What was the quid pro quo for Wassenaar countries?
I spoke some hours ago with Tatu Ylonen in Finland. His company has confirmation from the Finnish government that the government agreed to a proposal to limit mass-market crypto exports to 56 bits. Perhaps he or someone else from SSH can post more details. So *something* really did happen at the Wassenaar meeting, but we don't know two important things: * What exactly did they agree to? In particular, is public domain -- as opposed to mass market -- crypto controlled? * And what did NSA offer, to convince many countries to directly contradict policies that they had arrived at during year-long public consultations with their own citizens? A carrot? A stick? Blackmail from wiretaps? Access to NSA's wiretap network in return for cooperation? What was the strong motivation for so many countries to go against their own economic and self-determination interests? It was pointed out to me that the Wassenaar Arrangement has no legal effect. Each country has to go back and amend its own local controls. However, I personally saw cases more than a year ago where both Japan and Belgium were restricting bona fide civilian crypto transactions "because Wassenaar requires us to" when in fact it didn't. This development will give these countries much more "cover" to implement draconian policies, under secret arm-twisting from the US. We will have to fight this one in the trenches, in each country. First step is to raise a hue and cry and put each government on the defensive (as they well ought to be). Then let's find out what "deal" they made with the devil. Finally let's see whether, as Perry says, civil rights and political processes work, and the will of the people will actually end up codified in the laws of each country. Or not. John PS: I particularly like Ambassador Aaron's characterization that this new development will help US industry, by censoring foreign crypto publishers in the same way the US government censors US publishers. A giant step forward for freedom and commerce everywhere, eh Mr. Aaron? What an incredibly talented liar, I mean diplomat, he is.
On Fri, 4 Dec 1998, John Gilmore wrote:
We will have to fight this one in the trenches, in each country. First step is to raise a hue and cry and put each government on the defensive (as they well ought to be).
Ultimately, It won't make a difference, but sure, why not. Crypto regs can go one way, and one way only: more restrictive. See some 5 years of my postings on this topic. Lobbying and litigation can only delay the arrival of a total ban on general purpose strong crypto, not prevent it. Note that I am not at all claiming that either lobbying or litigation is useless. By all means, keep it up. It just won't change the fact that the ratchet turns only into one direction. Until the ratchet breaks, but that is another matter entirely and tends to be acompanied by lots of dead bodies.
Then let's find out what "deal" they made with the devil.
I doubt we will find out anytime soon. Favors? Blackmail? Most likely
all of the above. But it doesn't matter why the representative of
country A or B voted for export controls. We already know that most, if
not all, governments would fall all over themselves banning crypto
outright were they exposed to some of the traffic this list has seen over
the years.
What does surpise me, however, is why some people (not John) tend act
surprised when the ratchet tightens yet another notch. I can't help but
wonder if they are equally surprised when the sun goes up in the morning
or tide moves in. Weird.
-- Lucky Green
(cryptography@c2.net removed from distribution list) At 10:17 PM -0800 12/4/98, Lucky Green wrote:
Ultimately, It won't make a difference, but sure, why not. Crypto regs can go one way, and one way only: more restrictive. See some 5 years of my postings on this topic. Lobbying and litigation can only delay the arrival of a total ban on general purpose strong crypto, not prevent it. Note that I am not at all claiming that either lobbying or litigation is useless. By all means, keep it up. It just won't change the fact that the ratchet turns only into one direction. Until the ratchet breaks, but that is another matter entirely and tends to be acompanied by lots of dead bodies.
Indeed. What more is there to say on this point? One way only. Even the "do gooders" actually make things worse, by "greasing the skids" for legislative talk and legislative "compromise"...said compromise always being another turn of ratchet. (This applies to many industries. I recently heard T.J. Rodgers, CEO of Cypress Semiconductor, repeat his oft-made point that Silicon Valley and the high tech industry gains _nothing_ by talking to Washington. That as soon as dialog is started with Washington, things get worse. This applies as well to crypto, to gun rights, to everything. Everything Washington touches turns to statist shit.) On another topic, what of the "free export of crypto" nations? Some nations, or folks in some nations, like to talk about how they are actually "more free" than Americans are because they can export strong crypto. Canada comes to mind, as there are a couple of companies we know about using the ostensibly weaker Canadian export controls. (I maintain, and Lucky can be my witness that I expressed this forcefully to some Canadian entrepreneurs very recently, that Canada's relative laxness on crypto arises first, from their ignorance of the issues and second, from the fact that Washington hasn't yet told them how high to jump. I have long believed the U.S. would issue the orders and other countries would turn out to be just as restrictive, if not more restrictive, as they have fewer in-country protections against restrictions on strong crypto. If Canada, Finland, etc. tighten up, can Anguilla be far behind?)
I doubt we will find out anytime soon. Favors? Blackmail? Most likely all of the above.
Or perhaps "strange fruit"? That is, hackers found hanging from a tree.... Or direct deposits to the Swiss bank accounts of Wassenaar delegates? Or just intense lobbying, threats of foreign aid cutoffs, and repeated showings of the "If you only knew what we know" videotape (specially converted to PAL). Nothing very surprising. --Tim May "I swear to tell the truth, the whole truth, just the way the President did." ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments.
Lucky Green said:
Ultimately, It won't make a difference, but sure, why not. Crypto regs can go one way, and one way only: more restrictive.
Lucky's such an optimist! Actually, crypto regs have gone many different directions. The general direction in the US is toward more openness. (I've been watching them longer than Lucky has been.) Authentication used to be licensed. It isn't any more -- though the bastards reserve the right to lie about what is authentication. ATM machines used to require a license. 40-bit crypto used to require a license. Financial institutions used to require licenses. Big companies used to need licenses for intra-company use. DES used to require a license. (Still does, until the incredibly cold warriors move their bowels and produce a new, uh, release of the regs.) Maybe sometime next year I'll be able to say, "Publishing crypto on the net used to require a license but now it doesn't, since the courts started enforcing the Constitution." Whether this happens or not is NOT under the control of the NSA -- I think. On the other hand, crypto regs in other countries tended to start from "unrestricted", so indeed there was no way they could go from there except "more restrictive". But after the first dollop of restriction, they could go either way, as we've seen in various countries. Germany for example seems to be loosening. Canada turned out to be looser than anyone had suspected, and is still trying to be loose despite intense arm-twisting by US wiretappers. Some countries actually seem to care what their citizens think about their crypto laws, unlike the shining example of democracy, the USSA. And when we educate the citizens, they tend to make the right choices. Let's keep trying. John
On Fri, 4 Dec 1998, Tim May wrote:
On another topic, what of the "free export of crypto" nations? Some nations, or folks in some nations, like to talk about how they are actually "more free" than Americans are because they can export strong crypto. Canada comes to mind, as there are a couple of companies we know about using the ostensibly weaker Canadian export controls.
(I maintain, and Lucky can be my witness that I expressed this forcefully to some Canadian entrepreneurs very recently, that Canada's relative laxness on crypto arises first, from their ignorance of the issues and second, from the fact that Washington hasn't yet told them how high to jump. I have long believed the U.S. would issue the orders and other countries would turn out to be just as restrictive, if not more restrictive, as they have fewer in-country protections against restrictions on strong crypto. If Canada, Finland, etc. tighten up, can Anguilla be far behind?)
I believe that there will be free havens for crypto for some time to come.
Crypto is too obscure a topic to be outlawed worldwide anytime soon. So
the Canadian entrepreneurs Tim is referring to and others determined to
ship crypto will be able to do so for many, many years by simply
relocating development to other countries.
Just as there are small countries that don't play ball with FINCEN, there
will be small countries that don't play ball with crypto regs and be that
because that's the countries only significant source of hard cash.
-- Lucky Green
Sprach John Gilmore
* And what did NSA offer, to convince many countries to directly contradict policies that they had arrived at during year-long public consultations with their own citizens?
Call me hopelessly paranoid, but I'm betting that none or nearly none of the governments in the world want unrestricted crypto. Hell, I'm betting that none of the governments in the world are particularly happy that crypto expertise exists outside of secretive government research projects and intelligence agencies. If they could go back to the secret government-only crypto environment from before and during WWII, they'd be ecstatic. Public crypto expertise makes it hard for governments to keep secrets from each other and their people, it makes it (relatively) easy for the public to keep secrets from their government, and in general makes governments REALLY nervous. Sure, they talked with their people and the people were clear that _they_ wanted unrestricted crypto. And so the governments (those few who actually pay attention to their public) made statements and passed laws in support of unrestricted crypto... but their arms were being twisted the whole time, and they were Displeased(tm). If my statements have any bearing in reality, then it wouldn't take very much lobbying at all on the NSA's part to convince the wassenaar countries to change the agreement to restrict or totally ban crypto. This lets the various governments go back to their people and claim that they don't have any choice: wassenaar forces them to restrict crypto... sorry. The fact that most (almost certainly all) countries don't act on treaties until (and if) they have passed implementing legislation is completely lost on the people. After all, a treaty is a treaty, right? It's like a contract between two people, except it's between countries, right? So they've agreed: why do we need laws to implement it? [I know those last three statements are false, but they accurately represent the attitudes of all the people with whom I've discussed the issue of treaty implementation.] More and more, I see that treaties are no longer tools to create agreement among governments, but are tools to allow governments to sidestep the political costs associated with acting against their own people's express desires. For a very long time now, it has _appeared_ that European and North American governments agree with each other far more readily than they agree with their own people. -- Jon Paul Nollmann ne' Darren Senn sinster@balltech.net Unsolicited commercial email will be archived at $1/byte/day. Dis.Org's propensity for casual violence is little different from that of any street gang. Carolyn Meinel
John Gilmore wrote:
PS: I particularly like Ambassador Aaron's characterization that this new development will help US industry, by censoring foreign crypto publishers in the same way the US government censors US publishers. A giant step forward for freedom and commerce everywhere, eh Mr. Aaron? What an incredibly talented liar, I mean diplomat, he is.
I agree. This is something that I found particularly offensive. "Really, we're doing it for your own good!" Feh. -- What is appropriate for the master is not appropriate| Tom Weinstein for the novice. You must understand Tao before | tomw@netscape.com transcending structure. -- The Tao of Programming |
> What an incredibly talented liar, I mean diplomat, he is. Ah, but you forget that the definition of diplomacy is the art of lying in State. --dan
John Gilmore wrote:
PS: I particularly like Ambassador Aaron's characterization that this new development will help US industry, by censoring foreign crypto publishers in the same way the US government censors US publishers. A giant step forward for freedom and commerce everywhere, eh Mr. Aaron? What an incredibly talented liar, I mean diplomat, he is.
A glorious anouncement! The chocolate ration has been raised to 20 grams today, from 24 grams! (for those of you who thought it would never get here)
At 11:28 PM 12/7/98 -0800, David G. Koontz wrote:
John Gilmore wrote:
PS: I particularly like Ambassador Aaron's characterization that this new development will help US industry, by censoring foreign crypto publishers in the same way the US government censors US publishers. A giant step forward for freedom and commerce everywhere, eh Mr. Aaron? What an incredibly talented liar, I mean diplomat, he is.
A glorious anouncement! The chocolate ration has been raised to 20 grams today, from 24 grams!
(for those of you who thought it would never get here)
"The Wassenaar Arrangement" really does sound like the title for a bad Robert Ludlum novel..... But the posting about the Blair Administration taking their anti-key-escrow positions off their official web sites does sound like the History Department's been at it again. I've been going through yet another round of airline security people imposing some new requirement and claiming it's "always been that way" or "been that way for a long time, ever since I started working here." The latest round is wearing hats through the X-Ray machine - they insist you take your hat off, even if you didn't beep, and that it's an "FAA requirement". San Jose started doing this about a year ago, but this is the first time San Francisco has done so, even though they claim otherwise (though I probably haven't worn a hat there since last rainy season.) Most people who wear hats at San Jose airport are Mexicans in cowboy hats, who probably don't care all that much; I'd expect that the first guard at LaGuardia or Kennedy who tries to insist that the Lubavitchers take their hats off in submission to the government will find themselves surrounded by annoyed bearded men talking about religious discrimination lawsuits.... Personally, I wear a hat because it keeps my head from getting cold, now that I no longer have as much OEM insulation on it as I used to, and while I don't have any religious rules requiring me to wear a hat, I _am_ a Quaker, and we have a history of getting uppity about governments insisting that everybody take their hats off in submission to government officials, or address them as "Your Highness", or other things that suggest one child of God is worth less than another. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
participants (8)
-
Bill Stewart -
Dan Geer -
David G. Koontz -
John Gilmore -
Lucky Green -
sinsterļ¼ darkwater.com -
Tim May -
Tom Weinstein