David Sternlight writes:
Here's the problem in a nutshell: Everyone who has looked at our systems, from Cliff Stoll on to blue ribbon scientific commissions, has come to the conclusion that our society is vulnerable to willful sabotage from abroad, ranging from information sabotage (hacking electronic financial transactions) to physical sabotage (hacking power grid control computers to cause widespread power failures leading to serious damage to people and things; hacking the phone companies' computers, etc.). Some cases have already been observed. The field has already got a name and lots of publications. It's called "information warfare" and the government is taking it VERY seriously.
Serious studies have shown that the kinds of protections to make the systems we depend on robust against determined and malicious attackers (say a terrorist government, or one bent on doing a lot of damage in retaliation for one of our policies they don't like), have costs beyond the capability of individual private sector actors.
In such a case, where public benefits from government action greatly exceed public (taxpayer) costs, and the private sector cannot (or will not) act unaided, the classical basis for government action in the interests of the citizenry exists. It's the economist's "lighthouse" argument.
The motivation has nothing to do with privacy, government snooping, or any of the other things some get so excited about, though the solutions certainly have side effects in those domains. The goal should be to minimize the deleterious side-effects, not to throw out the baby with the bath water.
I for one reject your premise and your conclusions. There is no indication that government is capable of addressing this "problem" in a useful way. In fact, I argue that the situation is at least partially of government construction. The government's hindrance of crypto technology has undoubtedly slowed down and in many cases entirely prevented the application of current technology to protect the very systems the government now purports to be concerned about. (This is not conjecture or speculation; it is fact. I personally have witnessed -- and, in some cases, been part of -- the many hundreds of hours of productivity lost to producing and distributing security software in ways that protect the company from ITAR violations, or trying to formulate adequate solutions for the company's non-US customers.) My message to a government concerned about the dangers of "information warfare" (and its apologists): get out of the way and let industry work on security. Then you can choose from the products offered for your protection or develop your own. But don't sit there and prevent or help prevent deployment of security technology while decrying the lack of security. I don't claim that the current security deficiencies are entirely due to ITAR restrictions but it is certainly a significant factor, and there is still zero evidence that the government is competent to help. Let them first fix their own problems (e.g. the alleged 250,000 DoD computer breakins), *then* come help us in the private sector. -- Jeff