Martin Minow <minow@apple.com> writes:
Ern Hua
[quoting a news story]
At the Bernstein case oral arguments last September, I distinctly remember the government lawyer stating that the United States does not restrict "financial cryptography." Perhaps he should have qualified his argument somewhat.
This statement bothered me, as I cannot understand how an encryption algorithm can "know" that it is encrypting a financial transaction, rather than some non-financial document that would be export-restricted.
It's highly bogus, I'm sure, but what they seem to be doing is allowing strong encryption for very small messages. (eg SET, and at least one other example I'm aware of) Of course users could manufacture hundreds of bogus small messages to produce one large message. But then they could probably also find multiple examples of low bandwidth subliminal channels in the protocl/algorithms, and if they're willing to use their own software they could use PGP anyway. If it's anything like ITAR it will be decied on a case-by-case basis, and they'll only give you permission if you conform to undisclosed, and continually changing NSA internal policies. Or perhaps it's just if on their whim, it'd be difficult to distinguish. The actual agenda as always is to discourage use of strong crypto both inside and outside the US. Adam -- print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`