SAFE rewritten to be more law-enforcement friendly 137
Alex Bischoff writes "According to this article, SAFE (the Security and Freedom through Encryption act) has been rewritten to be more law enforcement friendly. 'The House Armed Services Committee voted 47-6 Wednesday to replace an industry-endorsed encryption bill with substitute legislation drafted by law enforcement advocates.' " And for once, it looked like the US Gov't was going to get a /clue/ about crypto.
Not yet (Score:2)
While it is true that this bill does not contain any regulation of domestic encryption, it does contain certain ominous particulars. The most obvious of these is the clause which places the whim of the president above any law or court.
Don't assume that it will be found unconstitutional. When the issue of 'national defense' is raised, we have done far worse. Remember the atrocities committed during world war II, towards the general asian populace? Once this has been established, the framework will have been laid for much more extensive legislation. This is exactly analogous to the anti-gun movement, the pro-welfare movement, etc.
The first step in erasing freedom lies in restricting a basic right in such a way that no one will complain. No one needs field artillery or heavy machine guns. Later, this becomes 'cop killer' bullets and assault rifles; note that neither of these terms existed before they became illegal. In crypto, it will become 'strong' domestic crypto, or possibly 'military-grade' crypto. Why would anyone need that if they weren't using it for something illegal?
Later, someone will be caught dealing drugs or *gasp* helping illegal immigrants into the country, and it will be discovered that they used encryption to hide their nefarious activities. The brady bill of domestic encrytion will be passed, and everyone who stands against it will be a child molester just like everyone who opposes handgun control is a psychopath today.
After all, my mom doesn't understand either subject and votes the way the minister tells her to on sunday. Millions of other people do the same. The number one concern Curt Weldon and JC Watts have is getting re-elected, and the masses will be happy to do it as long as it makes them feel safe, regardless of how accurate that feeling is. In a democracy it is very dangerous to be a minority.
BTW back to the president's newest empowerment: if it passes, and he chooses to make all cryptography illegal to keep saddam from blowing us up or something, we won't be able to revoke it. Ever. Unless he decides to change his mind.
Re:Canada (Score:1)
DISCLAIMER: IANAL, This could kill your grandmother or dog. (Or, in some extreme cases both).
Re:They do have a clue (Score:1)
Given to us by *who*? (Score:1)
Sorry, I have to call you on this one. I have the right to own a gun only because 200 years ago a bunch of people got really pissed off and thumbed their noses at the government. The government is welcome to come knocking at my door and ask for my encryption keys. They won't get them, but they're certainly welcome to ask. And if they give me a choice between surrendering my keys and dying, well, you may fire when ready, Gridley.
The government hasn't given me anything it didn't take from me in the first place in the form of taxes. Certainly not the right to freedom of speech or any other right in the Constitution. When people stop claiming rights as belonging to them instead of being granted to them, we're in trouble.
Protecting whom?? (Score:1)
Lord_Rion
Re:They really think this will help... (Score:1)
We don't export nuclear missiles to other nations. Oracle isn't allowed to sell their database software to enemy countries. SGI IBM and Sun can't export their computers to enemy countries. They all manage to get this technology anyways. Does this make it right? No. But should we make it easier and say its okay? I don't think so.
This is cultural (a rant) (Score:2)
I'm sure the LEAs behind this re-write would force us all to accept brainwave tranceiver implants if they could figure out how to do it. As far as they're concerned, your average law-abiding citizen is just a mark to be hustled.
Congress, on the other hand, are just lazy, uninformed, spoiled, sub-par human beings who don't give a hoot in hell about the laws they pass as long as they are returned to their gravy train every few years. Most of them never bother to read the bills they vote on, even though they all fight for the chance to give a little "Give me this law, or give me death!" speech every time the C-SPAN cameras' little red lights flicker. They don't care if the laws they pass actually accomplish anything useful, as long as there will be another checkmark next to their name in the "Tough on crime" column in some lame "Voter Guide for The Braindead" in 00. Anti-crypto laws have just about as much effect on criminals' use of crypto as gun control has on their use of guns. The law-abiding are the only ones who obey these stupid laws.
Judging by the conduct of the folks from Washington, they think the laws they pass are for suckers. Kinda' makes me wanna' puke. Sorry for the rant, but I'm fed up.
How would they ever know...? (Score:1)
Re:export (Score:1)
> then why would it be more favoreable as hemos
> suggessts?
More favorable to law enforcement agencies, not the industry.
*sigh*
This sort of legislative bait-and-switch is not all that uncommon, you know. People get fired up about a certain piece of legislation, then at the last minute it gets replaced with another completely different piece of legislation under the same name. Of course, then the new bill gets voted in mainly because of the momentum the original had gained.
> do your part to keep the
I'm keeping my piece in a shoebox under my desk.
---
How the Government REALLY works (Score:1)
They really think this will help... (Score:1)
Idiots.
Slow down and READ the article (Score:3)
--
Orwellian government is alive and well (Score:1)
They do have a clue (Score:3)
You think that they don't know that if you use strong encryption that they can't read your email? Of course they know that. But they don't care that you don't want them to read your email. They want to be able to read it, screw you. And they realize that few enough people care today that they can go ahead and abridge rights now, and then people will never have them later to miss... they can seize the right now, before people realize they have it. And they know that if most people never become accustomed to it, they won't ever want it or miss it.
If you never saw a computer, never used email, and nobody else did, then you wouldn't miss it. If someone took it away from you now, you'd be pretty angry. I know I would. And it is the same way with all sorts of rights -- if people learn that they have a right, they will fight to keep it, however if they never think they have a right they won't really care.
Why do you think it's so hard to take away guns from people here in the US? Because it's our right to have guns. Law abiding citizens have the right, given to us by our government, to own firearms. I don't know if that was a good idea, and that isn't the point of the argument. The point is that when the government makes movements to abridge that right, people get angry. Because they have learned to exercise the right.
Re:They do have a clue (Score:1)
Re:Canada (Score:1)
I believe Wassenaaur states: (along with you can't export cool stuff like cryogenic systems for rocket fuel...)
Anything open source export is fine. (horsey outa da barn!)
56bits (piddley) fine
greater than 56 bits-- must apply on an individidual basis.
http://e-com.ic.gc.ca/english/fastfacts/43d7.ht
For entertainment check out the analysis of the submissions to the feds' policy paper. Of all the groups and individuals *nobody* wanted anything but market/no-restricitons except the police which wanted prefered restrictions and access to your keys. And we still get Wassenaar!
http://e-com.ic.gc.ca/english/crypto/631d6.html
Of note is that there were submissions from law enforcement agencies, but no submissions from security agencies. They have other avenues...
Cheers,
Bobzibub.
Re:Yes, I read the article! (Score:1)
Re:It does help -- here's why (Score:2)
In short, they make it illegal for US companies to create top-notch secure software. I guess that if the job really requires the security, our only legal option would be to import software from Europe.
This isn't crippling the world's ability to do crypto. It's just insuring that the US won't be able to cash in on it.
Methinks that the NSA came up to Washington one day and strongly encrypted some legislators' minds. In some cases, the point is that it inhibits rights. That aside, my problem is that it won't work to do the job it is supposed to do. It will just move the suppliers overseas, and let them legally export the tech to us.
Re:They do have a clue (Score:4)
Yes, I also have a problem with the "rights given to us by our government" phrase in your post. It seems like a pretty small thing, but I find it indicative of an attitude in the U.S. which is starting to bother me.
I don't believe that the current seperation of government from "the people" is what was originally intended for the United States. The Constitution starts with, "We, the people", not "We, the Government of the United States of America". The original goal was for government to be controlled by the people, not the other way around.
The Constitution enumerates what the branches of government may/should do. In effect, it is a document in which the people grant rights to the government, NOT the other way around. IMO, American citizens have forgotten this fact.
There were members of the constitutional convention who were against adding the Bill of Rights. Their argument was that enumeration of specific rights would lead to the government infringing on any rights which were NOT specifically mentioned. 200+ years later, I think they had a good point.
The assumption that anything not mentioned is, by default, outside the domain of federal government is long lost. Today, when something happens, we ask, "What will the [federal] government do about it?"
/* Not a lawyer. Just a guy with a deep interest in the U.S. Constitution. */
Re:Grrr - Damn merkins (Score:1)
I hope you are not relying on a computer's pseudo-random number generator to produce your one time pad. If you are, then the encryption is only as secure as the pseudo-random algorithm you used (very bad). Also, your essential key length would only be as long as the random seed. I can try all random seeds quite quickly for all common random algorithms.
--brent nelson
Re:They really think this will help... (Score:1)
The only people that these laws hurt are honest people who want to protect their private correspondance.
"It says...export decision cannot be challenged" (Score:2)
This is a democratic government? This all sounds highly dictatorial to me.
Re:no, but irrelevant (Score:1)
someone Mod my comment out of existance, plz.
Provisions of the amendment (Score:1)
from the press release
Provisions of the committee approved Weldon-Sisisky-Andrews amendment would:
- Reaffirm authority of the President to control export of encryption production products for national security purposes.
- Establish statutory framework for export control of high performance encryption products.
- Require the President to establish a performance threshold for encryption. Encryption products
- that fall below the threshold would be permitted for export without a license. Encryption products above the threshold would require an export license for export.
- Require a one-time technical review for all encryption products proposed for export.
- Allow the President to establish certain sectors that would be subject to license free treatment of encryption products above the threshold, consistent with current U.S. policy.
- Require the President to review the adequacy of the performance threshold every six months.
- Establish an advisory board to review and advise the President on the foreign availability of encryption products.
I don't like these provisions either, but everyone here should admit that this should be better than the current state of affairs. My problem is that it appears that the decisions will be solely made by the president. We all know how the president feels about issues of "national security." This means that things basically won't change until someone intelligent coms into office, which will happen eventually. Also it does not define who issues export liscenses, which might mean that they would be impossible to get if the wrong people are in powerHow to get around this bill... (Score:1)
The problem for Linux isn't that crypto development work can't be done in the US -- although that is a problem. The real issue is that distributions in the US can't include strong crypto. (And the kernel can't either.)
So how do we get around this? Easy! Change your makefile to depend on a file which doesn't exist. To resolve the dependency, have wget pull the file from a web site. For distributions, this would fix the problem for people with great network connections. For others? Well, maybe somethign else can be worked out.
For the kernel, distributions will still have a problem, but there could be a small program called secure_kernel which downloads the relevent code and recompiles and installs the kernel.
And, of course, applications can link into a library for which the source is downloaded and installed at install time.
Re:Yes, I read the article! (Score:3)
Yes, indeed, they do. Win 98 includes Internet Explorer (remember, it's a part of the OS...repeat that enough times and you might believe it). Internet Explorer is an HTTPS client, and thus has SSL encryption. Now, are there two strengths of Win98/IE, one for domestic and one for foreign?
And so what if they did ship Win98 with the full 128-bit crypto? The government seems to have little control over Microsoft anyhow. Would the DOJ come by and issue a cease-and-desist?
Win98 ships with IE. IE ships with cryptography. The state department defines cryptography as a munition. Win98 comes with munitions.
Or, in short, Win98 bombs.
Send an email or letter to your Congressman! (Score:1)
Kyle
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Congressman Weldon and Congresswoman Kelly:
I don't know why people have a hard time getting this through their
skulls, you included. Let me make it plain:
Foreign countries already _have_ strong encryption technology.
Restricting export only causes inconvenience and financial loss for
providers of encryption within the United States.
Witness RSA Data Security's creation of a partner business in
Australia which will allow them to finally compete in the
international market for an encryption protocol that the three MIT
scientists created in the late 70's. Witness the hoops free software
developers have to jump through to get encryption code out of the
United States: printing it out on paper and then scanning it in
overseas.
Other countries already have access to all the major encryption
protocols: RSA and Diffie-Hellman/El-gamal on the public-key side,
IDEA, Blowfish, 3DES, RC5/6, et al. on the symmetric key side. This
is a _fact_: you cannot contest this. In fact, not only do they have
access to such algorithms, they have polished applications allowing
them to apply it! The following websites detail just two of many
such applications and libraries that are outside the control of the
United States and are available to anyone, anywhere in the world:
GnuPG, a free software replacement for PGP
http://www.d.shuttle.de/isil/gnupg/ (Germany)
OpenSSL, a free software library for the secure socket layer,
supporting encryption keys of arbitrary lengths
http://www.openssl.org/ (Switzerland)
Therefore, it is illogical to restrict the export of encryption
technologies from the United States with arguments based on
law-enforcement, because _everyone_ -- criminals and non-criminals
alike -- already has full access to the strongest available
encryption.
Since I refuse to believe that any of our elected representatives are
actually stupid, it remains that you must have _some_ reasonable
motive for retaining these inane, damaging, and futile controls. What
that is, no one else can figure out; but we, the people of the United
States, would certainly like to hear it. I would appreciate your
sharing this with the rest of the committee because I cannot honestly
believe they would support these controls if they actually knew the
information contained herein.
This email, by the way, is signed by my GnuPG private key. You can
verify its authenticity with my public key, which can be found on my
homepage.
Yours truly,
Kyle R. Rose
Registered NY State voter
- --
Kyle R. Rose "They can try to bind our arms,
Laboratory for Computer Science But they cannot chain our minds
MIT NE43-309, 617-253-5883 or hearts..."
http://web.mit.edu/krr/www/ Stratovarius
krose@theory.lcs.mit.edu Forever Free
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.9.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE3l0qp66jzSko6g9wRApD0AJ928fzYTNSaZG+/wUc
zp5Mfmmy/4uAbN+v6dcJwsM=
=He4J
-----END PGP SIGNATURE-----
--
Kyle R. Rose, MIT LCS
Re:Given to us by *who*? (Score:1)
Of course, the attitude these days seems to be that anything we have is because the government gives it to us, but the Founding Fathers realized differently. We have all these rights as humans
and a just government will not take them away.
I just wish our Congress would start legislating for everyone rather than passing draconian measures to deal with a very small minority of people. There's too much, "How will this hurt the bad guys?" and not enough of "How will this help the good guys?"
Re:They really think this will help... (Score:1)
I'm all for privacy - I encourage everyone i know to use PGP, but I just because the internet has created this global community, i don't feel its appropriate that we just give up on our sense of law and order.
I'm all for privacy. I can send PGP'ed email back and forth with my friends, Saddam can develop his own, I don't think that we should say that its fine that since he can we'll just give it to him is all
Stupidity? I Think Not (Score:2)
Every time crypto export regs come up for discussion, people say that the regs are nonsensical, that the theory is that the rest of the world is too stupid to develop strong crypto. This is incorrect on both counts.
Let me state at the outset that I support an elimination of the crypto export regs as I do not believe that they are effective. They have not prevented strong crypto from reaching the rest of the world, and esp. not the black hats, who are after all the sole legitimate target of this sort of thing anyway.
The idea that crypto is a munition is correct. It is a tool which is used to defend oneself (in this case, one's data) from an enemy. It can be used by one's enemies to defend their data from your perusal. Lest you think that this is a minor argument, recall that we won WWII mainly through the strength of our cryptology work; without it the Germans and Japanese would have controlled the globe (I discount the Italians for the simple reason that they would have in time been absorbed by the Germans).
The logic of denying one's enemy weapons is not that he cannot develop them for himself; it is rather that there is no point in developing them for him. Anyone can make an atomic weapon; it's not that hard to do. But we don't allow them to be sold. This keeps the barrier to entry higher than it would otherwise be. Ditto for cryptology. Anyone with a semi-decent grasp of programming and a book on cryptology can come up with a workable encryption program. But why should the US do the work for him?
There are legitimate concerns about cryptology. It makes intelligence gathering much more difficult, forcing it to rely on fallible human agents much more than on intercepted transmissions. Our national status is at present due in large part to the efficiency of our intelligence apparatus. Without it, we are much weakened (although not entirely; we also have an excellent military and a top-notch economy).
Unfortunately, the cat is out of the bag in regards to cryptology. With modern software only one person need duplicate functionality for the entire world to use it. Our export restrictions on cryptology now do more harm than good (and they do do good, by making it more difficult for encryption to be used); they have hurt the international competitiveness of our industry. Hence they must be revoked.
Crying that they're holding back technology means nothing; it's like a chemical firm complaining that chemical weapons restrictions are holding it back. It is futile and wastes precious political capital.
As regards encryption with the borders of the US, it is quite rightly allowed. This is a nation which deems rights more important than security. Hence the First, Second, Fifth and other Amendments. This is why we are innocent until proven guilty. This is why the right to encrypt one's data is preserved. IMHO, we should add a new amendment to the Constitution guaranteeing that right.
However, an internal right does no mean that it means anything when crossing international borders. A right to say what one wishes here does not nec. mean that one can carry that tape out of this country or into another. Otherwise espionage would be legal. Restricting export is not a free speech issue. It's a bad idea for other, equally important, reasons.
Re:Grrr - Damn merkins (Score:1)
Re:Grrr - Damn merkins (Score:1)
This means that on the latest crypto-list [epic.org], the French have progressed from "YELLOW/RED" (1998) to "GREEN/YELLOW" (1999). (Warning: Page is 272 Kb)
Note also all the other European countries who have gone from "GREEN" to "GREEN/YELLOW" by supporting the Wassenaar agreement.
Re:Stupidity? I Think Not (Score:1)
http://www.house.gov/hasc/openingstatementsandp
Secondly: as far as "internal" vs. "external" rights, there is no such distinction. Rights are what they are, by our nature as living, breathing human beings, not a politician's fiat. A government that fails to recognize those rights is simply wrong (e.g. our policy concerning human rights in China, our involvment in the Balkans, etc...)
The ASC's arguments that "experts" in intelligence should dictate crypto policy is ludicrous. The military is NOT a legislative body. It should have NO domain over US citizens and their liberties!
And, of course, that the very crypto technology these "experts" are railing against is freely available OUTSIDE the US makes the whole point moot. I simply can't believe that people THIS STUPID are making decisions more important than what they will have for lunch today.
Re:Given to us by *who*? (Score:1)
Re:doesn't anybody get it yet (Score:1)
In the "anti-terrorist" legislation, the American public was defined as an enemy of the government. So which "enemies" is the government talking about? Just something to think about.
Governments as defenders of civil liberties? (Score:2)
The problem with the various provisions of the amendment is that they take us right back to where we started. A centralized body with no incentive to allow free exchange of ideas decides whether US citizens can export any given piece of encryption software.
Clearly they're not doing this to prevent strong encryption from exiting the US, since it exists in quite usable forms elsewhere. They're doing it to advance an agenda that links privacy with illegality.
It's worth remembering that even representative governments are not reliable defenders of civil liberties....
Re:It does help -- here's why (Score:2)
Representative: What is this some kind of eye tes...
(flashy light thing)
NSA: Now sir, remember you work for us, you do everything we tell you. You are being placed inside Congress as a representative, so act the part. But remember you must always report back to us. Now sit straight BOY.
Re:They have the important clue (Score:1)
1. The government isn't protecting you. They just clean up the mess when the crazy part's over.
2. When the government crashes, the underground will still be completely intact.
3. The human race started free. We are the only species on the planet to surrender our freewill to legaslative control. This is not necessarily because we're smart. That's just what we've been taught.
I say, let the government get more and more and more oppressive. Bend it back and forth, see what breaks off. Let's go to the end of the road and see what's there. I'm not scared, just paying attention.
Re:They do have a clue (Score:1)
Without government, the strong crush the weak. Without government, we have anarchy, where the concept of rights is a farce.
Re:Canada (Score:1)
Not exactly. Canada respects the U.S. export restrictions... on software that was imported from the U.S. Any strong encryption we get from stateside we get on the condition we don't export it anywhere they wouldn't. Anything developed here in Canada, or elsewhere outside the U.S., does not fall under U.S. export restrictions and can be exported legally.
-- Bryan Feir
No they don't! (Score:1)
Do the majority of US citizens actually support the regulation of strong encryption? Does the gov't really represent the people?
Re:They do have a clue (Score:1)
I think the government's job should be to protect people's rights, and not take them away.
Re:How strong is PGP (Score:1)
Re:Slow down and READ the article (Score:1)
Come to think of it, it was to be expected that the Armed Services committee would magle the SAFE bill the way they have done. Now let's just hope that the people dealing with finalizing the bill have a lot of common sense and do listen to all sides, including citizens at large.
Re:"It says...export decision cannot be challenged (Score:1)
I got REALLY scared...and still am.
As my AP Goverment teacher pointed
out to us back in high school, the only
way bad US laws really get taken down
is when someone makes a fuss about them,
challenges them in court, and the
Supreme Court eventually rules them
unconstitutional. That power right there
is the only thing which has managed to
keep the corruption of congress from going
wild. So now they just pass a bill which
states "you can't challenge this in court!",
and as soon as Pres. Billy signs it,
no one can ever challenge it at all,
no matter what is done?
Just tack that on to every bill they pass,
and the Judicial branch becomes completely
irrelevant in the system of checks and balances.
The courts were the last refuge US citizens really have for fighting their government...everyone knows "writing your congressman(woman)" NEVER works.
I'm really scared that someday I'll be arrested,
and never be able to challenge the law, because the courts aren't allowed to challenge it.
-A scared US citizen, looking towards Canada.
or europe. or, better yet, Antartica.
Re:Provisions of the amendment (Score:2)
Additionally all the other arguments about presidential control would still apply.
What scares me even more is bullet #5. What sectors would be subject to license free treatment of encryption products above the threshold, consistent with US policy? Can you imagine the abuse and administration needed to establish this objective. First, you would have to have a committee to classify and recommend sectors. Is Be an OS, multimedia product, internet browser, etc. Is it all of the above. A new corporate legal war emerges to determine product's class and industry sector. Until now, we left this to the marketing departments and trade journals. It would now be an issue of law.
Furthermore, think of the political lobbies necessary to get sector or product exemption. It could be prohibitive for all but large companies to lobby for an exemption. This is just for the legal methods. Imagine the abuse possible for illegal methods... bribery of officials, back corner deals to escrow keys with the NSA.
As mentioned previously, it would also be a first step toward controls for domestic encryption controls.
So, who's for lobbying... (Score:1)
Re:They really think this will help... (Score:1)
So, please don't say it hamstrings our programmers!
:)
Re:Orwellian government is alive and well (Score:1)
Executive Orders == Dictatorship! (Score:1)
The president can basically do ANYTHING HE WANTS and congress has sixty days to overturn each order. They never have.
Billy Boy issued more executive orders in his first term than all the other presidents combined.
If he can't get what he wants through congress he simply issues a "royal proclamation" and boom, it has the same force as law.
Now THAT'S SCARY!
Re:Executive Orders (Score:1)
Re:doesn't anybody get it yet (Score:1)
but I think it's kind of obvious that the
"enemies" the bill refers to are not international terrorists, child pornographers, or whatever...the "enemies" are the average American public.
I don't think the US government is smart enough to engage in a conspiracy, in the words of Bill Maher, "conspiracy? they can't even deliver the mail!". But I do think that they are as smart as the bullies on the school playground...they know who they should fear. Criminals, intellectuals, etc...they aren't a threat, as far as numbers go. But the general american public, the masses, the "sheeple" (love that phrase), must be kept in line. If _they_ get out of line, the government is in trouble.
look act the facts:
- Export control in the US doesn't affect the outside world at all...numerous postings have made this clear.
- Export control does limit US companies from making exportable, strong encryption products.
Many therefore won't bother making them at all.
- Therefore, "export controls" limit the presence of crypto _within_ the US, without explicitly saying so. No real effect on non-US citizens, but internally, they can now monitor the sheeple, who won't really use encryption unless it's pressed under their maws.
For the note, I'm NOT an elitist.
Put me in a large crowd, whip us up to a frenzy
against something or other, and we'll all
mindlessly move that way without individual
thought. The archetype of Star Trek's Borg is but a reflect of the darker side of our minds, wherein we lose individual thought amongst a crowd...the most dangerous thing in the world is a _group_ of angry, cornered prey, especially humans.
Fear the people.
Congress caves in again on on crypto (Score:1)
Back in the J. Edgar Hoover days, when the FBI's budget was threatened, certain incriminating photos and other information would be brought to the attention of those involved.
Suddenly the FBI's budget would be off the agenda.
Anyone got a better theory about what happens with the crypto laws?
The article makes it pretty clear the aim of restricting crypto export is to make it easier to spy on people. The US has a long record of spying on friend and foe alike and using the information to protect its interests, especially commercial interests.
The fact that the export regulations make it considerably more difficult and inconvenient to get strong crypto WITHIN the US and presumably makes it easier to spy on US citizens - in the hypothetical scanario that they wanted to do that - is just a bonus.
Re:They do NOT have a clue (Score:1)
So what? Availability is nice, but law enforcement folks don't care whether it's available, they care whether it's used. It's clear that availability isn't enough to promote use. It needs to be ubiquitous and effortless, and that means building it into popular software systems.
If Microsoft, Netscape, and AOL all built strong encryption into their mail software, everyone would be using it. That's what law enforcement is afraid of, and the current legislation is effective at preventing it. They're not stupid; they're getting exactly what they need.
Jurisdiction limitations are legit (Score:1)
The only exception to this rule are cases which have _original_ jurisdiction with the U.S. Supreme Court. These are cases of admiralty law and suits between the states themselves IIRC. Last year was rather noteworthy because the court heard one of the first such cases in something like 50 years (New York and New Jersey were fighting over which state Ellis Island is in...NJ won.)
Re:Grrr - Damn merkins (Score:1)
Re:Not yet (Score:1)
Convenience or Conspiracy or Coincidence? (Score:1)
So is this convenience, conspiracy, or coincidence?
Oh, yeah. M-x spook.
Re:How the Government REALLY works (Score:1)
--
In the land of the blind the one eyed man is burnt at the stake.
Filthy Blighters (Score:3)
"Proliferation of encryption technology would harm our ability to gather vital intelligence, jeopardize our early threat warning and attack assessment, risk our ability to maintain an information-based advantage over our enemies, and place our nation's most secure systems at risk," said Representative Curt Weldon (R-Pennsylvania), who introduced the amendment.
Bullcrap. Our enemies already have encryption that's probably good enough to hide what they're doing, if they want to use it. And if they haven't got it yet, they can order the books from Amazon.com and code it in themselves! Do all US Reprehensibles think the enemies of the US are stupid?
The version approved by the House Armed Services Committee would grant the president complete authority to deny any expert controls that he considers "contrary to the national security interests of the United States."
So the Prez will have dictatorial control over that aspect of our lives. Sieg heil!
Weldon's bill contains no domestic restrictions on encryption, but the measure is hardly what tech firms had hoped for.
Hmmm.. guess they haven't figured out a way around that pesky 1st Amendment yet, or they'd ban domestic encryption too....
It says any White House export decision cannot be challenged in court -- an attempt to block lawsuits like one brought by a math professor that won a recent victory in the Ninth Circuit Court of Appeals.
THIS is what burns me up. Either is is blatently unconstitutional, or we need to shoot the buggers and start from scratch. NO law or decision should be immune from challenge in court -- that's what the bloody courts are for in the first place!
I'll say it again... it's time for us to head for the moon and live there.
Re:Grrr - Damn merkins - FUD (Score:2)
But, just like Microsoft who can't stop Linux, they know that if they use everything in their power to make it as clumsy and complicated for Crypto to be widely used, they can keep it out the hands of the every day man (their real favorite targets) for as long as possible.
And its working, until people either smarten up or the courts do, Crypto will never reach widespread use.
Um, is this right? (Score:1)
IANAL, but isn't this clause blatantly unconstitutional?
Re:Slow down and READ the article (Score:2)
I think it is different. They are mostly lawyers. Lack of encryption and privacy causes people to snoop and encourages trouble. Spouses catch another cheating, people in the workplace tattle on eachother over usual human behavior, lawsuits, lawsuits, lawsuits. Lawyers win over any stupid laws passed. They decide the legal rules to ensure their economic success.
Its job security and best for the economy if encryption is restricted to Americans. More chaos is encouraged. It keeps people alert...
Don't you see what this is about? (Score:1)
This is about allowing the police to have an open window into all of our daily dealings. When broadband internet access is available to all do you think that the average idiot is going to know how to control the shares on his windows 9x, or 2k box? Hell no. Your local LEOs will be able to get a list of IPs from your ISP(just by asking), and browse HD's. Some of you may think "If there's nothing illegal then there's nothing to worry about."
I disagree, what if you're dating the cop's ex-wife? What if she left him for you? What if a cop has some other reason to want payback (like you beat him up in HS or whatever)? One picture of a naked kid gets "found" on your computer and you're getting butt-raped in a cold dark cell and the guards don't care because they think that you're a child molester.
This isn't about "early warning" systems. It's about big brother wanting to see everything that we do. I'm again going to borrow from Phil Zimmerman, this would be akin to the police trying to outlaw the use of envelopes on international mail. They want us to use postcards so that each piece of mail can be easily read in transit.
Screw that. I've seen cops lie in court, I've seen cops falsify reports, I've seen cops beat the tar out of an unarmed 15 year old kid. F*CK LEOs, I don't trust them, especially if they don't trust me.
LK
Canada (Score:1)
Re:Grrr - Damn merkins (Score:3)
I think that the Open Source community should try and come up with a really heavyweight encryption algorithm outside the US.
GNUpg is already out there. It looks to be as strong, and more versitile than PGP.
Abject stupidity is the only explaination of US crypto policy. They might as well ban the export of sand to the middle east.
The only people they are hurting in the name of US national security is the citizens of the US.
no, but irrelevant (Score:1)
This, however, is not an appropriations bill and therefore the line item veto doesn't apply.
Re:Provisions of the amendment (Score:1)
http://www.house.gov/hasc/openingstatementsandp
for some reason it apparently didn't like me linking there...
Re: (Score:1)
Leave the country, gain your freedom (Score:1)
Does anyone out there in Slashdot land work for a company that's been sued for exporting crypto? Who sued you? How'd they find out? Where was the server that send out the file?
Aside: Anyone here email their national offical recently? It's cool! You can say what you want to the people that you've chosen to form your gov't for you, and you get a nice form email back! It's worth ten minutes of time.
--
"The Truth is one, but the wise call it by many names." -- The Upanishads
Re:Stupidity? I Think Not (Score:1)
More fundamental is the government's actual reason for the restrictions (to hobble the process of building strong crypto into the communications infrastructure for routine use). For obvious reasons, the government does not wish to acknowledge this motivation; it would then be too obvious that the real agenda is to preserve the ability to pull COINTELPRO-style dirty tricks against law-abiding but annoying citizens.
Blowing away the excuse smokescreen is valuable not so much for refuting the government's official argument, which is so weak as to be a straw man, but for exposing the government's underlying dirty laundry.
/.
Re:Send an email or letter to your Congressman! (Score:1)
Oh, some of us figured it out long ago -- it's to make the use of strong encryption enough of a PITA so that the government can continue to use Echelon-style driftnet fishing expeditions.
Of course, neither Weldon nor anybody else is going to 'fess up to that.
/.
Actually ... (Score:2)
Whether this particular restriction is constitutional is a harder problem, as it would seem to foreclose all avenues of relief for violation of a constitutional right. It's not a foregone conclusion, however.
Re:Not yet (Score:1)
I'm waiting to see the news reports about "assault crypto" or "assault computers"...
Re:Stupidity? I Think Not (Score:1)
The ASC's arguments that "experts" in intelligence should dictate crypto policy is ludicrous. [...]
I simply can't believe that people THIS STUPID are making decisions more important than what they will
have for lunch today.
Everything's OK! In the House cafeteria, trained experts are deciding what these people will have for lunch today. (when I visited it was tuna salad on white bread)
Re:no, but irrelevant (Score:1)
The method breaking up the bill into many other bills was discussed, but as far as I know, they never used that method. Congress simply had passed a law saying the president could veto certain items, and keep the rest of the bill.
Re:They do have a clue (Score:1)
With unbreakable encryption as a standard part of a product, we gain a thing called free communication, which could have the capability to take the government out of the communications loop. This could make the people more powerful, and the government less powerful. Governments are inherently power freaks, or they wouldn't be who they are. From there, it becomes fairly simple to predict the direction of most legislation.
However, there's nothing stopping someone outside the US from making a mainstream product that has strong encryption. That's what the US industry doesn't like. It's half about greed, half about privacy. I'm in favor of the privacy end, but I think privacy should be free, so the greed end is irrelevant.
Before we talk about guns, I need to go clean my Mini 14.
Re:"It says...export decision cannot be challenged (Score:1)
Re:Someone wields lots of power... (Score:1)
It was introduced to the House on 25 February 1999, and reported to a total of four committees: Commerce, Judiciary, International Relations, and Armed Services. Those four committees each considered the bill, held hearings, and listened to both Industry and Law Enforcement opinion of the bill.
Before -any- amendments, it garnered 257 cosponsors -- 257 Representatives who say it's a good bill they support. Remember: 218 have to vote Yea for it to pass, and it has 257 behind it.
On April 27th, the Judiciary committee reported it to the House, saying "Good bill, as is"
The Commerce committee also liked it, and suggested a couple of small amendments -- still a very pro-encryption bill
The International Relations committee added a couple of more things to it, but left it mostly intact.
Most interesting is reading the finding of the committees: None of them particularly agreed with Law Enforcement. International Relations even went as far as stating that the Administration policy that Law Enforcement supports doesn't meet Law Enforcement's stated goals -- and no attempt is being made by the Administration to tighten the restrictions currently in place.
The 106th Congress bill query page [loc.gov] will allow you to search for h.r.850 and read the reports for yourself (I can't figure out how to link directly, sorry).
Now the fourth committee has marked up the bill -- but not reported it yet -- and has apparently supported Law Enforcement over Industry.
The House as a whole hasn't even officially seen the Armed Services Committee's amendments, although they've seen the other three committees. It's a little early to say the bill is deal.
I will note that the first committee to report (Judiciary) refused to consider one section of the bill because of jurisdictional grounds.
So at this point, assuming the Armed Services Committee reports it as reported, there will be four versions of the bill -- three very similar, and pro-Industry, and one very different, and pro-Law Enforcement. This is what the Rules Committee will have to sort out.
Then, it will go to the full House, then to the Senate, and finally to the President.
I wouldn't say it's dead yet. It might not be mortally wounded. But we should let our congresscritters know that we favor the original version.
Re:Stupidity? I Think Not (Score:1)
Part one of the PLAN (Score:1)
Once they have a Bill saying what is xbits allowed they will pass the next one. The next one will say any US-Citz using >xBits to send Any Data(even if they could crack it) to a NON-USA target is a Spy/terrorist/kiddler QED. Wave byebye as you are taken for Re-Grooving.
Tell me I am full of FUD...please!!!
Re:Part one of the PLAN (Score:1)
What -will- happen:
The House Rules committee will take all 4 or 5 versions of this bill to date, and hack them together into something similar to what Commerce, Judiciary, and International Relations approved, dropping most, if not all, of what Armed Services did.
The full house will debate. Some killer amendments will be proposed, and defeated. Some weakening -but not killer- amendments will be accepted.
The Senate will take the bill, and have the same type of wrangling that the House has had. In the end, they will come up with a bill which is more LEA friendly, but still a good bill. They will pass it
Conference committee will debate it, and hack up something with some key LEA-appeasing unenforceable provisions, and send it back to the House and Senate.
Both will pass it, and it will go to the President, who will veto it.
Re:They really think this will help... (Score:1)
Re:They do NOT have a clue (Score:2)
If they can stop 1 terrorist by infringing on everyone's rights, then they think it is worth it.
Ten minuts of actual research on the internet would show them that anyone in the world (except perhaps China) can freely download the latest in crypto technology from a number of countries.
The only explaination I can find is that they honestly believe that non-Americans are too stupid to develop strong encryption. Sombody's stupid, but it's not non-Americans.
Didn't you read the article? (Score:1)
Re:They do have a clue (Score:2)
We need to learn to exercize our right to use strong encryption. I'm not a lawyer, but it appears to me that not only is encryption covered by the First Amendment (freedom of speech), but also the Second (right to bear arms..the US gov't. has declared cryptology to be a weapon) and possibly the Fifth (right not to incriminate yourself...giving up your keys *could* be considered self-incrimination).
How about sending your Senator and Representative a list of strong-crypto products based outside the United States (as well as homepages to such products)? Let them know that the genie is out of the bottle already and that criminals both inside and outside the US have plenty of opportunities to get the high level of encryption that they want.
We also need to figure out what to do in the worst-case scenario (Congress actually passes the bill). How about lobbying for a provision that products where the source is available would be exempt? I think that's even a provision in the Wassenar "Agreement".
It does help -- here's why (Score:3)
You are absolutely right that, for any saavy internet user, the US export restrictions are a joke -- just surf over to a non-US site and grab any crypto you want.
What the US restrictions are effective in doing, however, is to cripple the development of cheap, commercial, embedded crypto. No US company want to develop a domestic-only product, that will qualify as munitions per export regulations. So they don't bother.
So, are the export restrictions effectiving in preventing all use of crypto? No. Are they effectiving in keeping the Bad Guys from using crpto? No. But, they are highly effective in preventing the widespread use of crypto. They are highly effective in preventing the use of strong crypto in part of the underlying communications infractructure.
I will leave it as an exercise to the reader to determine for themselves if we have this situation because the spooks at the NSA are so darn clever, or because the politicians in Congress are so darn stupid.
*LOL* (Score:3)
Of course, and here is where it gets sad, there's another problem:
It's not the "government" that doesn't want us to have any rights, it's the majority of the American population. You think there's any way in this universe that the First Amendment would pass if it were being proposed as law today? "What Communist drivel!" would be the likely response to it.
I'm fully aware that for various reasons the FBI's probably got a file on me (due to my connection with organizations that are "subversive" or perceivable-as-such, and possibly my ex-boyfriend who has ties to the IRA and probably has an even-more-interesting file on HIM lying around in some corner of the FBI).
I'm also fully aware that I held a job in a secured area of a bank, a job that required me to be bonded, with no problem.
I'm not paranoid about the "government" or "law enforcement." Not yet. I AM "paranoid" about the grassroots conspiracy in this country to take away our rights. It's much more of a threat to the not-so-average American, which probably includes most if not all
No, they don't really think this will help... (Score:3)
The only thing that these laws seem to accomplish is to prevent U.S. companies from putting strong encryption into their mainstream products in order to (a) avoid managing two versions and (b) avoid the legal liability of accidental exports of the products.
Therefore, I think this law is aimed at us, the regular citizens of the United States, rather then foreign countries. While there are undoubtedly "useful idiots" helping in this effort, I'm afraid it is optimistic to conclude that idiocy is the core problem. The real problem is people who don't want to be inconvenienced in reading our "private" correspondence.
doesn't anybody get it yet (Score:1)
"to maintain an information-based advantage over our enemies"
enemies?
it always amazes me how on the money the movie hackers was "you may stop me, but you can't stop us all"
Re:Filthy Blighters (Score:2)
Yes. That bit about removing the export decisions from the jurisdiction of the entire judicial system does seem utterly unconstitutional according to Article III, Section 2.
If they argue that the President's decision does not fall under any jurisdiction because it does not directly fall from a law (as an executive decision; not one encoded by Congress), then I'd be more than happy for the "executive order" process to be completely and utterly destroyed.
Hmm. gv is claiming it can't parse the first page of 99-07-21HR850's "Post Mark Up Release" pdf. On the second page, it does note a few interesting details:
* *All* encryption products proposed for export must undergo a one-time technical review [by whom?]. And what defines an encryption product? For instance, if a program translates English into Sanskrit (for all purposes, incomprehensible to the vast majority of the current population -- and probably unrecognizable) or a similar dead or nearly-so language, is that encryption? Would da Vinci's style of writing left-handed and (backwards?) be considered encryption? If it (reversibly) transforms words into art, is that encryption? How about into a binary stream of 1s and 0's that passes over digital media, ala Ethernet? Is an "MS Word" document file encrypted? And so forth.
* POTUS would have to establish a performance threshold (no license required below it), and review it every 6 mos. At least that's a tacit acknowledgement of obsolescence.
* "Certain sectors" could be established by POTUS that would be subject to "license free treatment of encryption products above the threshold". "Sector" seems to be undefined. Perhaps I'm just being cynical, but the word "patronage" comes to mind...
Re:Filthy Blighters (Score:1)
Perhaps -- it would be a textbook case of what psychologists call "projection".
Either is is blatently unconstitutional, or we need to shoot the buggers and start from scratch.
"America is at that awkward stage. It's too late to work within the system, but too early to shoot the bastards." -- Claire Wolfe
I'll say it again... it's time for us to head for the moon and live there.
Nah, let's send Weldon and his friends to the moon. Since they know so much more about how to properly manage technology than mere industry experts do, I'm sure they'll have no trouble at all extracting oxygen and water from the rocks and otherwise sustaining themselves there without any input from us geek peasants.
/.
Re:Protecting whom?? (Score:1)
This is an incredibly dangerous economic position. A significant portion of the gross national product is computer-related. Increasingly, the money is in network-enabled products.
Spread spectrum phones and the like show that the average consumer is catching the whiff that their privacy is important (note that the same encryption that protects the terrorist from the law protects my sister from a tech-savvy stalker with a scanner).
If I were an IT manager at a large corporation, I would not even consider a networking product without good encryption. Increasingly, information equals money, and I would not want my competitors to be able to snoop.
Q.E.D. The government of the U.S. has denied its corporations the right to participate in one of the largest software markets of the next century. From the perspective of a software/hardware engineer, I'm quite seriously considering emigrating. Any suggestions on destination?
Two strengths for IE? You bet! (Score:1)
Re:Leave the country, gain your freedom (Score:1)
Might as well email a brick wall.
No democracy here.
Re:Canada (Score:1)
Vote for me.. I will NOT protect your kids (Score:1)
But a lot of people get into this "Ohh protect my children from the evils of the world" Like cann't people be bothered to rase there own kids?
Re:They do have a clue (Score:1)
All of these rights you guys are talking about losing, half a million people in the capital of the US don't have currently.
And, you are right. I don't see anyone really fighting (that hard) to get them, because it has been this way for a very long time.
It's a little disturbing.
Re:They do NOT have a clue (Score:2)
Strong encryption will be built in to many products, they just won't be made or sold by American companies. This is a great opportunity for lesser known companies to get themselves into the market based on providing strong crypto.
American companies know this, and so would like to compete in that market. Unfortunatly, the Clinton administration just doesn't get it. Strong crypto WILL happen and WILL become ubiquitous. All it's going to take is the ineviatble stories of corperations loosing millions because of weak communications security. The only question is will U.S. manufacturers be locked out of the market.
As for law enforcement, even if they do know what to concentrate on, they could never enter it into evidence. With one time pad, there are many keys which will produce a coherent message, but you'll never prove which message was the one sent. Smart terrorists will know that as well, and dumb ones can be caught without breaking crypto.
Did anyone actually read the article? (Score:2)
What this article means: the original SAFE bill was a big step forward in allowing exports of U.S. crypto. This new version of the bill contains amendments made by the House Armed Services Committee. This particular version of SAFE doesn't include many of the pro-encryption points made in the first version. The House Rules Committee gets to decide which version of the bill goes to vote before the full House - the original, the crippled Armed Services Committee version, or some other version.
What this article doesn't mean: the entire House have totally reversed themselves on what they will support and are now strongly anti-crypto. The President will assume full control of crypto exports and this control can't be challenged in court. These things should not be read out of this article.
My opinion: It may be the case that SAFE will be watered down somewhat when it reaches the floor of the full House. Depending on the political realities of getting legislation through the House, some amount of compromise is probably unavoidable. The original SAFE bill was a big step forward though, and I don't think that momentum can be totally erased or even slowed for long. There are too many legitimate uses for encryption, and U.S. companies are only going to lose more money in the international market if they can't compete with strong crypto. The government may not want to encourage individual use of cryptography (and may even want to discourage it, depending on your level of paranoia) but there will be enough money in the business uses of encryption that export controls will have to be relaxed.
Disclaimer: I work for a large nameless company which would be very happy to export strong crypto. No more mainaining two product lines!