[cryptography] To Protect and Infect Slides
dan at geer.org
dan at geer.org
Wed Jan 8 13:38:26 PST 2014
Keying off of one phrase alone,
> This combat is about far more than crypto...
I suggest you immediately familiarize yourself with last month's
changes to the Wassenaar Agreement, perhaps starting here:
http://oti.newamerica.net/blogposts/2013/international_agreement_reached_controlling_export_of_mass_and_intrusive_surveillance
Precis: Two new classes of export prohibited software:
Intrusion software
"Software" specially designed or modified to avoid detection
by 'monitoring tools', or to defeat 'protective countermeasures',
of a computer or network capable device, and performing any of
the following:
a. The extraction of data or information, from a computer or
network capable device, or the modification of system or user
data; or
b. The modification of the standard execution path of a program
or process in order to allow the execution of externally provided
instructions.
IP network surveillance systems
5. A. 1. j. IP network communications surveillance systems or
equipment, and specially designed components therefor, having
all of the following:
1. Performing all of the following on a carrier class IP network
(e.g., national grade IP backbone):
a. Analysis at the application layer (e.g., Layer 7 of Open
Systems Interconnection (OSI) model (ISO/IEC 7498-1));
b. Extraction of selected metadata and application content
(e.g., voice, video, messages, attachments); and
c. Indexing of extracted data; and
2. Being specially designed to carry out all of the following:
a. Execution of searches on the basis of 'hard selectors'; and
b. Mapping of the relational network of an individual or of a
group of people.
All the same arguments that applied exportation bans for crypto
software apply here, especially that of pointlessness.
--dan
[ Software doesn't spy on people; people spy on people ]
More information about the cypherpunks
mailing list