No Subject

[Ernest Hua]

> From: jimbell at pacifier.com (Jim Bell)
>
> > can't have everything OUR way, the FIRST time around.  Washington
>
> I think you misunderstand the situation.  The government is in somewhat of a
> disadvantage by virtue of the fact that there is relatively little
> pro-censorship and anti-encryption legislation.  Absent such legislation,

Here is where I don't agree on the merits ...

1.  Pro-censorship agendas does not need much legislative momentum
because it does not take much P.R. on a child-molestation-murder
incident on some little caucasian girl from a motherhood-and-apple-pie
Small Town, U.S.A. to drum up the sentiments to censor.

2.  Anti-encryption has been well guarded by the NSA/CIA/FBI/DoD for a
long time using the semi-legitimate veil of national security.  In
fact, in some senses, there ARE legislative support, even if
unconstitutional when evaluated in the bright light of day.  The
problem is that you'll fight for years JUST TO GET A CHANCE to
evaluate the law itself.

Yes, some of the current legal battles are on their way there, but
it's been a LONG time, and every decision/every appeal takes months to
years, and it's clear that the NSA is hoping that in 2 years, they can
sign up enough pro-key-recovery companies to make the legal battles
moot.  2 years is pretty short compared to the time scales on these
battles, and the NSA is counting on just that.

To me, the time-to-market is just as important as the purity of the
products (the proposed legislations).

> the status-quo moves in a relatively free fashion, which is why the
> Internet is mostly unregulated today.

I don't think anyone will be willing to genuinely export encryption
(in a real commercial product) while directly flaunting the NSA's
implicit/explicit authority on this matter.  Corporations are too
concerned with the short term bottom line to care about more long term
goals like have freedom to export anything it wants.  I already know
of several instances at various companies where designs were
deliberately altered to NOT give the appearance of designing a product
with specific encryption/decryption capabilities, even though that is
what the product must support, fundamentally speaking.  Therefore, I
must conclude that the NSA is definitely winning some battles on their
2 year schedule already.

> From: Declan McCullagh <declan at well.com>
>
> The question is: Do we want to give up any domestic freedom in exchange
> for a relaxation of export controls? (Congress is, after all, built on
> compromises between warring factions.)
>
> My instinct is to say "No." Let the courts strike down ITAR, EAR, and its
> progeny, while we keep our freedoms domestically.

I really don't think we are disagreeing here.  I would not support any
restrictions on domestic usage, nor would I support any restrictions
on what non-governmental institutions may use.  I still believe we
should push for all we can get because that is the way the
legistlative process works, and that is the game the other side is
playing.  However, we shouldn't place unrealistic constraints on our
supporting legislators such as taking an "all or nothing" attitude.

Even if all we can get is 56-bit or 64-bit export legalization, it is
a HUGE chip away from the NSA rock because their "2 years free for key
recovery" plan is just that much weaker.  I would rather see, of
course, 128-bit/168-bit be liberalized, because that would essentially
mean that everything is liberalized, because the NSA has been playing
this "56-bit is too strong" charade, and losing 128-bit/168-bit is
essentially losing their argument, unless they want to risk coming to
the security committees admitting that they have lied.

> From: Lucky Green <shamrock at netcom.com>
>
> > Let's let the legislative process (whatever you think of it) take its
> > course.  I'll be happy even if they sneak some screwy secret committee
> > on the final bill, as long as we are not subject to that committee or
> > any other governmental body just because we allow ftp of C source code
>
> I think this is a dangerous position to take... make that fatal. The
> code is already being ftp'ed out of the US. The law would gain you
> little.

Well, we're not talking about the realities of the massive
semi-underground activities.  We're talking about the U.S. Government,
(which often has poor notions/understandings of reality), corporations
(which often must obide by the laws and regulations, however poor,
crafted by the U.S. Gov.), and genuine consumer applications (which
are significantly driven by the products produced by these
corporations).

> But the new restrictions/enhanced penalties, which will
> inevitably be included in any crypto bill that might become law,
> will set us back severely.  Personally, I hope that none of the
> crypto bills pending gets passed.

Of course, I don't like any of them, especially if there are still
secret committees with very real control written into the legislation.
If the NSA/FBI can call up Robert Allen to stall a secure phone
product line, they already have enough power outside the legal process
that they don't need any real committees to help them out.  However,
NSA will clearly deny having this level of influence to the security
committees, and they will most likely accept the NSA's word.

Ern

-- 
Ernest Hua, Software Sanitation Engineer/Chief Cut And Paste Officer
Chromatic Research, 615 Tasman Drive, Sunnyvale, CA 94089-1707
Phone: 408 752-9375, Fax: 408 752-9301, E-Mail: hua at chromatic.com