At 8:49 PM 1/24/96, Alex Strasheim wrote: (quoting me)
The usual issue: That if a foreign-originated product even appears to be a standard (so far, none have been), and includes strong crypto, then the NSA and other agencies will simply change the rules. Thus, if extremely strong crypto from "Netscape-Zurich" starts to have a significant market presense in the U.S., then some law will be passed to restrict it.
But what would they restrict? The use of strong crypto between two domestic points, or strong crypto where one end is within the US and the other without? We already have the former -- wouldn't it be hard for them to take it away? Especially if the software already has a large installed base, which is your premise?
Specifically, I believe--though obviously cannot prove, given the nature of time--that a cryptographically strong version of Netscape developed outside the borders of the U.S. would not be freely importable into the U.S. I don't know what form such a law would take, to answer the point raised in another post by Peter Junger. Nor am I saying either State or NSA passes the laws...the ITARs have worked largely because they have never been challenged; if they were to be successfully challenged and stricken, as even some folks inside the NSA think is likely if tested in a proper case, then a Four Horseman-scared Congress will likely step in with some restrictions.
I'm not denying that there are people in the NSA who would want to react that way, but I don't think they'd be able to pull it off.
It is true that the National Security establishment has a lot of power and influence here. But there are other groups with power as well, and the security types don't have the ability to do whatever they want without regard to the opinions and interests of those other groups.
And now here's where I will speculate openly, although my speculation is informed by having followed these debates (and even contributing to them) for many years. You have to ask yourself this question: "Why are there no cryptographically strong products--finished products, not specific ciphers or chunks of code--developed in Europe and freely imported into the U.S.?" More specifically, given that the situation with crypto exports being limited (the so-called $60 billion a year problem...even if inflated, still a lot of money) has been known about for a long time, and given that Europe, and to a lesser extent Japan, India, etc., has a strong software infrastructure, you have to ask why "Netscape-Zurich" is not now being imported into the U.S., as a core module that then (for example) the American developers could add additional stuff to. Or why Lotus Notes-Tel Aviv is not being imported, with at least an 80-bit work factor. Or why Digicash is not taking the relatively trivial step of offering extremely strong ciphers (maybe something like Haval?) and blitzing the U.S. market? ("Only Digicash is offering _all_ of our customers the same level of communications security.") (I'll get to some of the practical issues, that the culture of Europe is not quite as conducive as the culture of the U.S. to startups, such as Netscape, Spry, Intuit, etc., but I don't think this gets at the main point of why strong crypt is not being _imported_ into the U.S.) If the business losses are anything really close to $60 billion a year, then companies wishing to have strong crypto should be *screaming* for Europe-developed products to be brought back in to the U.S. There are of course two components to the alleged $60 B a year losses, broadly speaking: * the losses of companies not in the crypt tools business who are losing out because the crypto they are allowed to export weakens their product's attractiveness. * the losses of crypto tool makers who are losing out because their products are not attractive to non-U.S. buyers (Does anyone else out there see a disconnect in the logic here? If Company A is losing business to a non-U.S. Company B, then why is whatever Company B is providing (such as stronger crypto) not being imported into the U.S. For example, if Netscape is losing out to "CERNScape," the hypothetical browser company out of the CERN WWW groups, then why is CERNScape not selling here? In fact, where _are_ the products that are winning out over the crippled American products?) (Understand that I'm not claiming there are no losses, that the $60 B a year figure is not accurate (though I think it inflated a bit), I'm just trying to figure out what's really going on here.) Let's review some points that may be relevant to why "offshore development" has not become a reality, even though one might think it would (given the $60 B figure...that pays for an awful lot of overseas programmers!). First, the "crypto hooks" point we discuss so often. Merely having hooks that link to offshore crypto is a problem, as the ITARs make clear. Thus, Lotus cannot simply say to its non-U.S. customers, "We are shipping a version overseas that contains only 40-bit crypto; you are advised to download 80-bit crypto from http://defeat-itars.lotus-geneva...." I don't know precisely how the NSA and State would react, and what law would be cited (beyond a reading of the ITARs), but pretty clearly this would not fly in the current climate. Lotus might get visits from the NSA, might be threatened with conspiracy to violate the Munitions Act charges, might have its shipments seized, etc. Second, folks at RSADSI told me several years ago that it even violates the ITARs to send cryptographic knowledge out of the country (especially, in this context, with the intention of the folks with the knowledge being the "Geneva" operation of RSADSI, for example). [Note: This is really where all the stuff about exporting code comes from, and why the debate about exporting the RSA-in-Perl t-shirt is not really hitting the main point. The NSA and State have no real concern about copies of Schneier's book going out, given that they know they can't stop it anyway and the stuff in it has already been published worldwide. No, their real concern is ensuring that Lotus does not skirt the whole crypto exports issue by sending a team to an overseas location to develop a core module _there_. Before someone like Duncan protests that this strategy is ultimately--and maybe even soon--doomed to fail, for the many reasons we discuss often, I agree. But for the nonce, NSA and State are trying to fight a holding action, and keeping U.S. companies from distributing strong crypto is currently within their powers in a way that domestic control of crypto is not.] Third, even _interoperability_ is disliked by the NSA. Thus, if Lotus Notes says that it will support an open standard such that its package can communicate easily with Europe-developed crypto modules, the NSA will consider this to be a means of skirting the ITARs. (This was actually the main strength of PGP, as I saw it, that a "standard" could be supported on many platforms, and once the program was proliferated to many countries, all could interoperate. Note that there are very few other such interoperable crypto programs---Lotus Notes talks to other Lotus Notes sites (a chokepoint in controlling distribution), MicrosoftMail and other products talk to other MS products, RSADSI's own standalone crypto program, Mailsafe, talks to other Mailsafe users (again, a chokepoint for distribution), and so on. [Side note: this situation is changing as standards are adopted, as the Web takes on a more prominent role. But I believe it to still be true that strong crypto in the U.S. cannot easily talk to strong crypto in Europe and Asian, except via things like PGP. If I'm wrong, I'd appreciate hearing about some examples.] Fourth, bizarre as it may sound, _imported_ strong crypto may face the same restrictions if attempts are made to _export_ it! Even if the code is unchanged. (The only justification for this position is that the U.S. is trying to create a chokepoint for control...there is no logical reason for a product imported from Israel to then not be allowed for export back to Israel, except that NSA and State hope to interfere with markets and thus have more control over things.) The effect of this restriction is that companies planning to import crypto from, say, Switzerland, and integrate it into their products will still face the ITARs when they try to export the product. And even having _two_ versions, one developed in the U.S. and one developed in Switzerland, will then run into the issues already cited: skirting the law by having hooks, (maybe) engaging in a conspiracy to export cryptographic talent for the purposes of skirting the ITARs, and having interoperable versions. Fifth, there are cryptographically-competent companies and programmers in Europe. Companies such as Crypto AG, companies in Israel, programmers in the U.K., Slovenia, Romania, and all over. (Many on this list, in fact.) And programmers and very competent crypto folks in Australia, New Zealand, etc. Given the relatively small teams that built capable browsers, and given the capable programmers, and given the (alleged) huge losses American companies are suffering for lack of secure products, why are there no Europe-developed browsers with strong crypto? I promised conspiracies. My points above implicitly involve some behind-the-scenes pressuring (and I know this to be the case from first-hand accounts), but here are some more: -- maybe even the European companies have been threatened, perhaps by their own crypto-fearful intelligence agencies (recall the many reports of key escrow talk in Germany, France, Sweden, etc.) -- maybe, as some have claimed, the European crypto companies, such as Zug-based Crypto AG, are actually controlled or influenced by the NSA. (This was a recent thread here, dismissed by the list.censors as "off-topic," but, I think, in actuality a terribly important topic to consider.) -- maybe the Europeans just don't want a piece of the Web browser market, maybe the prospect of a software company reaching a capitalization of $5 billion in less than two years doesn't excite them. (Maybe Clinton didn't inhale.) In a kind of variant of the Fermi Paradox ("Why aren't they here?," referrring to alien visitors), my question is this: "Why aren't we able to solve this pressing problem of not being able to export strong crypto by _importing_ it?" I don't think it's an accident, or laziness on the part of European and Asian companies, that we haven't gotten around the U.S.'s laws about exporting crypto by getting our crypto from competent programmers and companies outside the U.S. Comments? --Tim May Boycott espionage-enabled software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 - 1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."