David Sternlight writes:
At 8:04 PM -0700 7/18/96, Jeff Barber wrote:
Now THAT is apples and oranges. The security of, say, IBM's, or the FAA's, or AT&T's domestic computer networks has little to do with crypto export policy.
Big companies like IBM, AT&T, etc. have *international* networks. Hence, the connection to the crypto export policy, which prevents comprehensive security programs from being deployed. As a "senior techinical executive" (oxymoron alert) to Fortune 50 companies, I assume you know that and are simply choosing to ignore it for the sake of your current argument.
There are exceptions to ITAR for this purpose (overseas offices of US companies). In addition, like the argument that we shouldn't jail anyone until all social evils are cured, your argument fails. IBM can secure their domestic network (at least) without having to secure their global network. As for your suggestion that I am special pleading, that's just unsupported defamation. I suppressed nothing--it is you who are omitting the facts I mention just above. Only a fool would accuse another of special pleading when the possibility the accuser doesn't understand the argument, or have all the data exists. If you have any integrity you'll apologize.
Yeah, right. You clearly chose not to address the requirements of international company networks in your argument. You admit that such companies have international networks, and that you knew it. It was obviously relevant and you could have and should have addressed it. The fact that you chose not to speaks to your own lack of integrity. To gain the upper hand in the argument is clearly your supreme objective; any point that doesn't fit the argument is simply not addressed.
Putting the government in charge of fixing security problems is likely to result in an infrastructure optimized for surveillance, as we've seen with other government-sponsored initiatives (Clipper, DigitalTelephony, etc.).
The subject matter of the Commission's inquiry has more to do with authentication than message encryption, and more to do with infrastructure and network security. And as it happens there is no problem getting export licenses for authentication-only software with as secure a key as you like and no escrow. RIPEM/SIG did it years ago. You aren't even on the same page as this issue.
There is more to security than authentication, as I'm sure you also know but are choosing to ignore.
Another attempt to accuse, read minds, and impute motives. We're talking about securing networks such as communications, transportation, and power, against hacker attacks. Authentication is the core, not encryption. A main problem is the spoofer instructing the network to self-destruct. Long-key authentication can address this when coupled with the safeguarding of keys. and some system precautions not related to encryption.
In the last round, you mentioned financial networks. You conveniently left those out here. I argue that these as well as others require encryption. Again, the fact that you fail to exclude any "inconvenient" scenarios in whatever happens to be the matter under discussion destroys your credibility (well, it would have, if you had any amongst the members of this list).
Authentication alone may suffice in some situations but clearly not all.
So what? What part of "more to do with....than" don't you understand? I never said "all"--that's a straw man to try to shift the ground of the discussion rather than attempting a direct refutation.
On the contrary, you are the one who responds to each objection by pointing out that there is at least one situation where the current regulations do not completely rule out solutions. As one who has dealt with security problems in the trenches, I have been involved in numerous attempts to tiptoe through the mine-field of crypto regulations in search of solutions. I would prefer not to have to do so as it's a huge waste of my time, and my (and everyone else's) money and other resources.
Again, you are trying to fight a different battle in the wrong arena. This isn't about your ability to encrypt your traffic. It's about securing the domestic infrastructure against information warfare. I know this is beginning to sound tiresome, but you'd better do your homework.
This isn't a different battle, though; it's all interwoven.
So what? Everything is connected to everything else.
Ouch, David, stop it. Once again, I'm skewered by your rapier wit.
I don't want the government responsible for "securing the domestic infrastructure..." for the same reason that I don't want them telling me where or to whom I can sell crypto.
They haven't any right to, IMO,
Read the Constitution.
I have. News flash for David: not everyone agrees on the meaning of various clauses in the Constitution. Believe it or not, reasonable people hold opinions that differ from the gospel-according-to-Sternlight. The constitution means whatever the Supreme Court says it means and that changes from time to time even though the constitution generally does not.
and besides, I don't trust them to look out for my interests.
At least some of one's interests we might both agree. There's the old joke "I'm from Washington and I'm here to help you."
Unfortunately, you seem to believe them most of the time, and want us to believe them too in this case, while I choose to believe them rarely if ever. As this debate has now deteriorated to the "Sternlight claims defamation, demands apology" point, and the substantive content is quickly approaching zero, I'll try to make this my last post. (List breathes collective sigh of relief.) -- Jeff