On Mon, 7 Oct 1996, Vinnie Moscaritolo wrote:
The following is an example of the asswipe media's attempt to write about encryption.
http://www.sfgate.com/cgi-bin/examiner/article.cgi?year=1996&month=10&day=06&art icle=BUSINESS2814.dtl
Did I miss something? Of the many columns and articles I've read recently, this is one of the best and most concise so far. Compare it to, say, the "Netly News" column jya posted earlier.
At stake in the policy battle are software exports worth millions, Fourth Amendment rights Americans have enjoyed for centuries, and innocent lives that the good guys say might be saved if they're able to keep snooping on the bad guys.
What export controls have to do with keeping an eye on "the bad guys" no one really knows. Unless the intent is control of domestic encryption of course. The only major point that I see missed is the key size limitation of 56 bits and the nature of the agreement itself to extend or rescind export licenses based on a future key recovery plan which satisfies government officials. Fifty-six bits is simply not secure. Abate missed this fundamental point. Furthermore, that the only way for individuals and companies to maintain security for "the bad people(including governments)" is through secure, virtually unbreakable (large key length) encryption. A back door and a relatively pitiful key length limitation provide no real security. Furthermore, the agreement itself for 2 year conditional licenses is curious. There are many obvious questions. What will satisfy the government or is this just a ruse? Are import restrictions the next step? The whole nature of the compromise is very strange indeed and I would be most interested to find out the thinking behind it.
"Wiretapping is the main issue," said Stewart Baker, former general counsel of the National Security Agency, the CIA's code-breaking and eavesdroping cousin.
This seems like a statement that would have come from the other side of the debate.
Exports are the odd piece in this policy puzzle. The U.S. government has no authority to regulate secret codes within U.S. borders. But a law passed after World War II put secret codes in the same category as munitions, products that cannot be exported without a license.
The government has used this export-licensing authority to indirectly control code-making software here. Most high-tech firms are unwilling to sell two sets of encryption products, one full- and the other half-strength, so they have sold weak encryption products everywhere.
While this may seem obvious to those who have watched and studied the issue for years, the layman reading Abate's column gets a distillation of the issue that I have not seen in other popular media. In just two paragraphs, he explains to the unitiated reader the origin and authority behind export controls on encryption as well as their usage by the government to control local creation of encryption -- a point that is almost always missed.
To give investigators the keys to every code might be too much temptation and a threat to civil liberties. To deny investigators the keys may handcuff them in the fight against increasingly sophisticated and deadly forms of crime.
Is this the statement which bothers you? I simply read it as a summary of both sides of the debate not as an opinion statement _______________________________________________________________ Omegaman <mailto:omega@bigeasy.com> PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2 59 0A 01 E3 AF 81 94 63 Send e-mail with "get key" in the "Subject:" field to get a copy of my public key _______________________________________________________________