The US, French and UK government policies on crypto control are stupid. The OECD has a group of so-called experts who are likely to reach the same conclusion about how governements "must" have access to the content of criminal communications. For a commented version of a leaked draft the OECD crypto guidelines, see my WWW site. Recently I got some email from someone at the OECD who is on the secretariat working on this. The didn't seem to mind me publishing the draft and they seemed to appreciate my comments. These people seem to be in their own government circle - but if you can get through to them, at least some of them will listen. They are likely to be intelligent, concerned people, but due to their lack of wide perspective (something they really should be working harder on, for sure) they may come up with some totally unrealistic policies. In fact, most of the draft seems to be really good - it is only the last bit on law-enforcement access which is crook and this seems to be at odds with the rest of the draft. It is no good complaining about them sitting in their bunker if we won't crawl out of ours. If you have some constructive comments on the draft, let me know and I will put you in touch with the OECD secretariat. - Robin

Date: Thu, 5 Dec 1996 08:00:32 -0500 From: C Matthew Curtin <cmcurtin@research.megasoft.com> To: cypherpunks@toad.com Subject: Encryption policy challenged

http://www.news.com/News/Item/0,4,5909,00.html?dtn.head

"The Business Software Alliance, a powerful Washington trade organization, warned the White House that its encryption policy will fail if the government does not turn to the industry for guidance."

blah blah blah ...

Interesting how these polite requests from the SBA, et al, are going for such ridiculously low goals. Being able to export 56-bit symmetric cipher products... Why in the world go for such a low number when that is the absolute *best* that you can possibly get? And with such a small difference between 56 and 40 bits, there isn't really any room to haggle.

Duh.

-- Matt Curtin cmcurtin@research.megasoft.com Megasoft, Inc Chief Scientist http://www.research.megasoft.com/people/cmcurtin/ I speak only for myself. Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet

. Robin Whittle . . http://www.ozemail.com.au/~firstpr firstpr@ozemail.com.au . . 11 Miller St. Heidelberg Heights 3081 Melbourne Australia . . Ph +61-3-9459-2889 Fax +61-3-9458-1736 . . Consumer advocacy in telecommunications, especially privacy . . . . First Principles - Research and expression - music, . . music industry, telecommunications . . human factors in technology adoption. . . . Real World Interfaces - Hardware and software, especially . . for music .