Crypto Exports, Europe, and Conspiracy Theories

[Timothy C. May]

At 8:49 PM 1/24/96, Alex Strasheim wrote:

(quoting me)

>> The usual issue: That if a foreign-originated product even appears to be a
>> standard (so far, none have been), and includes strong crypto, then the NSA
>> and other agencies will simply change the rules. Thus, if extremely strong
>> crypto from "Netscape-Zurich" starts to have a significant market presense
>> in the U.S., then some law will be passed to restrict it.
>
>But what would they restrict?  The use of strong crypto between two
>domestic points, or strong crypto where one end is within the US and the
>other without?  We already have the former -- wouldn't it be hard for them
>to take it away?  Especially if the software already has a large installed
>base, which is your premise?

Specifically, I believe--though obviously cannot prove, given the nature of
time--that a cryptographically strong version of Netscape developed outside
the borders of the U.S. would not be freely importable into the U.S. I
don't know what form such a law would take, to answer the point raised in
another post by Peter Junger. Nor am I saying either State or NSA passes
the laws...the ITARs have worked largely because they have never been
challenged; if they were to be successfully challenged and stricken, as
even some folks inside the NSA think is likely if tested in a proper case,
then a Four Horseman-scared Congress will likely step in with some
restrictions.


>I'm not denying that there are people in the NSA who would want to react
>that way, but I don't think they'd be able to pull it off.
>
>It is true that the National Security establishment has a lot of power
>and influence here.  But there are other groups with power as well, and
>the security types don't have the ability to do whatever they want
>without regard to the opinions and interests of those other groups.

And now here's where I will speculate openly, although my speculation is
informed by having followed these debates (and even contributing to them)
for many years.

You have to ask yourself this question: "Why are there no cryptographically
strong products--finished products, not specific ciphers or chunks of
code--developed in Europe and freely imported into the U.S.?"

More specifically, given that the situation with crypto exports being
limited (the so-called $60 billion a year problem...even if inflated, still
a lot of money) has been known about for a long time, and given that
Europe, and to a lesser extent Japan, India, etc., has a strong software
infrastructure, you have to ask why "Netscape-Zurich" is not now being
imported into the U.S., as a core module that then (for example) the
American developers could add additional stuff to. Or why Lotus Notes-Tel
Aviv is not being imported, with at least an 80-bit work factor.

Or why Digicash is not taking the relatively trivial step of offering
extremely strong ciphers (maybe something like Haval?) and blitzing the
U.S. market? ("Only Digicash is offering _all_ of our customers the same
level of communications security.")

(I'll get to some of the practical issues, that the culture of Europe is
not quite as conducive as the culture of the U.S. to startups, such as
Netscape, Spry, Intuit, etc., but I don't think this gets at the main point
of why strong crypt is not being _imported_ into the U.S.)

If the business losses are anything really close to $60 billion a year,
then companies wishing to have strong crypto should be *screaming* for
Europe-developed products to be brought back in to the U.S.

There are of course two components to the alleged $60 B a year losses,
broadly speaking:

* the losses of companies not in the crypt tools business who are losing
out because the crypto they are allowed to export weakens their product's
attractiveness.

* the losses of crypto tool makers who are losing out because their
products are not attractive to non-U.S. buyers

(Does anyone else out there see a disconnect in the logic here? If Company
A is losing business to a non-U.S. Company B, then why is whatever Company
B is providing (such as stronger crypto) not being imported into the U.S.
For example, if Netscape is losing out to "CERNScape," the hypothetical
browser company out of the CERN WWW groups, then why is CERNScape not
selling here? In fact, where _are_ the products that are winning out over
the crippled American products?)

(Understand that I'm not claiming there are no losses, that the $60 B a
year figure is not accurate (though I think it inflated a bit), I'm just
trying to figure out what's really going on here.)

Let's review some points that may be relevant to why "offshore development"
has not become a reality, even though one might think it would (given the
$60 B figure...that pays for an awful lot of overseas programmers!).

First, the "crypto hooks" point we discuss so often. Merely having hooks
that link to offshore crypto is a problem, as the ITARs make clear. Thus,
Lotus cannot simply say to its non-U.S. customers, "We are shipping a
version overseas that contains only 40-bit crypto; you are advised to
download 80-bit crypto from http://defeat-itars.lotus-geneva...." I don't
know precisely how the NSA and State would react, and what law would be
cited (beyond a reading of the ITARs), but pretty clearly this would not
fly in the current climate. Lotus might get visits from the NSA, might be
threatened with conspiracy to violate the Munitions Act charges, might have
its shipments seized, etc.

Second, folks at RSADSI told me several years ago that it even violates the
ITARs to send cryptographic knowledge out of the country (especially, in
this context, with the intention of the folks with the knowledge being the
"Geneva" operation of RSADSI, for example).

[Note: This is really where all the stuff about exporting code comes from,
and why the debate about exporting the RSA-in-Perl t-shirt is not really
hitting the main point. The NSA and State have no real concern about copies
of Schneier's book going out, given that they know they can't stop it
anyway and the stuff in it has already been published worldwide. No, their
real concern is ensuring that Lotus does not skirt the whole crypto exports
issue by sending a team to an overseas location to develop a core module
_there_. Before someone like Duncan protests that this strategy is
ultimately--and maybe even soon--doomed to fail, for the many reasons we
discuss often, I agree. But for the nonce, NSA and State are trying to
fight a holding action, and keeping U.S. companies from distributing strong
crypto is currently within their powers in a way that domestic control of
crypto is not.]

Third, even _interoperability_ is disliked by the NSA. Thus, if Lotus Notes
says that it will support an open standard such that its package can
communicate easily with Europe-developed crypto modules, the NSA will
consider this to be a means of skirting the ITARs. (This was actually the
main strength of PGP, as I saw it, that a "standard" could be supported on
many platforms, and once the program was proliferated to many countries,
all could interoperate. Note that there are very few other such
interoperable crypto programs---Lotus Notes talks to other Lotus Notes
sites (a chokepoint in controlling distribution), MicrosoftMail and other
products talk to other MS products, RSADSI's own standalone crypto program,
Mailsafe, talks to other Mailsafe users (again, a chokepoint for
distribution), and so on. [Side note: this situation is changing as
standards are adopted, as the Web takes on a more prominent role. But I
believe it to still be true that strong crypto in the U.S. cannot easily
talk to strong crypto in Europe and Asian, except via things like PGP. If
I'm wrong, I'd appreciate hearing about some examples.]

Fourth, bizarre as it may sound, _imported_ strong crypto may face the same
restrictions if attempts are made to _export_ it! Even if the code is
unchanged. (The only justification for this position is that the U.S. is
trying to create a chokepoint for control...there is no logical reason for
a product imported from Israel to then not be allowed for export back to
Israel, except that NSA and State hope to interfere with markets and thus
have more control over things.)

The effect of this restriction is that companies planning to import crypto
from, say, Switzerland, and integrate it into their products will still
face the ITARs when they try to export the product. And even having _two_
versions, one developed in the U.S. and one developed in Switzerland, will
then run into the issues already cited: skirting the law by having hooks,
(maybe) engaging in a conspiracy to export cryptographic talent for the
purposes of skirting the ITARs, and having interoperable versions.

Fifth, there are cryptographically-competent companies and programmers in
Europe. Companies such as Crypto AG, companies in Israel, programmers in
the U.K., Slovenia, Romania, and all over. (Many on this list, in fact.)
And programmers and very competent crypto folks in Australia, New Zealand,
etc.

Given the relatively small teams that built capable browsers, and given the
capable programmers, and given the (alleged) huge losses American companies
are suffering for lack of secure products, why are there no
Europe-developed browsers with strong crypto?

I promised conspiracies. My points above implicitly involve some
behind-the-scenes pressuring (and I know this to be the case from
first-hand accounts), but here are some more:

-- maybe even the European companies have been threatened, perhaps by their
own crypto-fearful intelligence agencies (recall the many reports of key
escrow talk in Germany, France, Sweden, etc.)

-- maybe, as some have claimed, the European crypto companies, such as
Zug-based Crypto AG, are actually controlled or influenced by the NSA.
(This was a recent thread here, dismissed by the list.censors as
"off-topic," but, I think, in actuality a terribly important topic to
consider.)

-- maybe the Europeans just don't want a piece of the Web browser market,
maybe the prospect of a software company reaching a capitalization of $5
billion in less than two years doesn't excite them. (Maybe Clinton didn't
inhale.)

In a kind of variant of the Fermi Paradox ("Why aren't they here?,"
referrring to alien visitors), my question is this: "Why aren't we able to
solve this pressing problem of not being able to export strong crypto by
_importing_ it?"

I don't think it's an accident, or laziness on the part of European and
Asian companies, that we haven't gotten around the U.S.'s laws about
exporting crypto by getting our crypto from competent programmers and
companies outside the U.S.

Comments?

--Tim May



Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."