-----BEGIN PGP SIGNED MESSAGE----- There has been much discussion recently concerning how to fix certain flaws, or block various amendments in encryption legislation being shepherded through Congress. A far more fundamental problem with these legislative efforts from the beginning was that they involved an implicit concession to the idea that a U.S. citizen's freedom to privately exchange information in whatever coding scheme he or she might choose required some kind of government affirmation or ratification as validation. Once one seeks for the government's deigning to "affirm the rights of United States persons to use and sell encryption", it can (and does) then easily proceed to attach conditions and caveats to these "affirmed" rights. In the process the surveillance hawks within the government have managed, with hardly any struggle, to advance the appearance of legitimacy for their claims of authority to regulate this form of expression. Now comes an expectation that the nature of these "affirmed rights" should be tailored to address "the concerns of national security and the federal law enforcement community." This same community has on occasion complained about how their efforts to fight organized crime and terrorism are being thwarted by not having the modern newspeak disguised equivalent of "Writs of Assistance" (and they are arguably making progress toward acquiring just such powers IMO). Very few politicians are willing to commit the heresy of clearly and staunchly asserting that the information coding methods used by citizens are under no obligation to pass any litmus test, or to be subject to any kind of prior approval or restraint determined by criteria of the law enforcement establishment or anyone else. If the Feds lament that this will make their job harder, too bad. In the words of Orson Welles: "Only in a police state is the job of a policeman easy." When these various legislative efforts attempted to reach beyond the issues of export restrictions to address those of domestic use, they became a doubtful and dangerous fix to something that wasn't broke in the first place. If the Government is intent on "abridging the freedom" to use strong encryption domestically, a legislative affirmation of these rights is feeble comfort at best. If I'm seeking to protect my possessions, I don't ask a thief to affirm my property rights. Of course, even the export question is really about the aims of the state's surveillance constituency to obstruct the wide deployment of strong encryption domestically, and its interoperability on the internet as a whole. Challenging the derisible bogosity of the "preventing the Evil Ones from acquiring this technology" rationale that is invoked to justify these restrictions was not something legislation was likely to do with any great vigor. Legislation to "relax" these restrictions involves lending credence to the dubious assumption that these restrictions had any constitutional validity to begin with. Any bill that would have truly provided for the statutory endorsement of the acceptably uncompromised use of strong encryption never really had much more than a snowball's chance in hell of actually being signed into law given the current political balance of power, did it? Far more likely, was that it could be corrupted and hijacked as a vehicle to further the very type of restrictions it was purportedly intended to relieve. A collateral consequence is an increased arrogance and presumption among lawmakers that it is their prerogative to act to define for us citizens, what freedoms for domestic use of encryption we should be permitted. The growing gallery of GAK amendments and competing legislative proposals now emerging appears to support this sad scenario. It's starting to look like the prospects for meaningfully improving the situation with encryption legislation in the current political environment were about as promising as the prospects of a neophyte gambler coming out ahead at a crooked casino. I expect any apparent winnings in the end will come with a catch between the lines in the fine print, if they come at all. In any case, whatever is legislatively affirmed can later be legislatively denied. What a King presumes is his to grant, he usually presumes is his to revoke as well. In the end, what will have really been gained by this legislative venture, and what will have been explicitly or implicitly surrendered? As I see it, at this point the issue isn't about counting wins, it's about cutting losses. Freedom of encryption.... Is it SAFE? I don't think so. - -Michael -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBNDVks9GJlWF+GPx9AQGctwQAlE+SKB3/rqG7kz3qdcF2I5eBedz3/DDK f5Vg0Zd8PbhowwT9gWAvyt+ysIZCqRJWMu3vPmWP2iN2ZghLaiGRVv8piXhyUQYl rhv/rOz1Yc1raJbU5Wk+9Qr9zxQqxHZiAk1G0Irye4yDfi72ar8ndD5CqUegBnaF QAoyFGtiJZ4= =2zJO -----END PGP SIGNATURE-----