Re: Crypto Exports, Europe, and Conspiracy Theories
At 4:12 AM 1/25/96, Michael Froomkin wrote:
On Wed, 24 Jan 1996, Timothy C. May wrote: [...]
Specifically, I believe--though obviously cannot prove, given the nature of time--that a cryptographically strong version of Netscape developed outside the borders of the U.S. would not be freely importable into the U.S. I
Nope. Nope. Nope. Nope. Donuts to dollars that it's freely importable.
First of all let me say that I take no offense at Michael's "Nope. Nope. Nope. Nope." opening. This is the kind of interesting debate we need to have! But let me address a specific question first:
don't know what form such a law would take, to answer the point raised in another post by Peter Junger. Nor am I saying either State or NSA passes the laws...the ITARs have worked largely because they have never been challenged; if they were to be successfully challenged and stricken, as even some folks inside the NSA think is likely if tested in a proper case, then a Four Horseman-scared Congress will likely step in with some restrictions. [...]
OK, Tim, what am I missing? How will Enhanced-crypto-Netscape match remailers for their ability to keep TLAs up at night?
Once one has good encrypted links, including access to a variety of offshore sites, remailers cannot be stopped. The TLAs may not like them, and the courts may rule that a remailer site is strictly liable for misdeeds which impinge on its remailers (I'm not convinced this is so, but no matter), but what do U.S. courts have to say about Dutch remailer sites? What will the Fifth Circuit be able to do to hactic.nl? Or chains of remailers that pass through Norway, Japan, Estonia, Italy, and Lower Slobovia? We've already got that with PGP, of course, so it's to some extent moot. All of the mentions recently about strong crypto built into Netscape, Mosaic, AOL, etc., have to do with the _popularity_ and _ease of use_ issues, not the existence proof. That is, having strong crypto built in to Netscape will not give us a capability we don't already have, just give it to more people and more conveniently. Back to the issue of remailers and anonymous servers as choke points. I agree. These are the real threats to traffic analysis, which is of course why I have so emphasized them in my own writings for so many years!! I take it as a given that no remailer services will operate for profit, publically, and with support built in to Netscape, at least not openly and identifiably within the U.S....it is too controversial. (I don't mean that most of the remailers are not U.S., now, I mean after the heat gets turned up, after the next "Oklahoma City bomber" is found to have been communicating with remailers! An awful lot of remailer sites will vanish overnight. In act, evidence that remailers are being used may be manufactured.) Fortunately, and I keep coming back to this, the beauty of PGP is that the encryption is in the text blocks within mailers, browsers, etc., and little or no hooks to external programs are needed. (We often moan about this, and wish for PGP 3.0 or 4.0 to have all kinds of hooks, but there is a certain elegance about a text-block-centric program, with hooks made later on an ad hoc basis....it is so terribly difficult to control what's in a text block that suppression of PGP is very hard.) --Tim May Boycott espionage-enabled software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 - 1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
participants (1)
-
tcmay@got.net