At 5:55 PM -0700 7/27/96, Deranged Mutant wrote:
On 27 Jul 96 at 19:21, John Young wrote:
The Washington Post, July 27, 1996, p. A22. Speaking in Code on the Internet ... [Editorial]
Some bothersome things about this editorial...
[..]
security of their data. They also see it as a market in which the United States maintains a comfortable lead, one that is threatened if domestic encryption makers can't sell their products elsewhere. The makers argue that foreign encryption software will rush in to fill the gap, doing nothing about the uncrackability problem -- indeed, making it worse. The administration in turn is pursuing a wider
IMO, the US does not have a comfortable lead. It's already falling behind considering some of the stronger crypto programs available (at least as freeware) are made outside the US. Many of the stronger algorithms were invented outside of the US (IDEA for instance).
This, and similar remarks by others, consistently misses the point which I have been making for about a year now, and which Director Freeh finally made explicit in his testimony last week. That is--the government is concerned with mass market software incorporating robust crypto, used overseas, and recognizes that they can't keep niche products off the market, nor stop bad guys from using crypto the government would just as soon they didn't. Since the US has a hammerlock on that mass market, and since few would switch products to let the crypto tail wag the features dog (no slur intended), ITAR follows. Though I've no connection with Freeh, it's interesting that his language is almost word for word the same as what I've been using. Do you suppose some of his staff reads my stuff? Until now we haven't seen such an open public admission of what the government is concerned about--probably because the State Department doesn't like to have an official spokesman admit we're mass monitoring and seining foreign traffic since it is an embarassment to the polite fiction of diplomatic relations (though I'm sure the truth is that every country with the capability does it).
[..]
with wiretapping. Mr. Freeh, testifying at Thursday's hearing in favor of an optional key escrow plan, noted that the point is not to prevent all copies of uncrackable code from going abroad -- that's clearly impossible -- but to prevent such high-level code from becoming the international standard, with architecture and transmission channels all unreadable to world authorities. To software companies and Internet users who
So why should criminals bother with using standards if they are readable by authorities?
See above.
have been clamoring for the right to encrypt as securely as possible, Mr. Freeh and others argue, "the genie is not yet out of the bottle" on "robust," meaning uncrackable, encryption.
Are they going to magically erase all copies of strong software that is already currently available? (Side note: the Pacifica news report on Friday notes that while Freeh gave his testimony, over 100 copies of PGP were downloaded from MIT's site.)
What he's saying is that US-exported copies of the Lotus Lockshens, Microsoft Machayas, and Netscape Niguns of the world still do not contain robust crypto the USG cannot read.
the encryption enthusiasts' desire for free development should take precedence over the tracking of terrorism. At
It's not clear that terrorism can be tracked, even if it's unencrypted. The OK and WTC bombings were apparently not encrypted, and there's some allegations that the authorities had advanced warnings of the latter.
He says it can, and suggests following the banking trail among other things. We know the government has already had good success with this strategy. And one of the objectives is to identify sponsors of terrorism and retaliate against them (cf. Netanyahu).
the very least, Congress should be exceedingly cautious about getting out ahead of administration concerns on controls that, once lifted, are hardly reversible.
The controls haven't done much to prevent free software from being exported. They only control commercial sales of software (and hardware).
Exactly.
Particularly absent in the WaPo-ed is that many do not trust the authorities (in the US and elsewhere)--particularly the FBI, which has a long history of extra-legal surveillance.
So as Netanyahu says at length we need to build in protections against abuses, using both the legislature and the judiciary. David