Thanks. We posted the Wassenaar changes on Cryptome on December 19. http://cryptome.org/2013/12/wassenaar-intrusion.htm http://cryptome.org/2013/12/wassenaar-list-13-1204.pdf The intrusion software has received some but not sufficient attention. And beyond the sections you cite there are many covering other technologies which interrelate and affect crypto. Those have received even less attention, at least in crypto world as far as we have seen. The means to transceive crypto continue to be its Achilles heel and appear headed toward crippling the whole body -- the bubble in which crypto exists precariously dependent on sophisticated support systems which, as seen in the Snowden minimal releases, have overwhelmed public crypto security, not least by leaving the impression public crypto was highly effective. More attention to the support system presumably will be given as the Snowden releases recommence, now dead stopped. Greenwald claimed recently that cryptographers and other techies are now reviewing the material, much of which is beyond the capabilities of journalists, lawyers and politicians. The stumbling block of comprehensive Snowden disclosures is that to do so, allegedly, could severely damage national security. Uh oh, that terrible aroma of complicity to protect secrets too dangerous for the public to know. Instead a few select experts are allowed to perfomr dual-hat assessments. Which is what has led to the current imbroglio of public and expert distrust: who watches the dual-hat experts who operate under the cloak of secrecy. At 04:38 PM 1/8/2014, you wrote:
Keying off of one phrase alone,
This combat is about far more than crypto...
I suggest you immediately familiarize yourself with last month's changes to the Wassenaar Agreement, perhaps starting here:
http://oti.newamerica.net/blogposts/2013/international_agreement_reached_con...
Precis: Two new classes of export prohibited software:
Intrusion software
"Software" specially designed or modified to avoid detection by 'monitoring tools', or to defeat 'protective countermeasures', of a computer or network capable device, and performing any of the following:
a. The extraction of data or information, from a computer or network capable device, or the modification of system or user data; or
b. The modification of the standard execution path of a program or process in order to allow the execution of externally provided instructions.
IP network surveillance systems
5. A. 1. j. IP network communications surveillance systems or equipment, and specially designed components therefor, having all of the following:
1. Performing all of the following on a carrier class IP network (e.g., national grade IP backbone):
a. Analysis at the application layer (e.g., Layer 7 of Open Systems Interconnection (OSI) model (ISO/IEC 7498-1));
b. Extraction of selected metadata and application content (e.g., voice, video, messages, attachments); and
c. Indexing of extracted data; and
2. Being specially designed to carry out all of the following:
a. Execution of searches on the basis of 'hard selectors'; and
b. Mapping of the relational network of an individual or of a group of people.
All the same arguments that applied exportation bans for crypto software apply here, especially that of pointlessness.
--dan
[ Software doesn't spy on people; people spy on people ]