Re: Last nail for US crypto export policy?
It is dangerously naive to label this success the ``last nail for US crypto export policy''. Everyone concerned with this issue, from the NSA to the FBI to anyone who wants to use crypto, understands this and accepts it. 40-bit keys are good for protection against casual snooping, and nothing more -- and no one is going to claim that you need supercomputers to crack them. In fact, I assert that the U.S. government is *happy* about these results -- because it's going to push folks towards wanting stronger crypto for export. The only problem, of course, is the terms under which such code can be exported... I'll go further -- in my opinion, the only reason the government doesn't want DES to fall just yet is that alternatives aren't ready. That is, the banks and financial institutions, and for that matter the government agencies, have not converted to 3DES or Clipper or what have you, and can't do so on short notice; the commercial products they need just aren't ready yet. No one wants to risk a loss of confidence in the financial system. Two years from now, though, when some key escrow products are ready, it may be a different story.
Steve Bellovin writes: It is dangerously naive to label this success the ``last nail for US crypto export policy''. Everyone concerned with this issue, from the NSA to the FBI to anyone who wants to use crypto, understands this and accepts it. 40-bit keys are good for protection against casual snooping, and nothing more -- and no one is going to claim that you need supercomputers to crack them. In fact, I assert that the U.S. government is *happy* about these results -- because it's going to push folks towards wanting stronger crypto for export. The only problem, of course, is the terms under which such code can be exported... I'll go further -- in my opinion, the only reason the government doesn't want DES to fall just yet is that alternatives aren't ready. That is, the banks and financial institutions, and for that matter the government agencies, have not converted to 3DES or Clipper or what have you, and can't do so on short notice; the commercial products they need just aren't ready yet. No one wants to risk a loss of confidence in the financial system. Two years from now, though, when some key escrow products are ready, it may be a different story. Steve is absolutely right on the money, particularly about the likely happiness on the government side. The true explanation of the current effort is a testimony to the strategic skill of the regulators, but it is not as represented aloud. Export controls are meaningless without domestic use restrictions and domestic use restrictions will never pass the test of the First Amendment. Therefore, in an effort to obtain what cannot be obtained politically, this administration makes the following ploy: (1) Withhold from American companies the wherewithal to compete internationally by crippling the products they may export; (2) Offer to those companies that will include the functional equivalent of domestic use restrictions in their products a competitive advantage that could never otherwise withstand any fairness test; (3) Declare the resulting imposition of domestic use controls to be the "voice of the marketplace" and "voluntary." This is as shameful as saying that a rape victim was "asking for it." --dan
On Wed, 29 Jan 1997, Dan Geer wrote:
Export controls are meaningless without domestic use restrictions and domestic use restrictions will never pass the test of the First Amendment. <snip>
Just because something is unconstitutional doesn't mean that learned judicial appointees will find it unconstitutional. When domestic GAK is passed, it will be structured to fit into the judicial philosophy of the day. This is under the same philosophy that says television shows are not speech, but rather a commercial enterprise. If the courts were first amendments absolutists, like the persons on these two lists, there would be no problem seeing porn on primetime TV. There would also be no V-chip law. When they manage to get the political conscensus, they will pass it. Incidentally, I remind you of the results of the moot court that was held at one of the CFP conferences, where a GAK case was tried in front of real federal judges by real lawyers. Our side lost.
At 10:45 AM 1/29/97 -0500, Dan Geer wrote:
Steve is absolutely right on the money, particularly about the likely happiness on the government side.
I pretty much agree. On the other hand, Ian did a nice job on the radio (NPR, probably was All Things Considered) of pushing the "look, if a college student can break 40 bits in a couple of hours, it's really stupid for the government to limit us like this"; a couple of other people also contributed spin, and it came out pretty strongly against export restrictions. I think we do need to get some sort of push going for 3DES as a replacement for DES - it's strong enough, even though DES is showing its age, and it's an obvious transition from the current technology. It's slower and clunkier than IDEA or RC4/128, but still not bad. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list, please Cc: me on replies. Thanks.)
participants (4)
-
Bill Stewart -
Dan Geer -
f_estemaļ¼ alcor.concordia.ca -
Steven Bellovin