(president@whitehouse.gov removed from the cc: list for obvious reasons) At 10:09 AM -0800 11/2/96, Bill Frantz wrote:

I don't think either of these exclusions would cover the reference implementation of the SET protocol. I don't think it would cover an electronic commerce application running on a personal computer/workstation either. Therefore I conclude that the ITAR is contributing to the vulnerability of our emerging electronic commerce infrastructure.

Given the reported statistics on the _meager_ number of serious crimes which have been stopped by the use of surveillance and wiretaps (reported in various forms several times in recent months), and given that electronic commerce may be vulnerable to _serious_ disruptions, one has to (again) wonder if the charter of the National _Security_ Agency needs a careful reevaluation. Some years back, the NSA was more explicitly divided into two functions, one function doing SIGINT/COMINT, and the other doing COMSEC and INFOSEC, i.e., working on mechanisms to better secure the nation's communicaitons. At about this time, circa 1988, the NSA's COMSEC folks were _explicitly_ warning that DES was long overdue for replacement and that new measures were urgently needed to secure the nation's communications and financial infrastructure. (The details have faded in my memory, but I believe this was the time the "Commercial COMSEC Endorsement" program was being discussed, with various hardware and software being proposed....don't know how it eventually turned out, faded out, etc.) So where are we today? Almost 10 years later, with huge advances in chip power and density (500 MHz processors, 250,000-gate-equivalent PLDs, etc.), and yet what do we have? Only plain old DES-level cryptography is being encouraged, with various roadblocks placed in front of efforts to deploy stronger crypto. Jeesh. To supposedly wiretap a few terrorists we risk the whole enchilada. Of course, I suspect the real issue is that the NSA understands the implications of strong crypto, anonymous remailers, untraceable digital cash, etc., and is thus taking what steps it thinks it can to limit the spread of these technologies. The wiretap stuff is just a figleaf. --Tim May "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM that the National Security Agency would try to twist their technology." [NYT, 1996-10-02] We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."