I think the impact of the strike on December 14 against the Wassenaar Arrangement has been greatly under-estimated. Even though I can only comfirm a handfull of brave souls may have supported the cause, the discussion about it was enough to raise awareness. And wasn't that the point? I submit this as proof for your aproval: (Orinigal story quoted directly from: http://www.zdnet.com/icom/e-business/1998/12/wassenaar/index.html ) December 14, 1998 Wassenaar Pact May Threaten Global E-com By Jim Kerstetter - PC Week Could a treaty banning the use of strong encryption put the screws, once again, to the U.S. encryption industry? Cryptographers and others in the security industry worry that that could be exactly what is happening. The Clinton administration this month, in an about-face to indications that it was loosening its grip on encryption, announced the signing of a treaty with 32 countries called the Wassenaar Arrangement. The treaty would limit key lengths to 64 bits or less. Clinton administration officials said the treaty will, for the first time, level the playing field for U.S. companies trying to sell abroad. That's true, to a point. U.S. companies have long complained that they were unfairly hampered by the lack of restrictions in other countries. What they had hoped would happen--and what the administration seemed to be edging toward--was an easing of U.S. export laws. They never asked for stronger controls in other countries. The Wassenaar Agreement broadsided many who had watched the Clinton administration over recent years grant export licenses for strong encryption products to companies such as Hewlett-Packard Co. and Netscape Communications Corp. Jeff Smith, general counsel of the Washington industry group Americans for Computer Privacy, said in a statement the treaty is a welcome attempt to level the playing field, but "it also demonstrates flaws in our government's encryption export policies." Security status quo So what does it mean if the agreement does become law? For starters, it would not cut the use of unbreakable encryption. The Data Encryption Standard, the U.S. standard for symmetric, or private-key, encryption, has been broken at 56 bits. No one has publicly acknowledged breaking a DES key longer than that. The Triple DES key, commonly used in the United States, would continue to be illegal for export. Ironically, the government's own proposed Advanced Encryption Standard, which is expected to replace DES in about two years, would not be allowed for export. It's not clear what the treaty will mean to companies that have already been granted export licenses either for strong encryption--the financial-transaction encryption that has been exempt in the past--or for authentication mechanisms that usually take 1,024 bits. In other words, the treaty would reinforce the status quo in the United States. Elsewhere around the world, it could be a different story. Of the 32 other nations, several, such as the United Kingdom and Japan, already have strong encryption controls. But others, such as Germany, have virtually no export controls, and companies there could be seriously impacted. About 18 months ago, the control of encryption products was taken out of the hands of the U.S. Department of Defense, which had long considered encryption a munition, and handed to the Commerce Department. Although the result was often the same--the DOD, the National Security Agency, the CIA and the FBI still had a say in what could and could not be exported--the shift of control was considered by many to be a sign that the administration was growing more friendly to industry concerns. Those hopes were further bolstered when export limits were raised from 40 bits to 56 bits, when financial institutions where allowed to use whatever they wanted to protect transactions and when a long list of companies gained export approval. But the Wassenaar Agreement, which must still be approved by Congress and legislative bodies in most of the participating countries, would put the brakes on that road to government deregulation. Jim Kerstetter is a staff writer at PC Week. Send e-mail to jim_kerstetter@zd.com. -Kevlar <Webmaster@max-web.com> Does God know Peano Algebra? Or does she not care if strong atheists couldnt reason their way out of a trap made of Boolean presumptions? A little bit of knowledge is a dangerous thing, but zero knowlege is absolutely subversive. Overspecialization breeds in weakness. It's a slow death. Beat your algorithms into swords, your dumb terminals into shields, and turn virtual machines into battlefields... Let the weak say, "I am strong" and question authority.