From: jimbell@pacifier.com (Jim Bell)
can't have everything OUR way, the FIRST time around. Washington
I think you misunderstand the situation. The government is in somewhat of a disadvantage by virtue of the fact that there is relatively little pro-censorship and anti-encryption legislation. Absent such legislation,
Here is where I don't agree on the merits ... 1. Pro-censorship agendas does not need much legislative momentum because it does not take much P.R. on a child-molestation-murder incident on some little caucasian girl from a motherhood-and-apple-pie Small Town, U.S.A. to drum up the sentiments to censor. 2. Anti-encryption has been well guarded by the NSA/CIA/FBI/DoD for a long time using the semi-legitimate veil of national security. In fact, in some senses, there ARE legislative support, even if unconstitutional when evaluated in the bright light of day. The problem is that you'll fight for years JUST TO GET A CHANCE to evaluate the law itself. Yes, some of the current legal battles are on their way there, but it's been a LONG time, and every decision/every appeal takes months to years, and it's clear that the NSA is hoping that in 2 years, they can sign up enough pro-key-recovery companies to make the legal battles moot. 2 years is pretty short compared to the time scales on these battles, and the NSA is counting on just that. To me, the time-to-market is just as important as the purity of the products (the proposed legislations).
the status-quo moves in a relatively free fashion, which is why the Internet is mostly unregulated today.
I don't think anyone will be willing to genuinely export encryption (in a real commercial product) while directly flaunting the NSA's implicit/explicit authority on this matter. Corporations are too concerned with the short term bottom line to care about more long term goals like have freedom to export anything it wants. I already know of several instances at various companies where designs were deliberately altered to NOT give the appearance of designing a product with specific encryption/decryption capabilities, even though that is what the product must support, fundamentally speaking. Therefore, I must conclude that the NSA is definitely winning some battles on their 2 year schedule already.
From: Declan McCullagh <declan@well.com>
The question is: Do we want to give up any domestic freedom in exchange for a relaxation of export controls? (Congress is, after all, built on compromises between warring factions.)
My instinct is to say "No." Let the courts strike down ITAR, EAR, and its progeny, while we keep our freedoms domestically.
I really don't think we are disagreeing here. I would not support any restrictions on domestic usage, nor would I support any restrictions on what non-governmental institutions may use. I still believe we should push for all we can get because that is the way the legistlative process works, and that is the game the other side is playing. However, we shouldn't place unrealistic constraints on our supporting legislators such as taking an "all or nothing" attitude. Even if all we can get is 56-bit or 64-bit export legalization, it is a HUGE chip away from the NSA rock because their "2 years free for key recovery" plan is just that much weaker. I would rather see, of course, 128-bit/168-bit be liberalized, because that would essentially mean that everything is liberalized, because the NSA has been playing this "56-bit is too strong" charade, and losing 128-bit/168-bit is essentially losing their argument, unless they want to risk coming to the security committees admitting that they have lied.
From: Lucky Green <shamrock@netcom.com>
Let's let the legislative process (whatever you think of it) take its course. I'll be happy even if they sneak some screwy secret committee on the final bill, as long as we are not subject to that committee or any other governmental body just because we allow ftp of C source code
I think this is a dangerous position to take... make that fatal. The code is already being ftp'ed out of the US. The law would gain you little.
Well, we're not talking about the realities of the massive semi-underground activities. We're talking about the U.S. Government, (which often has poor notions/understandings of reality), corporations (which often must obide by the laws and regulations, however poor, crafted by the U.S. Gov.), and genuine consumer applications (which are significantly driven by the products produced by these corporations).
But the new restrictions/enhanced penalties, which will inevitably be included in any crypto bill that might become law, will set us back severely. Personally, I hope that none of the crypto bills pending gets passed.
Of course, I don't like any of them, especially if there are still secret committees with very real control written into the legislation. If the NSA/FBI can call up Robert Allen to stall a secure phone product line, they already have enough power outside the legal process that they don't need any real committees to help them out. However, NSA will clearly deny having this level of influence to the security committees, and they will most likely accept the NSA's word. Ern -- Ernest Hua, Software Sanitation Engineer/Chief Cut And Paste Officer Chromatic Research, 615 Tasman Drive, Sunnyvale, CA 94089-1707 Phone: 408 752-9375, Fax: 408 752-9301, E-Mail: hua@chromatic.com
participants (1)
-
Ernest Hua