Rumors of Liberalized US Crypto Policy 72
GoBears writes "A "high-placed" AC within the federal government leaked the news. The Merc says: Exporters of the strongest encryption products, which generally have keys of 128 bits or more, will no longer need to license each shipment. Instead, they will in most instances only need to have a one-time technical review of the product. " At least its a step in the right direction. Of course,
the real end is no restrictions on any kind of software, but we can dream, right?
Re:The beauty of vague government regulations (Score:1)
More Libertarian than Liberal (Score:2)
A Liberal move would be more along the lines of "A PGP install on every desktop in America!"
Re:Don't celebrate yet... (Score:1)
BBC News on this: (Score:1)
Silly Old Laws (Score:1)
Aside from the political motivation of U.S. laws, classifying software as munitions seems like one of those fortunes that read "In (your-favorite-us-state-here) it is not allowed to ride a white male horse after 5 p.m..
Does those fortune laws actually still exist ?
Re:DES software implementations ARE certifiable (Score:1)
jsm
Re:Technical review or backdoor request? (Score:1)
I fear you are right about the gov't making sure they can get in if need be... but, alas, the last several years have shown that we don't have much effect on what the gov't does in this area, so at this point, we may as well sit back and wait for reports to start trickling in about what the 'technical reviews' actual do require of a product.
"Lets shut up the companies." (Score:2)
Like has been noted, this is a concession to the high tech industry, because they have money and have been up their playing the Washington game. It is evidence that the current regime is willing to heed to corruption from sources other than its own departments of love, but not much more than that.
Government by balanced corruption. How about it?
Does this mean that efforts like GPG will be able to accept American developers? Does it mean that we will no longer need to have two versions of every browser? And does this mean that Linus can start including crypographic features in the kernel?
As long as the American regime is still pushing crytography as something that will let evil terrophiles reign free, I wouldn't hold my breath.
-
bad sign (Score:1)
if this means, that they now have a new toy which breaks 128-bit keys... i'd like to left to your imagination...
Re:What ever happened to PGP? (Score:1)
No, they're not. The 1024 or 2047 bit RSA key is only used once, to set up a 128 bit key to do the actual message encryption (ref ftp://ftp.pgpi.org/pub/pgp/6.0/docs/IntroToCrypto. pdf, bottom of page 33). You don't bother trying to crack the RSA key, you go after the IDEA key. The disadvantage is that you have a different IDEA key for each message.
...phil
Re:More Libertarian than Liberal (Score:2)
Look at the track record. (Score:1)
This is the administration of "I did not have sexual relations with that woman." This is the administration of "I will have the most ethical administration in history...".
This is the administration which has kept Louis Freeh in charge of the FBI. In case you don't remember Louis Freeh has opposed encryption on the grounds of "We need a fouth amdendment that works into the 21st century."
Have no doubt that they'll do nothing of any importance to strengthen crypto. If they do weaken the restrictions it will be meaningless.
LK
It's official, from Yahoo: (Score:1)
Don't celebrate yet... (Score:2)
The G4 is officially classed as 'munitions', and if the US has any pretentions at all towards an electronic economy, it's got to do this. I don't imagine it was done with any zeal on the part of the government.
Coolness (Score:1)
But RSA is still limited to 512 bits (Score:1)
-russ
Technical review or backdoor request? (Score:3)
Open Products? (Score:2)
Please, explain more, as I have never dealt with export controls before, but it's EXTREMELY interesting..
What ever happened to PGP? (Score:1)
Competition drove it down? (Score:1)
Re:preinstalls, chilling effect (Score:1)
Damn right. I'd use encryption on all my e-mail, IF the process of encrypting and decrypting the e-mail was transparent. GPG/PGP/Whatever. I feel that if this process was totally simple, everyone would use it. Heck, even Microsoft would be forced to add it to Outlook Express, although with the encryption broken badly.
---
Which third parties? (Score:1)
Which third parties, will you in the US now have to give a copy of our private key to some thrid party, so that they can decrypt messages whenever they want to?
It seems to me that if this is so, then it would be a step in the WRONG direction.
However, I could be wrong, I would like to wait and see the results.
For now I will just be glad that I live in Canada, and have no export restrictions in the first place.
>~~~~~~~~~~~~~~~~
It's meaningless (Score:1)
straw man (Score:1)
If we HAVE to have any government intervention at all, the least they could do is be consistent. Nevertheless, it IS a tiny step in the right direction.
JL Culp
Re:More Libertarian than Liberal (Score:1)
JL Culp
Chairman, Libertarian Party of Sumner County
http://sumnerlp.org
Re:"Technical review" (Score:2)
Also, the technical review lets them see exactly what the non-government sector has, and to keep track of how far ahead of the envelope the NSA is. The US encryption law is a lousy thing, but I would not waste energy on constructing a conspiracy theory around the technical review. This reminds me too much of the "back door" into DES which turned out not to be there. (Everyone thought that the NSA was being cagey about the reasons for the form of the DES s-boxes in order to protect a bank door; in fact they were not giving details because DES was optimised against a kind of cryptanalysis which wasn't in the public domain).
On a related point, I think there's an inconsistency in this post. If the NSA can spot "back doors" in commonly available packages, and if that were the reason they wanted to check new packages, then it would not be true that strong encryption was out of the bag.
jsm
Re:Coolness (Score:1)
---
Worst-case scenario. (Score:2)
The timing of the announcement is fortuitous for Vice President Al Gore, who is scheduled to be in Los Altos on Friday to raise funds for his presidential bid. A year ago, Gore promised to redraft the administration's encryption policy and is widely credited with spearheading the effort.
Hmmmm. Call me paranoid and cynical, but here is what I see:
1. Al Gore, after "inventing" the Internet, declares he was the one to free crypto from its shackles. Much rejoicing ensues. He is able to use this pending legislation to rake in the Corporate money into his "war chest" and makes his election as "Top Dog of the USA" that much easier.
2. Meanwhile, a draft bill is presented to Congress to authorize Crypto export. Conveniently, some representative proposes this (controversial) bill to be examined later on -- say, right after the 2000 presidential election.
3. A short while after the election, some idiot declares that this law cannot be accepted and has to be repelled. Which is what happens after much discussion behind closed doors with the US intelligence community (read: CIA/FBI/NSA).
4. Al Gore, from behind the Great Seal of the President of the United States, puts the blame squarely on Congress. Why should he care anyway? The guy has got the job he wanted.
Remember: this is the same administration that prosecuted Phil Zimmermann for PGP, let Congress pass the CDA and offered the NSA Clipper chip as the ultimate in personal security and encryption.
Just my US$0.02...
Re:"technical review" clause makes it worthless (Score:1)
Several Possibilities (Score:1)
There's also the possibility that the Administration is trying to help Gore.
I'm of the opinion, however, that they might just be bowing to the inevitable. This action might have been sparked, in no small part, by the recent furor over the extra key in Windows CSP system. Since this extra key now enables ANYONE to install their own encryption in Windows (i.e. export control for Windows is now dead as a doornail -- a huge, huge deal), they might just be reacting (finally) to the writing on the wall.
Kythe
(Remove "x"'s from
Re:More Libertarian than Liberal (Score:2)
Btw just on a personal note, I was reading through the libertarian faq after checkout out your site. I registered independent, but tend to lean towards libertarianism. But I just wanted to know, how in the world do you expect the country to survive without any tax whatsoever. I've always thought income tax to be bad, but without some replacement, we would have absolutly no support for an infrustructure. Aka Military, interstate roads, etc. We all know how badly the original Articles of Confederacy lead us in being a national power.
Re:preinstalls, chilling effect (Score:1)
/.
Re:Voice of Reason (Score:2)
> opposed to software implementations because they did not believe
> that any software encryption solution was secure.
True. And correct - even today, if you can fab DES chips and place them into DES gadgets, ideally in tamper-resistant packaging, you can be more confident of the security of your implementation than a guy with a DES-in-bits-of-magnetic-flux computer. It's a lot harder to replace a chip than it is to install a trojan on a target machine :)
> Every intervention of the NSA of which I am aware has had the effect of
> making a product more secure, not less.
Amen. The strengthening of DES against differential attacks is probably just the best--known example. Just because NSA's hat isn't lily-white doesn't mean it's black. At the time of the strengthening, a strong DES was a Very Good Thing for national security.
Truth be known - and I'm still not saying that I'd trust NSA as far as I could throw it - I'd trust them before I'd trust the FBI. NSA's actions are consistent with the use of SIGINT for national security. Compare the number of times NSA has played the "drug dealers, pedophiles, and terrorists" card with the number of times we've heard it coming from Ms. Reno and Mr. Freeh.
IMHO part of this is likely cultural - NSA knows it's got better things to do with its time than invade your privacy. Any harm done to your privacy from NSA is simply collateral damage as it carries out its mission. Law enforcement, presumably since it comes from a culture in which "chasing down bad guys" is more important than "leaving the good guys alone", has yet to figure this out.
Debian and preinstalled GPG (Score:2)
Daniel
Re:But RSA is still limited to 512 bits (Score:1)
El Gamal, IIRC, may be a different story.
Kythe
(Remove "x"'s from
Voice of Reason (Score:1)
Be very cautious my friends! Remember encryption technology is always considered unbreakable right up until the moment it is broken.
$nyper
Re:Competition drove it down? (Score:1)
Maybe I'm just a little to jaded from my proximity to the beltway, but so are all the people making these decisions.
Re:Coolness (Score:1)
Re:"Technical review" (Score:4)
When I was at Apple, I heard a bit about the "technical review" that the NSA did on AOCE. The NSA apparently insisted that a function be inserted into the key generation. My understanding is that the function reduced the keyspace from 2^64 to about 2^40, though the keys remained 64 bits in length. The function also avoided classes of keys known to be weak. I have to believe that there are more than 2^40 strong keys in that space.
So, while in some sense strengthening the product - by avoiding weak keys - they also, in my opinion, enabled their ability to decrypt communication.
Now, I never knew what the function was - I really don't want to know - but I doubt that it would take more than a few weeks for an attacker with MacNosy to find the function in AOCE.
Do you think that other "technical reviews" are significantly different? Lets hear from someone directly involved in one.
What about us?? (Score:1)
Why Export-Restrictions if i can get all i want? (Score:1)
I need 128Bit because the Bank uses also 128Bit Encryption for Internetbased Transactions.
My PGPKey is 128Bit IDEA and 4096Bit RSA so what?
And the NSA + Echelon is well known here thats the Reason all Friends i know use at least 2048 Bits or more. But how to be sure that the NSA don't have a Supercomputer to break such Keys too?
Theoreticaly a QuantumComputer can break such Keys in noTime its only Mathematicaly.
The Best Encryptionmethod is OneTimePad but also has some Problems because the Key is as large as the Encrypted File but is virtualy unbreakable.
I Coded a such System for me self with the Cosmic Noise of a Diode as Randomsource, its perfect but Symetric so i still need a RSA or Diffie Envelope for the Key and thats the only weak Point.
But Breaking the Encrypted File without the Key is impossible.
You think they don't review products now? (Score:2)
There's no reason to believe they'd be any more likely to coerce companies into including backdoors than they are now. The real news is that they're proposing to allow companies to go through the process less frequently. This means the companies waste less money and aren't as late in getting their products to market.
Re:Voice of Reason (Score:1)
It's more likly that the elected officials are listening less to the IC/LE communities and more towards the big contributors (high tech firms and entrpenuers (sp?)) that are playing more of a role in the expensive compaigns for congress and president. You throw enough money around in this town and you'd be surprised how many "converts" appear at your door step.
The beauty of vague government regulations (Score:1)
This is the "chilling effect" I was talking about... in action, right here on Slashdot!
GPG (Score:1)
HPUX v9.x and v10.x with HPPA CPU,
IRIX v6.3 with MIPS R10000 CPU,
OSF1 V4.0 with Alpha CPU,
OS/2 version 2.
SCO UnixWare/7.1.0.
SunOS, Solaris on Sparc and x86,
USL Unixware v1.1.2,
Windows 95 and WNT with x86 CPUs.
(quoted from the above link)
To me, this executive order looks like a chance to score some political points now that they can no longer count on keeping a legal easily available encryption product out of the rest of the world.
Re: (Score:1)
Re:No export controlls? (Score:2)
Maybe, but there's no reason why that same governement in North Korea can't buy or construct similar software without having to steal it from the US - given enough time and resources, of course.
That's the whole problem with US encryption export restrictions; anything that can be thought of or manufactured in the US of A, can also be thought of or manufactured anywhere else in the world (well, technically speaking anyway). While the US governement was vigilantly trying to protect its technology, the rest of the world was simply playing catch-up. Now that non-US companies are freely selling and exporting encryption products of similar or identical strength as their American counterparts to anywhere in the world, US companies are finding themselves crippled by the very laws that were meant to protect them.
Re:Doesn't help Linux at all (Score:1)
For end users though some company could go through the effort of passing the encryption technology through the government review process. Say, Red Hat for instance, and make those binaries available to anybody.
I don't think this loophole will work personally because I think the review results will be: "Uhh, this encryption doesn't suck, make it suck or we'll tie you up in the review process for eternity". Of course, maybe we'd be pleasantly suprised.
DES software implementations ARE certifiable (Score:1)
This is not correct. In 1993 NIST allowed software implementations of DES to be certified. [Applied Cryptography 2nd ed, pp 269-270. Author Bruce Schneier]
Why this move might be really BAD (Score:1)
This decision only applies to binaries. (i.e. no source can be exported). So, Microsoft and IBM get their way. They can get the US to sign off on a product and ship them across international lines. Microsoft, IBM, Sun, and all other closed source firms become content with the state. They are no longer on our side.
Worse, they actually have an advantage at this point. They may fight to keep source from being exportable. That way, their closed source binaries have a better chance of going out. This already happened once when the US gave an exception to banks. Now banks don't care about crypto and no longer lobby Congress.
I mean, look at Red Hat now. They are up shits creek because they are going to be told they cannot ship Linux outside of the US. Worse, the US may make them shut down their international offices in Europe and Japan that they just set up because they export crypto source to those sites.
I think this is going to hurt the open source movement which is tied in many ways to the US. And if people really look at what is going on (and the US begins to enforce the law), all Linux operations will need to move off shore or risk not being able to compete internationally.
Reno comments on 64-bit crypto (Score:1)
Re:But RSA is still limited to 512 bits (Score:1)
We often tend to forget encryption is just one step of the security process, it's perfectly possible to have a completely good encryption system and yet not achieve security because of a weak link in the process.
However I think easing the restriction will be nice for doing business online. I confess I'm less worried about the NSA or some other governemantal agency (from the US or another country) spying on communications than of some random criminal spying on comunications and using the data for some theft or malicious purpose.
I think better encryption will serve us against the later.
Janus
Re:What about us?? (Score:1)
No export controlls? (Score:2)
export controlls on software? If so, I hear there's a government
in North Korea itching to buy some atomic bomb simulation
software for their weapons research programme.
We may justifiably complain when our governments are over-zealous,
but they don't make these rules purely to screw over Joe Citizen.
Simon Hibbs
Re:Voice of Reason (Score:3)
I don't think the standard could have been published at all without giving away the algorithm; I don't see how releasing DES in "non-algorithm form" could have been done. This "NSA wanted to sit on DES" thing is acquiring the status of an urban myth.
I'm quite prepared to believe that the NSA are black hats, and that they have all sorts of back doors into things. But their public behaviour has not given much support to this view. Every intervention of the NSA of which I am aware has had the effect of making a product more secure, not less.
Which seems right to me. Although encryption can be used by terrorists etc, it would be a poor intelligence organisation indeed which depended on broken signals for its information. The major use of encryption is commercial. And the damage which might be caused by not being able to intercept an email is absolutely nothing compared to the damage to the USA which might be caused by allowing the Bank of America and Citicorp to use an insecure encryption system for their transactions.
I wouldn't rule conspiracy theories out entirely, but I am currently not convinced.
jsm
Re:"Technical review" (Score:1)
Hamish
Re:Why Export-Restrictions if i can get all i want (Score:1)
So you might as well put your plaintext in your RSA or Diffie-Helmann envelope and send that, because it's the same length as your pad.
Encryption is only as strong as its weakest point.
Hamish