Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Encryption Security

Feature: WH Panel Calls for Crypto Export Reform 88

Kathleen Ellis, editor of the Privacy News Portal, has written an excellent feature about how The President's Export Council Subcommittee on Encryption (PECSENC) has recommended dropping almost all export controls on strong crypto, and why it is unlikely that this group's recommendations will be acted on in any meaningful way. (More below)

White House Subcommittee Endorses Crypto Reform.
Will Someone Please Listen?

By Kathleen Ellis

Another shot was fired in one of the longest-lasting and most contentious battles regarding Internet policy last Wednesday, when a White House advisory subcommittee announced it has recommended that the Clinton Administration all but reverse its restrictive stance on the export of encryption products.

The President's Export Council Subcommittee on Encryption (PECSENC) was formed earlier this year by the White House to provide guidance in the U.S. Government's development of encryption policy, which has been the subject of heated debate. As many Slashdot readers already know, the government has insisted for years that liberalizing encryption export could cause serious problems for national security by giving terrorists and criminals access to the technology. Of course, net activists and industry folk assert that the right to privacy supercedes the wishes of any bureaucrat, and that terrorists and criminals can just as easily get their crypto from any other country that does not restrict cryptographic exports.

Critics of the Administration's policy had expected to gain little support through the subcommittee's recommendations. William Crowell, the subcommittee's chairman, is currently President and CEO of Cylink Corporation, an internet security firm, but previously served as Deputy Director for the National Security Agency. Several committee members also had ties to law enforcement or other government agencies; Stewart Baker, an attorney with the Washington-based Steptoe & Johnson, is former general counsel to the NSA and is a vocal opponent of loosening restrictions on encryption. Steve Walker is former president of Trusted Information Systems (now owned by Network Associates), a leading producer of key escrowed encryption products, which the FBI has lobbied to make mandatory even for domestic use.

Despite these ties, however, the subcommittee cited a need for the U.S. government to "recognize market realities" and reverse its course on encryption policy. Among its recommendations:

- License-Free Zones: Recognizing that the European Union is planning to drop all cryptographic export rules between member countries, the US should likewise identify a list of countries which do not pose any major terrorist threat, and allow encryption export (hardware and software products) without a license.

- On-Line Merchants: On-line merchants based in other countries will be added to the list of business types permitted to have encryption products exported to them from the US. Banks and a limited number of other financial institutions currently enjoy this license exception.

- Mass-market hardware and software: Mass-market products which utilize up to 128-bit key length triple DES will enjoy license exception. "The US government should recognize the difficulty of controlling mass-market products once they are allowed to be exported to even limited sectors".

The subcommittee also suggests eliminating cumbersome reporting requirements for manufacturers of encryption products, as well as removal of source code, cryptographic Application Programming Interfaces and devices such as encrypting routers from the list of restricted technologies.

So cypherpunks across the nation will soon be free to export their code at will? Subcommittee chairman William Crowell is hesitant to say yes. "The Administration will have its own ideas about which of these recommendations are implementable. Vice President Gore has said that the administration would consider additional liberalization over what they announced last year, so it was important to get these recommendations to the table while they were thinking about it". He expects that the administration will make further changes to its export policy based on the recommendations sometime in September.

There are other signs of change on the horizon regarding the government's attitude toward encryption. The successor to the current Data Encryption Standard algorithm, which will be used by the U.S. Government for a multitude of purposes, will be chosen by the National Institute of Standards and Technology with the next few months. Four out of the five Advanced Encryption Standard finalists were developed, at least in part, by cryptographers based overseas or holding foreign citizenships. The fact that such decisions could be made by NIST requires the acknowledgement, at least on some level, that good encryption can be produced in countries not affected by U.S. export law, and hence, can be made available around the world.

However, one prominent activist is still skeptical about the potential effect this announcement may actually have on U.S. policy. "This doesn't change policy, this is just yet another group that has come forward and said 'the U.S. policy is abysmal, it needs to be scrapped'" says David Banisar, Deputy Director of Privacy International, and co-author of "The Electronic Privacy Papers". "Many distinguished groups in the past have made similar recommendations...the Clinton Administration has thus far rejected any attempts to dramatically reform export control laws".

Banisar likened the potential influence of the PECSENC recommendations to those of a report published by the National Research Council in 1996. Much more conservative than the PECSENC subcommittee's suggestions, "Cryptography's Role In Securing the Information Society" was written by a committee comprised of government officials, representatives from the computing industry, and academics. The NRC committee's recommendation that 56-bit DES encryption took two years for the Bureau of Export Administration to implement, and many of the other valuable points in the report have never been implemented. The NRC report suggested that U.S. policy should take into account the "nonconfidentiality uses" encryption has to offer. U.S. policy still does not support the use of encryption for the purposes of authentication, which the committee identified as an "important crime-fighting measure". Indeed, one would think that the F.B.I. and the Department of Commerce would hasten to encourage the use of such technologies.

Banisar also expressed concerns about the provisions favoring online merchants. "The e-commerce exports have already been promised to online merchants...they will get what they want, which helps the Clinton Administration divide and conquer their opposition". Banisar stated that civil libertarians lost a powerful lobbying ally when banks were granted the same licensing exemptions now promised to entrepreneurs online. "When a wealthier group gets what they want, they stop fighting, and the everyday users get screwed."

It also seems that the recommendations do not go far enough to help the people who need encryption technology most. Barbara Simons is President of the Association for Computing Machinery and one of the members of the PECSENC committee. "It appears that the recommendations don't address the needs of people working for human rights in countries with repressive regimes," she says.

The human rights issue is a valid one within the debate on U.S. encryption policy. The American Association for the Advancement of Science's Cryptography, Scientific Freedom, and Human Rights program trains human rights workers to use encryption technology in countries like Guatemala and China, where oppressive governments have a way of making insurrectionists disappear. A letter from AAAS to the House or Representatives Committee on International relations states that "human rights activists are killed, tortured, disappeared and jailed for trying to expose horrendous abuses...[they] use encryption to protect themselves, the victims and eyewitnesses they are interviewing, and human rights colleagues around the world when they communicate sensitive information on grave abuses of human rights".

It would be wise and compassionate for the Clinton Administration to authorize a new class of license exceptions for human rights workers travelling into countries that don't fall under the "favored nations" exemptions for encryption exports. If national security were really a concern in these cases, they could add strict guidelines describing who the software could legally be distributed to within those countries. Unfortunately, PECSENC seems to have overlooked this important issue.

Despite these shortcomings, there are some definite gains to be made by following PECSENC's recommendations. Net activists will be keeping their fingers crossed when the White House reviews them next month. Progress has been far too slow in coming, and if there's ever been a time for our government to start making some positive decisions, this certainly is it.

This discussion has been archived. No new comments can be posted.

Feature: WH Subcommittee Endorses Crypto Reform

Comments Filter:
  • by Anonymous Coward
    When I was in the Army, we didn't even have encryption; I had to write every secret message in blood on the single piece of toilet paper allotted to me for a day's biological evacuatory activities, wipe my arse over it to obscure the text, and wrap the paper three times around an irregular stick before Fedexing it over enemy lines. You kids today, you don't know the MEANING OF PAIN! Where's my gun.
  • There are plenty of fanatics out there. Many of them are willing to give their lives for their cause. Does the government really think they would hesitate to upload a strong encryption program to an ftp site so that it could be downloaded by someone in another country? Sure, they risk going to jail. Does that scare them? I doubt it.

  • Customer: ...So is it fixable?

    Mathematician: Let me think about it.....

    Customer: Well?

    Mathematician:(triumphant) Yes, a solution exists.

    Customer: What is it?

    Mathematician: I don't know.

    --
  • This, of course, assumes that the NSA hasn't found any 'holes' in the algorithms (or the implementations of these algorithms) that would cut that to a reasonable time.

    Remember, the NSA is the worlds largest employer of mathematicians. They aren't there as tech support, either.
  • "None of the above" should be required by law on all election ballots. That way it would never be a waste of time to go to the ballot box.
    --
  • ... none of the story is presently appearing on the front page? The header is there, but no text. almost as if the spooks cracked slashdot and erased it.
  • If the US Government was minimally confident in their policies, they would recognise that strong crypto may actually help the people to keep the Government in check.

    But its not in the governments best interest to have the government kept in check, is it?
  • Not only that, but at the top of the comments page where I looked to try to find out what the story was there was a link to the archived "Hope in the Hellmouth" story, apparently from May 3rd instead of the links to the stories above and below on the main page.

    And I'm sure that a couple of stories on today's page that say they posted yesterday weren't where they are now when I looked last night.

  • Well, if the SEC can get a story pulled from /. without explanation, it should be child's play for the NSA to "disappear" one.

  • Shrivelup

    I stole that from a couple of guys who did it on the Carson show one night, I think it was Mack and Jaime (and I don't guarantee the spelling of either name).

  • Back in 1992, Spy magazine had 1000 (or was it 100?) reasons to not vote for George Bush. Top on the list was "What would you think if the head of the KGB was elected president of Russia?".

    Er, like a former head of the KGB was leader of the USSR from 1985-1992? Margaret Thatcher said the man was someone the West could deal with, Time Magazine thought enough of him to name him Man of the Decade for the 1980's, and the Swedes gave him a Nobel Peace Prize.

    Sorry you missed Spy's little joke -- at the time, I personally thought it was hillarious.
  • Do not hold your breath, or your security concerns, for an OFFICAL announcement. In fact, that it even came out at all is more than I thought would happen.

    The best course of action is to just assume the worst, or near worst. If you send something in the Clear over the wires it can be read. If you store something in the Clear, it can be gotten and read. If you encrypt something you will be hampering the easy reading of your transactions, but that sooner or latter those alwasy will be read if the need arises.

    Do not look to the media or your elected officials for guidence, thats a deer-in-the-headlights approach. Grab some good strong crypto, legal or not, and use it. Also dont put out on the wires things you dont want everyone knowing.

    This way you have some control over the flow of possibly compromised information

    oh yea, and on every clear or encrypted message tack on this string in the clear...
    CLINTON DEATH KILL HILLARY GORE IRAN CONTRA BOMB EXPLOSIVE WALL STREET MURDER DRUGS COKE COLUMBIA MAFIA NSA BILL LOVES ME LIBYA IRAQ SADAM REGAN BUSH LICK LICK LICK CHELSEA YUMMY FREE SPEACH KIBO CUTHULU
  • While I agree with some of the things you said, I don't agree with your conclusion.

    That attitude is the "I run Linux because it is anything but Micro$loth" attitude. Choose your candidate becase he/she matches your beliefs, not becase of their party. Otherwise you will be sorry with what you end up with down the line.
  • Somewhere around the least known pages of one of the UN supported organizations (forgot which one) there are stats for:
    1. How many policemen are per capita
    2. How many people are in jail, on parole or forced to do unvoluntary labor (usually known as "community service").

    These give a very good idea. Actually some of them were in a recent USA today as well.
  • The issue with technology and the govt. isn't Clinton per se, since he just happened to be around at the time when technology was reaching
    everyone on the planet. Govt. has never been known for its speed. The Constition is built to make things hard to do for a reason. Thus, govt. (be
    it republican or democrat) will take a while to adjust to new technology and new ideas.

    Actually, this particular law leaves a lot of discretion in the hands of the Executive Branch, which could change the rules at the drop of a hat (but doesn't). Part of the problem is the way policies are made in government (insert tongue in cheek (but only partway) and feel free to correct me if I miss a step):

    Generally, the way it works is: Official A (in this case, the President, but it could be the Secretary of Commerce or virtually any PHB in government) asks for an expert opinion from an outsider, and gets a document. He asks his staff who needs to see it, then gets those cabinet members to review it. About 80% the time, the outsider has a good idea, the other 20% we start with a fragrant crock.

    Official B (in this case, the Attorney General or the FBI director) is still too high on the toem pole to understand the document, so it's referred down to career manager C, who notices that implementing the suggestion would a) reduce their budget, b) reduce their leverage, c) make their job harder. They instruct their staff to "Shoot this down". Staff comes up with a reasonable critique, which is returned to them on a silver platter with a self-destructing sticky note saying "Not strong enough -- use a trowel". If the review was favorable, they receive the platter in a "meeting", where choice phrases are offered as a side dish. Staff gives up on their principles and takes the platter down to the horse stables to load it up. Said platter, now steaming, is returned to B, who returns it to Official A.

    A now has a choice: offend an expert that no-one has heard of, or make the papers for overriding B, who he's on record touting as the greatest expert in living memory on the subject for which B was hired. A had to make that kind of recommendation to get B past the review board, so A is stuck with the steaming plate, unless he passes the whole mess to Staffer D, (say, the National Security Advisor) who uses a similar method to return a steaming, loaded plate of different opinion to the big cheese (A).


    Now A is really in a bind, and has to propose a policy that averages the agendas of his staffers with the expert opinion. This sometimes stops the stupid suggestions (but remember, it's an average) and it also tends to prevent really smart stuff from going through (almost perfectly, when the current policy isn't similar to the smart policy). This Rube Goldberg method is used to formulate any policy that wasn't in the campaign (and most of the ones that were) by almost every elected official (unless they actually know something about the issue). It also ensures that unless A or B understands the issue, a change of administration does not mean a change of policy (unless, as mentioned above, it was a plank, or it's been a real embarassment and come to someone's attention).


    Notice that most of your high officials these days are lawyers, not geeks, so you'll never see a change in the rules on highly technical issues until the rules come to someone's attention by being inconvenient for a big contributor, or until we elect someone whose advisors talk them into making a campaign promise about the problem.

    So go out and become a high-priced campaign consultant (the more you charge the better they'll listen), or write me in for President in 2000!

  • Well, there are qualitative differences, even if we had only one law:


    "Do what thou wilt shall be the whole of the law."


    vs.


    "What the King says goes."


    Elvis has left the building...

  • But its not in the governments best interest to have the government kept in check, is it?

    Actually, it is. If the government keeps its policies "in bounds" (as defined by the governed), the government will be safe. But when you average together all the instincts of all the politicians, and factor in their knowledge and the public's knowledge about the topic, the enlightened self-interest of the body tends to give way to greed and the lust for power... or fear of change and the unknown.

    I still don't understand why organized crime hasn't instituted their own PKI (I know, "they're not that organized"). Or if they have, why the FBI hasn't complained...

  • [Bzzzt!] Mostly wrong...

    Politicians must use their own judgement to decide what they think is best for their population, both their constituents and the bodies within which their consituents exist (what's good for Ohio isn't always good for the nation, and occasionally their Senators should know that). The people should elect representatives that have strong opinions that the people agree with. If Chicago elects Chuck Heston as mayor, they'd better want a batch of pro-gun legislation delivered to the city council on Day 1. And Chuck had better do it, too! If he said he'd be anti-gun, then Chicago had better recall him or vote him out at the next election (and I'll start distributing real-estate flyers there :).

    A democracy that depends entirely on polls and the "voice of the people" will automatically become a tyrrany by the majority. We require politicians to exercise their principles and judgement to protect our freedoms, even when it's inconvenient to the majority (even when it doesn't "protect the children" or "fight the terrorists").

    Unfortunately, parties don't like to put forward opinionated candidates. They're more worried about losing the your minority here vote than they are interested in principled leadership.

    The politician must put the good of the people before his own good (i.e., he must avoid exercising power to enrich himself) but he must advance an agenda that he believes in, or why bother with representation?

    If your thesis holds, we don't need choice -- just poll the people, or eject anyone who votes against the political wind and appoint another milksop....

  • What do you do if the person who does not represent the majority of your fellow citizens' beliefs on a particular issue? Do you
    just give up and say, "Well, senator foobar is in charge, I'll just let him decide what to do." Bullshit, I'm going to bug hs ass to do
    what I (his constituent) demand he do. If others join me, he may put his own ideas aside and do his job, namely, representing us.

    Usually I applaud -- we did elect Sen. Helms, you know, so obviously my majority is flawed. :-)

    But I digress.... How did Sen. Foobar get the job, if you knew he was gonna do that? Who are you to Sen. Foobar? If he wants to raise taxes over your objections he will. It might be a good idea. He might think we need a tax break instead of paying down our debts. You might disagree. Tough! If he doesn't perform vote him out! Our representatives are there to do what they think is right, which is why we put them there. Sure, we should inform them that they're wrong, and if they don't listen enough we should kick 'em out at the next election. The information that they won't be coming back may be persuasive, but if my rep feels strongly about an issue, I want him to sacrifice his job to do the right thing (if it's that important). Even if that results in deadlock, sometimes nothing getting done is better than doing the wrong thing.


    We don't live in a representative democracy. We live in a democratic republic -- our publicans do as they please with our only check on their vote being our vote (and the occasional recall clause, depending on your State constitution or articles of incorporation). By the way, the President is not above the Congress, nor is the Judiciary above the two of them. They all have roles in dynamic tension with the others. The day they stop disagreeing is the day your freedoms either flourish or expire (any bets?).


    The idea of our system is that the will of the people trickles to the top and if it's not a bad idea it gets carried out. It takes a super-majority to bypass a Presidential veto ... so you see, the President is there (partly) to disagree with the majority of Congress when in his judgement the Congress has done a bad thing. The reason is to protect us from the majority's shortsightedness. Congress can override his judgement if their cause is obviously right, but the framers are banking on at least 1/3 + 1 of one house or the other knowing when to bow to the President's arguement and when to stand up. Of course, real people (especially people without a point of view, who look to the polls to find out what they should think) sometimes screw the system up and let the Bad Law get passed... That's what the next Congress is for.


    By the way, I agree that you should inform your representative of your opinion. But sometimes you'll be wrong and your neighbors will be wrong but it will be important that your rep goes the right way. It's equally important that you vote him out if you judge that, on the average, he's gone the other way too often. I reiterate -- if he always follows the majority's opinion, there's no reason for him to be there (we could do it better with a computer or a Harris poll). Heck, with human politicians, you have to try to find one that thinks like you do -- otherwise he won't always vote the majority line.... ;-)

  • Crypt uses a 1-way cryptography function. It can't be decrypted. So if you encrypted files with it, then the only way to decrypt it would be to brute force it. In which case, you might as well re-write the file because that'd be done sooner.
  • >What I want to know is if there is any body, any organisation, any international group (maybe
    >the red cross or the WHO or someone like that) who actually tries to measure HOW free the
    >countries of the world are.

    Freedom House [freedomhouse.org] has been doing this since 1970.

    >Okay, choosing ways to measure is going to be hard. Do high tax rates count as an infringement
    >on freedom? Does a high incidence of crime count against a country? Do export restrictions
    >really hurt people within the country, or do they just infringe the liberty of people outside
    >the country?

    Freedom House's rankings do not directly measure such things, and some of what it does look for is biased towards higher government expenditure (and thus higer taxes.

    >I honestly have no idea if such a measure exists, nor whether the US would top the poll or
    >not. I just wonder. If you could point the media at such a poll and get them to tell the
    >population "These things are stopping us from calling ourselves the most free nation on earth"
    >would it be easier to get them to do something about it (IE stop voting for it).

    The United States places quite well in the Freedom House ratings, but there are criticisms in their report [freedomhouse.org]. In terms of economic freedom, the United States likely leads the pack by a more significant margin than in other measures.

  • I hope that the reason that this article isn't showing up for me (but the comments are) is not some three-letter agency's new filtering software installed on all routers, but just a bug in ./




    --
  • Agreed.

    In a way, I'm glad that US citizens are being targeted, because people outside of the US have little recourse from US snooping and no lobbying influence on US policy making. Its up to you folks!

    I see that Germany has reneged on the Wassenaur agreement and relaxed encryption controls. There is hope yet...

    Cheers,

    Bobzibub.
  • As I see it, the problem with third parties is that they often hurt one of the two primary parties, but usually not both.
    So far this has accually not been the case. For example as in the 92 and 96 national elections both times the Republicans, blamed Perot of allowing them to loose the election. It was receitly show (sorry I can't give you a url to look up this information yourself) that based uponn polling, of the people polled who said they voted for perot that it was a 50/50 when asked who would they have voted for had perot not been running. So in effect it didn't change the national election at all, except to give the republican party something to yell about. Also it was oviously a lie when people said you would "waste your vote" because the same guy won who would have won in the first place, (though its slightly possible that if noone had believed they would have wasted their vote Perot could have won, and I'm not going to debate on weither that would have been good or bad)

    ho else is frustrated with the assumption that the 2000 race will be Gore vs. Bush?
    Hey did you know that Alan Keyes (spelling?) won the Alabama straw poll. I was in complete shock myself a black republican income tax abolisionist (spelling?) winning a straw poll in the south (btw just for note this straw poll was suppositivly set up so the money from the parties was pooled together or something like that, basically making it so they couldn't buy the vote like they did in ohio.. or wherever that last one was)
  • Our current administration seems to be playing the game of pat them on the back so they wont notice your pissing on their leg. They petition congress to monitor all traffic. They petition the world to do away with encryption. Then they throw out a report saying we should allow encryption. hogwash. That report is nothing but a smokescreen to give the impression of friendship. There is none. It may be argued in courts and congress if its needed to continue the charade, but your privacy is gone, and is not coming back, unless we all simply start encrypting everything. heavy encryption. who cares if someone from the other side of the world can see it or not, they can download their own pgp from elsewhere.
  • You won't know anything till after
    Bush takes office.
  • Okay, the US likes to call itself the land of the free and we all know that there are plenty of places in the world where people are worse off - less free - than they are in the US. It seems to me though that, at an increasingly rapid rate, those freedoms are being taken away, mostly in the name of the children and the war on drugs of course.

    What I want to know is if there is any body, any organisation, any international group (maybe the red cross or the WHO or someone like that) who actually tries to measure HOW free the countries of the world are.

    Okay, choosing ways to measure is going to be hard. Do high tax rates count as an infringement on freedom? Does a high incidence of crime count against a country? Do export restrictions really hurt people within the country, or do they just infringe the liberty of people outside the country?

    I honestly have no idea if such a measure exists, nor whether the US would top the poll or not. I just wonder. If you could point the media at such a poll and get them to tell the population "These things are stopping us from calling ourselves the most free nation on earth" would it be easier to get them to do something about it (IE stop voting for it).

    Hummm. I bet all the nationalists start shouting at each other now, that won't be helpful. For what it's worth I live in the UK and I don't think the UK would top that poll anyway. My money would probably be on some Scandanavian country.

    Pre.....
  • what is this article?!

    Posted by on
    from the dept.

    ( Read More... | 31 of 34 comments )

    is it broken?
    am i broken?
    whats going on?
  • You know, there's something that gets me every time, it's the ambivalent discourse used by both sides of the Government on this issue.

    On one side, the US Government fears "terrorists and criminals" would use strong crypto as part o their efforts to destabilise the US Government. Yet they think it perfectly rational to allow dissidents in other countries like China to use strong crypto, because these men are fighting an oppressor.

    Does that mean you're a terrorist when you fight the US Government, but you become a liberator when you fight the Commies? Please. If the US Government was minimally confident in their policies, they would recognise that strong crypto may actually help the people to keep the Government in check.

    But that's asking too much of politicians, of course.

    "There is no surer way to ruin a good discussion than to contaminate it with the facts."

  • Yeah, I know, I wasn't clear about what I meant. I meant that arguments on both sides seem to assume that US counter acts == bad and China counter acts == good. That's the hypocrisy I was denouncing. The question is not, 'crypto against US is bad but cryto against China is good', it should be, 'crypto in any country is good as a check against the Government'.

    "There is no surer way to ruin a good discussion than to contaminate it with the facts."

  • The clinton admin was really beginning to bug me with regard to this topic. This might be the start of a turnaround.

    -awc
  • With Clinton on his way to lame-duck-hood, does anyone know the positions of the major presidential candidates on encryption? Presumably Gore follows Clinton's lead on this, what about Bush, Bradley, Forbes, Dole...?
  • on everything, but it looks like they were quick to silence this article (unless it's a freak accident on ./'s end...).

    Anyone care to clue me in on what it was about? I think I've got the jist of it, but I'd like to make sure. (Gov't trying to restrict weak encryption within our borders as well?)

    -e

  • I think this whole limiting encryption export thing is ridiculous. The Bad Guys already have strong encryption from other countries, or they could write their own. The government keeps getting more and more paranoid...
  • Note to previous posters: crypt(1) != crypt(3), and is in fact a fully reversible, albeit rather weak, encryption (versus hashing/message-digest) implementation.

    According to the man page for crypt.1 on this box (a sun4u running Solaris), it uses the same algorithm as ed, ex and vi in encryption mode. So, any of those should work...
  • Ugh. Regarding Gore/Bush, well, I loathe Gore and Bush is looking remarkably Clintonesque in his attempts to evade questions -- but that's another rant.

    Another thing is that here, we don't use proportional representation. A single minority party could win 15% of the votes in all the House races, but not win a single seat; on the other hand, with massive numbers of parties and a relative rarity of runoffs (normally: plurality wins), a party could theoretically sweep both houses w/ 15% in all races if the rest of the votes were divided among many others.

    My suspicion would be that a lot of GOPers would be absolutely thrilled if Nader ran for Pres. under the Green party, since that might be enough to deny the Democrats all the electoral votes of California. OTOH, you do get the occasional viable (at least at the state level) third-party candidacy, like Ventura and the Reform Party...

    As for NOTA... I'm not sure that it would matter that much. Remember that already our President does not have much of a mandate, having won only something like 43% of the (popular, not electoral) votes cast, and a relatively low percentage of eligible voters actually voted. That's public information, and it doesn't seem to have hurt him in the slightest. Given that few would vote for NOTA (in all odds)...
  • Hmmm. Mathematicians giving tech support... now that might be interesting.

    Customer: Can you please help me? My computer stopped working.

    Techie: Let's start with the base case. First, completely disassemble your computer, making sure to lay out the parts in order...

    ;)
  • Apparently, now Slashdot articles can travel back in time. This article did have a timestamp of 3:32p on 8/31. I check /. an hour later, and the time has changed to 12:00p, 8/31.

    Either the NSA's trying to break this article and the future of encrypted life as we know it, or there's an "undocumented feature" in /.


    And I thought my day was weird enough already.
  • Considering that a team of private citizens can now crack [slashdot.org] 512-bit RSA keys I think that the government could easily throw enough computing resources to crack *any* imaginable encryption in a surprisingly short time. So there is no longer a compelling technical reason for the government to claim that encryption endangers national security.

    The only remaining obstacle is government arrogance (How dare they interfere with our attempts to snoop on them?).
  • How long do they really think that the export restrictions will last? and how do they think that it will stop terrorists stop using strong encryption?

    Glad to see that Ireland has one of the most liberal laws in the world:

    http://www.ecommercegov.ie/p6.html
  • In the most base sense, laws are restrictions on what we can do. Why not measure freedom (or lack of) quantitativly by how many laws we have?

    Anyone know how many laws we have in the US?
  • Nevada is the only state that mandates a "None of The Above" selection on statewide ballots. They've had it there since '76, and NOTA has only won twice since then. Their law is non-binding, meaning that if NOTA wins the second place human gets the job, but they get it knowing that most people prefer Nobody.

    An even better approach would be to make it binding, which forces a new election if no one likes a slate of lousy candidates. But if it were available we probably wouldn't see nearly as many lousy candidates in the first place. For instance, in the last New York State elections nearly everyone hated both D'Amato and Schumer. If NOTA were in effect it's likely that one, or both, parties would have give us a better choice.

    For a longer rant on the subject check out the article The Frog and Peach [rr.com] in The Hittman Chronicle.
  • Top on the list was "What would you think if the head of the KGB was elected president of Russia?".

    Well, how does the head of the KGB as Prime Minister suit you? He in charge for all intents and purposes now. Further, Boris has chosen him to succeed him as president after his term is up. Of course no one listens to that drunk anymore, though.

  • While I am a strong supporter of removing all government controls on encryption, your logic is seriously flawed. RSA 512-bit is not that strong relative to other algorithms out there. While we don't know what the NSA is capable of, we can be fairly confident that they aren't breaking the newer algorithms. The computing resources required to break them using today's (admittedly private) understanding of cryptography is truly mind-boggling. I recommend picking up a copy of "Applied Cryptography" if you wish to learn more.
  • Warren Beatty said something to that effect recently:

    We don't need a third party, we need a second one.

    But you're right, five or so sounds right to me.
    --

  • ...it will take the echelon-esque machines longer to index and scan it...or perhaps they will skip over it ;)

    Anonymous Coward, get it? :)
  • I'm not sure what's up with Slashdot..somebody needs to be smacked upside the head with a large trout. :)

    Go to http://www.tux.org/~protozoa/slashdot2.html..there 's a copy of the article there.

    -Kathleen Ellis
  • I agree with you, Enry, but I'd add that the encryption debate is one of the most bi-partisan of all time. There's really no liberals vs. conservatives issue here..it's big guys with guns vs. little guys with computers.

    In the article above, follow the link to the "Electronic Privacy Papers" written by Dave Banisar and Bruce Schneier. There's a lot of information in that book about the Bush Administration and Clipper (everybody here remember the Clipper chip?).

    I didn't mean to come across as if Bill Clinton himself were responsible for this entire debate..it started before he was in office, and it'll continue, I'm sure, long after the Democrats lose a presidential election (whenever that may be).

    -K
  • It's back up...you can click through the main page. Look for the big stars-n-stripes. :)

    Thanks, Roblimo.
  • Actually, a lot of different non-profit types monitor this sort of thing. On the subject of encryption, check out "Cryptography & Liberty 1999 [epic.org]", a report published by the Electronic Privacy Information Center [epic.org]. It's a country-by-country analysis of crypto policy. Countries are rated as "Red" for most restrictive, "Yellow" for somewhat restrected or likely to restrict in the future, and "Green" for having no restrictions on encryption technology. This is the second year they've published the report, and they discuss progress and changes in policy during the past year.

    Amnesty International [amnesty.org] and Human Rights Watch [hrw.org] keep an eye on the more general issues of freedom and human rights, and have hundreds of reports on this sort of thing.
  • See, that's the problem: the US Government _doesn't_ allow encryption to go to China for the dissidents to use. They don't seem to want anyone to use it for anything, especially overseas. Recheck the article..there's a whole section about this.
  • As a Texan, I can speak to Gov. Bush's record on personal liberties. He backed the right of individuals to own guns, the right to carry a concealed weapon (which has helped reduce violent crime by over 25%), land use rights, and on and on. He has supported smaller, less intrusive government, and a hand UP -- not handouts.

    Shall we observe the record of Clinton (and other Liberals) in the same vein? Babbit (Interior) has fought to deny people the right to use their land. [cases on point: Texas ranchers prohibited from use of their own grazing land, 80 yr old woman prevented from building a house on her land (which the government has "agreed to buy", but has no funds -- effectively taking her land without compensation!)]. Clinton and Gore demand that we give keys to any encryption to the government. Clinton wants our medical records. And a hundred or so more invasions of privacy and tramplings on civil liberties.

    The problem is that Liberals truly BELIEVE that they are so amart that they can create a utopia -- but they are actually so naive that they cannot see that the things they seek to take away are more valuable than the "security" they wish us to believe they are giving! Conservatives, like Ben Franklin and Thomas Jefferson, believe that the BEST government is the LEAST government. It is true in EVERY government of EVERY form that government does NOTHING well!

    It is possible to help people UP only by treating them with respect while building them up. When you demean people by doing for them what they could (and should) do for themselves, you only tear them down and take away their dignity.
  • Something I've been wondering about, but never seen with regards to the whole crypto export argument is this: If the terrorists are worried enough to be using cryptography in the first place, what's to stop them from going out, and finding some 3l33t warez d00d that has something that they wouldn't be able to buy in their country, and download it anyways? If they're planning on blowing up a building, I'm doubting that they'll be worried about a slap on the wrist from the SPA or the BSA. Or am I just misjudging terrorists?
  • Encryption is already readily available to the masses, quality secure encryption that is free and open source. The problem is, not a lot of people use it, just people who are aware they should. Many people who really, really should encrypt don't use it.

    I wrote what I think is an easy to understand page about why ordinary people should use encryption. I'd like you to check it out, comment on how I might improve it, give me links, and most importantly, link to the page and get people you care about to read and and download encryption software.

    It's at http://www.goingware.com/encryption [goingware.com]

    I'd like you all to consider making an active effort to teach people in your companies and community to use encryption. For example, you could bring a PC down to a community center for an evening and teach people how to use PGP [pgpi.org] and Speak Freely, [speakfreely.org] then hand them out on CD's (by a burner if you have to, or pay a service to burn 50 of them for you, it won't cost much). Advertise this on bulletin boards, community access TV and so on, radio station community service announcements, etc.

    Do you support a particular political candidate? Volunteer to teach them and their staff how to encrypt.

    Mike Crawford

    GoingWare [goingware.com] - Expert Software Development and Consulting

    http://www.goingware.com [goingware.com]

    crawford@goingware.com [mailto]

  • Yep, I'm one of those pinko liberals that voted for Clinton. However....

    The issue with technology and the govt. isn't Clinton per se, since he just happened to be around at the time when technology was reaching everyone on the planet. Govt. has never been known for its speed. The Constition is built to make things hard to do for a reason. Thus, govt. (be it republican or democrat) will take a while to adjust to new technology and new ideas.

    Back in 1992, Spy magazine had 1000 (or was it 100?) reasons to not vote for George Bush. Top on the list was "What would you think if the head of the KGB was elected president of Russia?". Bush used to run the CIA! Do you seriously think he'd be in favor of personal liberties?

    Sure some of Clinton's ideas are whacky. But consider the more frightening alternative.
  • This has been under discussion on Technocrat (though I use the term loosely, as hardly anyone ever posts there) for a while. Maybe here, it can get the attention this issue deserves.

    IMHO, this new recommendation probably won't do anything. In fact, I rather suspect it might even entrench the current position even more. Given the attitudes of the people on the subcommittee, it's crossed my mind that that might be the very reaction they want. (Anyone here ever watch "Yes, Prime Minister"? If I'm correct, Sir Humphrey would be proud of them.)

  • Maybe the story's been encrypted. :)
  • Ahem. Who shredded the constitution when he declared the War On Drugs? They all suck. Thank you, drive through.
  • So perhaps, embedding something like "Clinton and his people need a bullet through the head" and "We will make Oklahoma City look like a firecracker" would trip it off? Or would it be smart enough to see the quotes? How about if I just put it at the end without any surrounding sentences?

    No, not that smart methinks.
  • I think it's pretty much a given that George Bush would have had the same stand on encryption policy as Bill Clinton does. And the same would probably apply to Bob Dole, Al Gore, George W. Bush ...

    The simple fact of the matter is that the Federal government lies to itself in the name of power. Allow me to present two (non-crypto, non-geeky) examples to demonstrate my point:

    During the Reagan years, the government refused political asylum to persons fleeing from torture and rape, because the dictators they fled from were in America's pockets instead of the Soviets'. Fascist regimes in Chile, Guatemala, El Salvador, Brazil, &c were conveniently classified as "democracies" and given millions in funding to support death squads, censorship, and the usual BS you get with any fascist dictatorship. (Of course, we were fighting Communism at the time; but you'd be hard stretched to prove that people were better off under our fascist governments than under their communist governments. At least the communist nations had decent education systems and better standards of living, even if no more actual freedom.)

    We see this same phenomenon in the Drug War. Prominent judges and scientists have stated for years that we need to either relax or abandon our War on Drugs. Virtually every politician is scared to take their advice, because they would almost certainly lose the next election (or so the thinking goes). Meanwhile, officials in the Federal government ignore the advice of their own experts and continue to tell the public, the elected officials, and the media that all of the experts are wrong, and that it is worth our while to invade our most basic liberties in order to stamp out this enemy. Again, the enemy is overblown; the response is to over-react; the evidence and arguments for sanity are ignored.

    Both of these phenomena would have occured under any administration. This is because they are sustained by elements of the government that are willing to lie to the President and the Congress to get their way. These same elements are the elements in control of the "war on crypto." These are the persons telling Congress, under oath, that the minimum time that the NSA could take to crack DES is seven thousand years; and the same persons who call the EFF "irresponsible" when they figure out a way to break DES in five days. These are the same elements who will ensure that nothing changes in crypto policy, except for continued erosion of our civil rights.

    What's the alternative? Hell if I know....

  • This is really insane, I don't understand why they would censor something like
    In syntax checking... please try later

    I personally In syntax checking... please try later with everything that they said.

    Rest of this message is awaiting syntax checking. Return later for the post!
  • Conservatives, like Ben Franklin and Thomas Jefferson, believe that the BEST government is the LEAST government.
    While I'm sure you'll get flamed to hell for that whole article, but I accually agreed with you at the risk of being flammed myself.. cause hey, what would liberty be for if we didn't speak up. But anyways, I just wanted to point out that accually ben franklin and jefferson where not considered conservatives. I mean seriously, if you think about it it takes alot of non conservatist ideas to impliment an entire new governmental system. Sadly what people don't seem to realize is that the system they implimented was a wonderful system, and only needs revising given a national crisis (rosevelts "New Deal' for instance, which we have completly destroyed the initial intent and direction of btw). Libralism (for lack of a better word) is needed, but not constantly. Thats why we have a 2 party system. And thats also why the original constitution only setup congress for one month a year, cause if you spend an entire year passing law after law, eventually your gonna overcrowd yourself. Oh well!
  • We need a fourth, fifth, sixth, etc. party.

    As I see it, the problem with third parties is that they often hurt one of the two primary parties, but usually not both.

    Example: n voters tend to vote Republican, but become disillusioned because they see the party straying from its roots. They support a third-party alternative who draws votes from the Republican party. This results in a Democrat victory. Perhaps the majority did not want a Democratic candidate in office, but their fragmentation put the candidate there.

    My example is hypothetical, but I understand that in one case the Green Party actually drew enough votes from a Democratic candidate to put the Republican rival in office.

    Nationally, America still sees things as X vs. Y. There is something in our mindset which makes us more preoccupied with "winning" than with finding a solution. Our press tends to promote this view -- who else is frustrated with the assumption that the 2000 race will be Gore vs. Bush? We're not even to the primaries yet and already these two are being treated as the only viable candidates!

    I've heard of some success in local elections where "None of the above" was an option. If NOTA wins, they pick new candidates and do the whole thing over. Can you imagine if they did that on a national level? Millions of dollars in campaign money lost to a public vote of "no confidence" -- what a concept!

  • Has everyone forgotten that the NSA et al might actually be able to break encryption commonly in use? If this were true, their fears re: encryption would not be the obviously illogical "criminals will use it". Perhaps they fear:
    • If most communications have mild encryption, the spook machine (cocaine *cough*, sorry, just feeding it) won't be able to keep up scanning ordinary traffic
    • If weaker encryption was common, terrorists, child porn peddlers, and other bogeymen might upgrade their encryption to something stronger just to keep up with the times, rendering their messages actually uncrackable.
    • If all or most traffic were even weakly encrypted, it would be very difficult to scan for messages using strong encryption. Every good police state knows that if you are hiding something, you must be guilty of something.


    I don't have any evidence that the NSA and their panty-boy Clinton actually have the interests of the public in mind, but I see no reason to assume that they are actually stupid enough to think that encryption controls actually work the way they claim.


    Congressional members, that's another matter.

  • I think Amnesty International publishes such a ranking annually.

    However, I'm sure we would all have cause to quibble with their methodology.

    As for your points, yes, taxation must be considered in any reasonable measure. Even export controls would have to be counted, although they might not be weighted very heavily for some obscure items. Cryptography, however, is so central to liberty that it must get some extra consideration.

    I live in the U.S. and encounter the limits of my liberty regularly. One of my interests is cryptography, btw, so I just basically sit on my source code. bleah.
  • But its not in the governments best interest to have the government kept in check, is it?

    Yeah. And it's a pity. Firearms proponents have sometimes claimed that the right to bear arms was designed to keep the Government in check in case it goes bonkers. (I also think it's not a coincidence given this fact that many cypherpunks are pro-guns.) Although I think there are many reasons to disagree with using firearms to keep a Government in check, I think that self-imposed mechanisms to keep a Democracy from turning into Despotism is a wonderful concept.

    Hey, I bet if the USA were founded today, by the same kind of people who founded it and not the current batch of demagogues, Americans would have a constitutional right to strong encryption! :)

    But instead, we get a bunch of paranoid politicians knowing their country is not run straight enough not to fear perfectly secure criticism. And so we get Echelon, strong crypto export laws and a paranoid NSA breathing down cryptographer necks.

    There, the soapbox is available now, I'm done. :)

    "There is no surer way to ruin a good discussion than to contaminate it with the facts."

  • This law is as much to stop US citizens from getting convenient crypto as for any thoughts on the non-US market: because products that use strong crypto are export-controlled, people simply make fewer products that are based on strong crypto, to avoid limiting their sales and probably incurring legal costs and general hassle. This means US citizens use lots of products that would have been crypto-enabled as a matter of course, but aren't, because of this law.

    In that sense, it's quite effective despite being manifestly unenforceable and silly.
    --
  • by Malor ( 3658 ) on Tuesday August 31, 1999 @09:58AM (#1714591) Journal
    As long as we're talking about government, did you notice how Echelon has just disappeared from the news?

    Just *gone*.

    The last I heard, the NSA, get this, REFUSED to tell Congress about Echelon, citing attorney-client privilege. And we have heard NOTHING more.

    I don't know about you, but this scares the hell out of me. Something is going on, folks. Something bad. We need to keep digging. *Write* your Congresscritter and ask him/her what the status is of the Echelon inquiry. Don't let it fade from their memories.

    Don't let it fade from yours.

  • by jetson123 ( 13128 ) on Tuesday August 31, 1999 @11:28AM (#1714592)
    Export controls are pretty clearly ineffective for keeping strong cryptography out of the hands of terrorists or criminals. That tells us that at the heart of the debate has to be something different.

    I think it's pretty clear that the reason why the administration and the three letter agencies are fighting so hard against easing export controls is because they don't want strong cryptography become part of the communications infrastructure.

    As soon as export controls are lifted, even just to "friendly" countries, most phone systems and communications standards and systems will incorporate strong cryptography, and routine monitoring of communications (for law enforcement, corporate intelligence, etc.) would become prohibitively expensive. Widespread use of strong cryptography would bring us back to the old days where wiretapping, bugging, etc., required specific targets and physical access.

    This issue won't get resolved until the real underlying issues are recognized widely and the subject gets discussed openly.

  • by Sun Tzu ( 41522 ) on Tuesday August 31, 1999 @07:05AM (#1714593) Homepage Journal
    "...I think that the government could easily throw enough computing resources to crack *any* imaginable encryption in a surprisingly short time."

    heh. You might want to do the math on that. Forget RSA for a moment, as the keylength|security ratio is a special case, and consider a conventional private key system. A 128-bit key has 340282 decillion possibilities. That's 340282000000000000000000000000000000000 if you like digits, or 3.4*10^38. Get out your calculator and see how fast and large a cluster of computers it would take to crack one of those in a year. Then, consider that you'll need 3.4*10^38 times as many such computers to crack a 256-bit key in a year.

    Disclaimer: ...uh, you might want to check my math on that! ;)

If you aren't rich you should always look useful. -- Louis-Ferdinand Celine

Working...