforcement, even if they do know what to concentrate on, they could never enter it into evidence. With one time pad, there are many keys which will produce a coherent message, but you'll never prove which message was the one sent. Smart terrorists will know that as well, and dumb ones can be caught without breaking crypto.

  • What this article means: the original SAFE bill was a big step forward in allowing exports of U.S. crypto. This new version of the bill contains amendments made by the House Armed Services Committee. This particular version of SAFE doesn't include many of the pro-encryption points made in the first version. The House Rules Committee gets to decide which version of the bill goes to vote before the full House - the original, the crippled Armed Services Committee version, or some other version.

    What this article doesn't mean: the entire House have totally reversed themselves on what they will support and are now strongly anti-crypto. The President will assume full control of crypto exports and this control can't be challenged in court. These things should not be read out of this article.

    My opinion: It may be the case that SAFE will be watered down somewhat when it reaches the floor of the full House. Depending on the political realities of getting legislation through the House, some amount of compromise is probably unavoidable. The original SAFE bill was a big step forward though, and I don't think that momentum can be totally erased or even slowed for long. There are too many legitimate uses for encryption, and U.S. companies are only going to lose more money in the international market if they can't compete with strong crypto. The government may not want to encourage individual use of cryptography (and may even want to discourage it, depending on your level of paranoia) but there will be enough money in the business uses of encryption that export controls will have to be relaxed.

    Disclaimer: I work for a large nameless company which would be very happy to export strong crypto. No more mainaining two product lines!

I do not fear computers. I fear the lack of them. -- Isaac Asimov

Working...