Slashdot Mirror
Europe Sets Encryption free, USA Protests
Jor writes "This (english) article on Telepolis (german site) says that the European ministers of Foreign Affairs are expected to decide next monday (27th) to drop all export regulations regarding encryption software to countries outside the European Union. The article also points out that the USA are pretty pissed off by this decision.
"
Then the shaped charge was invented. Anti-armor tech caught up with armor tech.
Until we come up with better technology to crack encryption (IANACF - I am not a crypto freak), people are SOL trying poke through modern crypto schemes.
But the answer isn't to try and keep people from designing the armor. The answer is to develop a better method of defeating the armor. To try and stop the progression of crypto technology is stupid and, at best, a delaying action. The only benefit the efforts of the US Government will have are on the economics of non-US crypto companies.
Now, if everything is encrypted in an industrial-strength code, projects like Echelon will either take immense computing power or become wholly ineffective, with the latter being more likely. I know that the US has contributed excessive dollars and power to covert projects before, but Echelon casts such a wide net that decoding all of those tadpoles and minnows to catch the very rare shark just costs too much. Even for the NSA.
what can be explained by stupidity.
In any case, its always been easy to get strong encryption in the US, so your argument makes no sense whatever.
On the flip side, it's always been easy to get encryption out of the US too. The so called export restrictions have always been an ridiculously porous barrier -- not only because the easy but illegal transfer of encryption programs, but because the restricted algorithms themselves have been protected under the first amendment -- if exported in printed form.
I think you miss two important alternative explanations.
(1) Politics.
Politicians are by in large not stupid. They just do stupid things for smart reasons. Export restrictions are symbolic not practical.
Politics is about appearances. If there is an item on the news that grabs everyone's attention, you can expect to congressional hearing pretty soon. That's why we get things like "crime bills". On the theory it's better to be ineffectual than indifferent, do something and if you're lucky and people aren't watching too closely, they may not even notice you are being ineffectual.
On the flip side, it's bad to have the appearance of coddling criminals, welfare mothers or terrorists, so it makes perfect sense (from a political sense) not to be the one caught pulling the plug. Do you think the Republicans would praise Clinton for dropping export restrictions? As a Democrat, I'm very sure that my party wouldn't have kind words for a Republican president who did so.
(2)Inertia
The very ineffectualness of the restrictions is what keeps them going. Nobody in the defense or intelligence estabishment who really understands these issues is going to care much, except for the people whose job it is to enforce the restrictions. Given the political exposure of "weakening" a defense, even if it is obsolete or as in this case merely symbolic, it's much easier to go along and not make waves.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
There isn't ANY encryption I can't break in about 3 days.
Well do I have to be the one to say it? Fine... LIAR! If you could break ANY encryption in three days then you have something going that the rest of the world has missed. Just to demonstrate I would like you to take a crack at this next block. Mail me the answer (e-mail listed, it works). I'll even give you four days to do it in.
GHTRY AUYIT HGYYT LINQW
If you can't do it then admit you were being a idiot. Thank you.
It depends on whether you interpret the constitution in a loose or strict manner. I interpret it in a strict manner meaning that anything it doesn't SAY the government can do, the people have to approve. So, if everyone voted to outlaw all firearms that would be a violation of our rights, but one that we apparently didn't mind.
Kintanon
Check out JoshJitsu.info for Brazilian Ji
From the article:
...there is mistrust towards American encryption products which are believed to be weakened by the American intelligence agencies, or have secret backdoors... and ...affirmed the United States pressured the European Union to withhold the decision. 'But the European Union does not make their policies dependent on the opinion of the United States.'
The article does not say that the United States is "pretty pissed off" by this decision. That is pure speculation.
--
He lives in a world where those who do not run the client software of the omnipresent meme are unacceptable.
Well, Denmark doesn't. In paragraph 1.2.3 of the Danish patent law, programs for computers ("datamaskiner") is explicitly excempted. However, as an earlier poster pointed out, algorithms can still be patented as part of a larger system.
Say I want a good Cuban Cigar (I do!). Now, why can't I get one? Because the U.S. has a total economic ban on Cuba. IIRC the United States is the only nation to have this embargo on Cuba.
>There's no point in being the only nation on this planet banning encryption export.
Being alone has never stopped them before, why would it now?
Devil Ducky
Devil Ducky
MY peers would get out of jury duty.
BTW, I've been downloading my encryption products from Norway forever now. Much easier than screwing with an American site. Mandrake uses servers in other countries to seamlessly install encryption products once your networking is set up. The net's been bypassing our stupid regulations for ages now. Pity decss and that cyber patrol crack didn't fare so well.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Assuming that something happened to severly piss off the population, there could be a sucessful revolt. Well over 50% of the population has firearms and depending on what triggered the revolt, I'd imagine most of the armed forces would fight on the people's side.
What makes us powerless peasants now is that we just blindly accept whatever the government tell us.
Finkployd
Besides, I'll bet there are quite a few companies that would move encryption development overseas to take advantage of lax laws.
Some already have. RSADSI hired Eric A. Young (the guy who wrote SSLeay) to work on their SSL project in AU. The idea is that all of the coding, support, and sale is done outside the US, so it won't be 'tainted' by the export laws. That way they can sell it to anybody in the world, conviniently getting around US export laws.
This seems to be a rather severe departure from reality. Anti-terrorist paranoia (i.e., heavy police presence, "anti-terrorist" squads, airport security) is, according to most sources, more common in Europe than in the U.S.
In fact, the anti-self-protection laws you cite, are themselves an example of paranoia that has not, as of yet, infected the U.S., apart from in some Northeast cesspools.
The U.S., by the way, is not a particularly violent country, when compared to the world as a whole, instead of comparing only against largely homogeneous (by comparison, mind you) Northern European countries.
--
Give me a break...
The article says that the US was pressurising the EU not to go ahead with the move. Why did CmdrTaco say that the "US is pissed"? What further indications are there in the article that the US is indeed pissed?
And you think they'd be pressuring the EU not to go ahead with it if they liked it? No. The article stated rather nicely that the US government is... pissed.
-- iCEBaLM
Note that the EU doesn't recognize software patents, so er *can* export reimplementations of the patented algorithms. If this goes through, US citizens will be the only one unable to benefit from US developed encyption technology.
'But the European Union does not make their policies dependent on the opinion of the United States.'
First up, the opinion of the United States and the opinion of the United States Federal Government tend to differ, I would imagine. With regard to privacy issues, the government has a long history of going against public opinion.
While I like this from a crypto standpoint, I can't help but wonder why the sudden change in policy. It most likely was not due to any kind of public support of crypto, since by and large, the public does not care about this issue.
I'm guessing that corporations have been pushing for this and exerting power to make this happen. While I'm glad they did, it is another example of money buying policy (and for once, not in the US). What happens when these companies exert their influence for the purpose of making the DMCA an international law?
Granted, this is all conjuncture on my part. This story doesn't do into enough detail for me to support these guesses. But given recent events, I still find this pretty scary.
Finkployd
Does any law enforcement agency really think that Bad Guys anywhere in the world have any trouble at all getting strong encryption technology? The whole argument seems pretty pointless to me. They're just preventing people from making money with it. (conspiracy theory?)
Actually, this is different in the case of encryption, or software in general.
What the US government doesn't want is widespread use of encryption. The way to avoid this is to keep it out of mainstream products.
In your cell phone example, using a US standard does not keep you from calling someone outside the US. If you couldn't use a US cell phone to call someone in Europe, people would get upset about the lack of standards.
Encryption is only effective if it goes from one end to the other. Therefore, two people from different countries need to use the same standard.
What the encryption regulations have done is keep strong encryption out of the hands of the mainstream. These regulations have kept strong encryption from being built into Internet Explorer (for lack of a better mainstream example). If all of the mainstream applications had built-in encryption, and it was friendly enough that even my Aunt in Minnesota could use it, then eavesdropping on the internet would be practically impossible.
Cell phones don't follow a standard, but the worldwide phone system allows multiple standards to talk to each other. With encryption, there is no way to transliterate in the middle, because to do that, you'd have to decode the message.
--- "So THAT's what an invisible barrier looks like!" - Time Bandits
Steven,
I just had a little look at your posting history, and you're a pretty amazing guy. I am surprised that you feel it necessary to tell me that you were a sponsor of that contest since I would have expected you to be well-informed enough to be aware that Our People have been watching you for some time. We are forming a new World Organisation called Braggard, Inc. which we feel you would be more than qualified to preside over.
thanks,
Z
p.s. Anticipating a positive response we have already disabled http://www.jjjulius.com.
"Wise men talk because they have something to say; fools, because they have to say something" - Plato
EU Good, US Bad
Shall I Say anymore?
-- Note: These Comments are Generated by ME! Not You! ME!
That's because the US helps keep the economies running in these other countries. Even as we type, Washington is considering measures to prop up the declining value of the Euro.
More because of issues of trade balance, than as a favor or quid pro quo to Europe. A cheap Euro means higher imports from Europe, less export to Europe, and US companies being defeated in world markets by cheap European goods.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
This is a step in the right direction. Maybe if the U.S. sees other nations dropping export restrictions, they will follow suit. There's no point in being the only nation on this planet banning encryption export. Besides, I'll bet there are quite a few companies that would move encryption development overseas to take advantage of lax laws.
--cyphergirl
--Insert catchy
Well, I'm glad that SOMEBODY doesn't.
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
I'm just pulling your leg a bit about your literary criticism.
The conspiracy theory about encryption doesn't make any sense, because it can't target the people who need to be targeted -- the ornery free-thinkers with IQs higher than room temperature. The political theory does make sense because it fits with the pattern of behavior you can see every day if you look at any successful politician of any particular ideological stripe.
Conspiracies do happen; after all Nixon did try to cover up Watergate and he did use the IRS to force George Wallace to give up his third party. The KISS applies to conspiracies as well as anything else. The Wallace thing was simple, old fashioned blackmail, and worked perfectly. The Watergate thing started simple, but got too complicated to be managed, as it drew in too many of the executive branch. Of course, once he started down that road, he was stuck. The story had more legs than he had expected, and he was stuck with a balooning conspiracy that toppled his presidency.
Complicated conspiracies are simply prone to failure. To posit conspiracies that are complicated and doomed to faiure from the outset is to assume stupidity on the part of the conspirators. I have news for you -- these guys are rich and powerful and get a lot more action than the average geek.
So, you wanted a sound bite? Here it is: The difference between a politician and a geek is that a politician is willing to act stupidly to achieve his ends, whereas a geek is not.
Of course you can never disprove the existence of a conspiracy, especially to someone willing to introduce new propositions to support the conspiracy theory because he likes conspiracy theories. However, Occam's razor favors the straightforward political explanation.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
I don't think the FBI,NSA, or any arm of the government can stop US citizens from using encryption precisely because the US government has labeled it a munition. Thus it is an arm and because of the 2nd amendment we have a constitutional right to use encryption. Also by this argument the government can not ask us to give them the keys either as that would be the same as taking our guns from us which is against the 2nd amendment.
...which explains why submachine guns are not uncommon among their police, why H&K specifically designed an anti-terrorist-sniper weapon for the Germans, why the Israeli atheletes were assassinated at Munich, why people were shot at Athens Airport, why the French deal with Algerian bombers, why the ETA assassinates political figures...
Only the dead have seen the end of war.
Never underestimate the dark side of the Source
Even as an American it's nice to see some other countries/political entities showing some backbone and independant thought [terrorist nations notwithstanding]. While I don't usually follow these things too closely, it seems to me that quite often the US govt. pushes, and other countries just go along with it. :)
Then again, maybe I just really have no clue
Ender
Nothing to see here
Citizens aren't armed, so police aren't armed.
Oh yes they are.
The introduction of the ARV (Armed Response Vehicle) was in direct response to the number of firearms involved in serious crime.
ARV= Three police officers with firearms training, Beretta 92f's and H&K MP5's.
Of course they do have a tendency to kill people every once in a while (shot a depressed farmer here in Cambridge a while back) but they're probably criminals right?
I thought that restriction had been recently lifted, like within the past couple of years.
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
The nice thing about current mathematical cryptography is that many algorithms have strength that's exponentially proportional to key length - so a small increase in the amount of encryption and decryption work radically increases the work that's required to crack it without the keys. Linux clusters and distributed.net and DES cracker boxes are great for brute-forcing DES and RC4-40 and RC5-56, but the planet only has 2*170 atoms on it, 3DES, which has 168-bit keys, takes only about 3 times as much work as DES to encrypt/decrypt. (Ok, the real strength is only about 112 bits, because there's an attack using 2**64 bits of storage and 2**112 cycles, but there's always 5-DES and 7-DES, and algorithms like RC4 and RC5 don't even take extra work to use longer keys - you won't crack RC4-128 or 3DES by brute force in your lifetime unless the Great Nanotech Singularity changes your lifetime a lot - and probably not in the planet's lifetime.
It's MUCH easier to steal keys than crack good algorithms. Decompiled your keyboard ROMs lately? This is Slashdot, so many of you *have* checked out the device drivers for your keyboards
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I wouldn't blow off Blowfish. I'm not sure about its exportability in machine-readable form (IANAL), but I think the code is solid, and I know it's undergoing and undergone extensive peer reviews / attacks.
bzzt.
A munition is much heavier than the arms that the 2nd ammendment allows. Munitions include shells for heavy artillery and bombs, both of which you most definately are not allowed to own.
A quick glance at the constitution reveals no such restriction....
I'd say you need to re-read it. At the moment the government regulation of nuclear missiles and rocket launchers is a violation of our second amendment rights, BUT it's one that the citizens of the US have chosen to endure the interest of not having weapons of mass destruction available quite that easily. But make no mistake, it IS a violation of the rights set down in the constitution.
Kintanon
Check out JoshJitsu.info for Brazilian Ji
Is the soul of wit.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
One problem is that people such as ISPs and governments may block ports used for ssh. What I'd like to see is a way to transparently tunnel all IP traffic across https.
In other words, when host A wants to send a packet to host B, it makes an https connection to B (if one isn't already open) and sends the packet along that. At the other end, B interprets the packet as coming from some special 'crypto' network interface, and handles it just as if it had come from the network card or modem.
The advantages of doing this would be that ISPs wouldn't want to block https, since it is used for ecommerce. Likewise governments. And because https is encrypted, there's no easy way to tell that you're engaging in subversive activities (eg encrypted telnet) rather than approved activities which involve buying lots of stuff on the net. (please bear in mind that this whole post has been run through a conspiracy-paranoia filter.)
Also, it could be totally transparent to the user; if such a feature got put as standard into the Linux kernel (for *example*), traffic between Linux boxes would form a sort of 'cryptobone' (!) while communications to other OSes would proceed as normal.
-- Ed Avis ed@membled.com
Well I've already commented once to you but I'll do it again because frankly... your annoying. First off if you know so much about a hush-hush policy then why are you opening your mouth about it on Slashdot?
As for going into detail of course you can't. You don't have any. If you were so involved with security like you claim then you would be much more tight lipped and be able to keep your mouth shut. By the very act of saying you know so much but can only say these little tidbits you show yourself as a person who has never worked in, around, and/or with people or things that deal with security. If you did then you would know never to mention secrets (or hush-hush as you say), even little teasers. Please at least try to be a little more subtle in your trolling.
I don't think the war on drugs has anything to do with fears or insecurity of the people, it has everything to do with an ideology that some very influencial people hold. Nor do I see any major crackdown on guns, its about as easy to get a gun as its ever been.
The problem has everything to do with keeping powerful uncontolable tools out of the hands of the populace.
Besides, all of the major encryption standards were developed in the US, so the EU's decision will not really affect distribution of the well-known algorithms
All of the 'standards' (OpenPGP, SSL/TLS, S/MIME) have been published in RFCs. And documents describing almost every algorithm known are available online, either in RFCs, or the conference proceedings where they were first presented. Only code is restricted from export - textual descriptions are fine. And of course reference code for algorithms invented in Europe, Canada and other non-restrictive areas is available too.
you also might like to check out the story on Slashdot :+)
--
-=DaveHowe=-
The widespread distrust of American Products is not because of the encryption laws. The laws just provide a reason for Europen nations to distrust American Products, if the laws weren't in place someother reason would pop-up.
:)
That is not to say that I believe encryption restrictions should be in place, just there is always more happening than what is being screamed about.
*ASIDE* I noticed you didn't chide him for not thinking before posting when you reposted...
Devil Ducky
Devil Ducky
MY peers would get out of jury duty.
in the business sector. .) and general bitching and moaning on the part of industry lobbyists to Congress. Eventually, Congress will have to make amends or risk continuing flack and re-election problems from companies who feel that their interests are being hurt by the current crypto laws. The recent reforms in the crypto laws in the US were a nice, if ambiguous start, but this development may be the flahspoint for a nice, unambigous movement of encryption technology out of the sphere of 'restricted munitions', and back into the hands of people who would like to prevent everyone in the world from reading everything they own.
This is exactly the sort of development that is needed in order to push the US into dropping restrictions on the use of strong crypto. The US govt. has limited concern for the demands of lone privacy advocates and crypto-lovers, but it has a hard time ignoring the concerns of big business, particularly now with the spotlight being on the one's and zero's industry. From the look of the article, a lot of the motivation behind the EU changing these restrictions was economic; companies that have to wait 6-8 months every time they want to sell products containing encryption to someone in another telephone exchange are less competative than those that don't. So this change makes European cryptography exporters (which could include a very wide range of products now a days, not just PGP style personal crypto managers, but also products with embedded protection) more competative. US businesses don't like being less competative than there overseas counterparts. It leads to the creation of "buy American" commercials (in this case, "Encrypt Americans". .
For the short term, I'm not very hopeful. In the longer term, it is inevitable now. Our current policy made no sense even before this. Now, it will be much more difficult for the politicians and bureaucrats to pretend it still makes sense. But, rest assured, they will stupidly resist for as long as they can.
Geeky modern art T-shirts
It's nice to see the American government slapped down a few notches and maybe this will be an "time to end the ignorance" wake up call for Captial Hill and the FCC.
Don't just whine about poor internet privacy and freedom policies,
"Higher-level encryption products, notably PGP, are available free to everybody over the Internet provided that they *say* they are from the US. "
You dont have to `say` you`re from anywhere...
www.pgpi.com
has version 6.5.1i (i = international)
a wholy legal, inside and out of the states, version of pgp.
a.
With all of the talk of the US government wanting backdoors built in to all encryption so that they can protect the good ol' states can you really blame them? The power to access what should be confidential information should never fall into the hands of the government..t.here is no garauntee that it would not be used for purposes other than what it was intended...not to mention that if one of our agencies can get in then no doubt some youngster will find a way... if they open it they don't have to buy it from us as the article said...I agree
My Home: Apartment6
Its about time. Its not like clicking "YES" to the question "Are you a terrorist" when your downloading Encryption software is a good way of stopping people. I really don't think Terroists use the Honor system that way =)
Secondly what the point to the USA being pissed off?
Its not like there are any major threats anywhere anymore. *cough* Iraq*cough* (giggle) and the UN has already made them their Redheaded Step Son. And anyways, Everyone knows that Russia has the Best Coders in the world and If they want strong encryption they'll get it through Russia. (and it will probably be better than *cough* blowfish or DES or what ever we can't export anymore)
On a Sad note. Guess I won't be applying to the NSA anymore....
--------========+++Dont Feed The Lab Techs+++========--------
I disagree. Encryption, even non-hardware assisted, is easy to have setup.
:-)
Look at theTEA project (Transparent Encryption Agent), or look at the methods for transparent PGP of mail I outlined in Gnu Privacy Guard tutorial, part 2 towards the end of the document.
So, unlike your tank cars, this can be implemented easyily and quickly -- with no extra material cost. Replication of software and data through computers is essentially cost free, which how the GNU project can get away with giving away free [libre, beer] software
I'd prefer constant, perversive encryption to having someone listen into even the most insignificant private conversation I hold any day.
---
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
Why You Should Use Encryption
Note that while, yes, encryption is processor expensive, I suspect the work to decode all the JPEG images on a "content rich" website is probably a lot greater than the work required to encrypt and decrypt all those images for transmission.
The beauty of today's modern processors is that there is really no problem with just running encrypting everything. If the BIOS would support decrypting the OS as it boots, most of us would have no objection to encrypting pretty much everything on our disks, maybe even including the virtual memory. Really.
My 450 MHz pentium III laptop has no problem playing MPEG movies off a PGPDisk encrypted volume that is stored either on NTFS or FAT (where the encrypted volume is either NTFS or FAT itself - and you know FAT's not a fast filesystem).
Where the performance issues really count is for the servers and for those you'd certainly want hardware encryption. I'd be happy to donate a couple hundred bucks to Slashdot if it went toward implementing an SSL encrypted slashdot server, wouldn't you?
Clients have no problem with encryption in software. PGPDisk you have to pay for but I believe there is filesystem encryption for Windows PCs that is free. Let's see... ScramDisk, lots of good links at Yahoo 's encryption software page
I remember seeing an australian partition encryption utility there, I recall it implemented an australian government encryption standard as well as the more common ones, but I don't see it anymore.
And of course there's the linux encrypting kernel.
No, there's no reason not to encrypt. I think the main obstacle isn't export controls - it's user interface. Encryption is hard to learn. Compare using an encryption tool to, say, downloading an image from your new digital camera via USB on Windows or Mac. It should be really easy or no one will use it.
Mike
-- Could you use my software consulting serv
Do you also recommend that all cars be built like tanks, able to withstand a 60 mph crash?
The point is that while it's a worthy goal to encrypt everything for the heck of it, it is not cost effective. Just like it is not cost effective to install two-inch armor plating and internal gel padding on cars, even though it would cut automotive fatality rates by 90%.
As a security expert, you know that encryption is EXPENSIVE. The only way to bring down the cost of custom encryption devices is commoditization. Just like awesome 3-D graphics has fallen within the reach of the masses due to commoditization (anybody remember the $15K+ Elsa & E&H cards that rendered 50K triangles/sec? It wasn't that long back). You basically want a DES (or, more likely, AES) encryption chip on each motherboard.
For this to happen, we need the following:
1) A publicly accepted AES standard. All AES standards require hardware implementations, and I believe all the final proposed candidates have efficient hardware implementations.
2) A cheap chip (or, even better, build it into the mobo chipset).
3) A well-defined API to this device. I assume 2 and 3 will go hand-in-hand.
4) Intel or VIA (through Asus, Abit & others) to buy into this and start building it on their chipset. Alternatively, Once one manufacturer does it, all the others will, too. It's just too big a competitive advantage.
-- Before you moderate: Do you really believe somebody called 31337 d00d has anything useful to say?
I'd like to see Slashdot, for example, have the option of being served up on 128-bit SSL. I mean all the pages on the site. It would probably be best for the slashdot folks if this were done with hardware encryption support.
For one thing, encrypting all one's casual traffic helps to provide cover for people who really do have something to hide.
I recommend using a web hosting service which provides secure shell login access. One such web hosting service is Seagull Networks. Here is how I retrieve my POP mail through SSH port forwarding. The tip entry gives BeOS specific instructions but the basic idea should work on any platform for which SSH is available.
And yes I know my email is sent to seagull in the clear, but what this does is generate encrypted traffic (generally a good thing) and also prevents my ISP from snooping on me unless they hack into my hosting service.
If you work in a company and are concerned that your employer may be snooping on your personal email (you're not mailing out your resume are you? Know how an ethernet sniffer works?) then you should definitely use SSH for your mail.
Also on my laptop I use PGPDisk to encrypt my Quicken Checkbook and source code on NT, and the Linux Encrypting Kernel to encrypt source code on Linux. If someone steals my laptop, my clients won't have all their trade secrets stolen too.
Mike
-- Could you use my software consulting serv
Speed matters. When you have a server doing thousands of SSL transactions per second, the extra time it takes to generate a 512bit key vs a 128bit key becomes very very real and very expensive. It may not matter if it takes 17 seconds on your P133, but the server can't dedicate itself to doing your encryption for more then a split second.
Besides, in terms of non Public Key Cryptography, 128bit is reasonably secure for current applications. Just look at Distributed.net trying to crack 64bit encryption. 128bit is 2^64 stronger then that. Thats reasonably secure from brute force attacks.
If its a cryptoanalyitic attack your worried about (such as someone knowing how to quickly decrypt the messages), what you need is better algorithms, not longer keys. Longer keys don't stop a cryptoanalyitic attack.
-- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
The reason that the FBI wants to keep crypto out of the hands of the citizens is indirectly our own fault.  We clamor that we want security and safety and we bitch and moan when our law enforcement (part of our government) doesn't provide it for us.  The war on drugs, the crackdown on guns are simply responses to people's fear and insecurity.  Crypto does make law enforcement's job tougher and that is a fact that everybody should just accept. 
Personally, I'll take the freedom to use crypto in any way that I see fit and I'll argue that even those that wish to use crypto in a way that is counter to my beliefs should be allowed to do so.  The benefits far outweigh the problems that it brings.
"When you trade freedom for security you get neither" - Thomas Jefferson
"Country X in Europe comes with a new encryption. US and no one else can break it. They then decide to start taking over other countries. They have a unbreakable encryption method that no one can tell what they are doing. Morse code and other codes were used in previous wars to send messages, with an unbreakable encryption method it could be a new way to send secrete messages."
Been there, done that, cracked it. That little scenario took place during WWII. The Allies won out over the "unbreakable" code. There is NO SUCH THING as an unbreakable code in reality. There is always someone who will spill the beans. There is always someway to capture an encoding device. I'm more worried about Country X launching nuclear missiles than wether or not Country X can talk in private or not.
Bad Mojo
Bad Mojo
"If you can't win by reason, go for volume." -- Calvin
From: WhiteHouse
To: Joe Public
The Whitehouse, on behalf of the United States Goverment would like to clear up a few rumors that have been causing an uproar with the citizens of this Great Country.
There was been some acusations and rumors going around that the White House and the United States Goverment are not fully happy with the state of the union. To clear this up, and to fully put out or offical statement on this, on behalf of the United States Goverment we would like to state for the record "We are really fucking pissed".
I know this may come to a surpise to most of the citizens of this Great Country, but ever since the CIA and rosewell conscripies, the Goverment and the White House of this Great Nation of ours, have not really been getting any, and this makes us really pissed off. We (the United States Goverment) watch our citizens going day in and day out getting laid by great looking women, and on behalf of the United States goverment I would like to say "Where is my booty, why don't I get any hoes?" and also like to add "And the United States Goverment is pissed about this"
Thank you for taking the time to read this press release and hope this clears up any details the American public might not be aware about.
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
Many rulings in Europe do come about because of big company pressure, but this almost smacks of something else.
Prediction:It means that the European crypto stuff will become the world standard.
Thus all that US investment and current export regime which hurts the consumer in Europe as well as companies can be ignored as a free to export crypto will be more attractive to both US and European countries.
IMO this is an excellent move for Europeans, both in business and the consumers.
So maybe the EU did it _knowing_ it would piss the US off, and with the _express_ intention of reducing the US' control of crypto.
An Eye for an Eye will make the whole world blind - Gandhi
As we know Echelon has been a joint venture between European countries an the US, one wonders how that partnership will be affected.
Further, if something "bad" were to happen (i.e. plane blowing up), you know the US Gov't will blame the EU, saying that lift on encryption resulted in that tragedy. Lawsuit to follow?
It is about time. The overarching question is whether this change in policy and a corresponding change in US policy would really have any effect in the use of encryption. The highest level of encryption used in e-commerce is 128-bit, which even the US government now allows to be exported. Higher-level encryption products, notably PGP, are available free to everybody over the Internet provided that they *say* they are from the US.
Besides, all of the major encryption standards were developed in the US, so the EU's decision will not really affect distribution of the well-known algorithms (except RSA, whose patent will run out and whose algorithm could be integrated without permission into a European company's product).
For once, it's EU that is leading the way. Technologically, we're (US) ahead--but, we seem to be farthest behind when it comes to developing appropriate policy in regards to new technologies.
ByteMyCode.com: A Web 2.0 code sharing community.
This is just one step further towards forcing the US gov't to relent and allow free export of encryption. This is something that most of the computer industry has been demanding for a long time. This is something that is necessary for the growth of worldwide electronic commerce.
This is an obvious sign that the Wassenaar (sp?) treaty is breaking down, thich is a good thing.
The big celebration will happen when the RSA patent expires later this year... Get ready Uncle Sam, your days of being able to casually eavesdrop on every communication are slowly fading into history.
Before that they started opening mail - that's why people would put those elaborate wax seals on their mail .... and before there was an organised mail delivery system intercepting mail was hard ....
My point is that there's been an ongoing technological battle between those who want their privacy and those who want to breach their privacy .... it's been going on for centurys .... maybe the spooks will give up when we're all using quantum entanglement to comunicate .... or maybe they'll juts get a lot more spooky :-)
Complete bullshit. Europe has *more* problems with gun toting terrorists than the US. Remember the Red Army faction, the Basque separatists, the IRA, Baeder-Meinhof(sp?). Europe is a good example of what happens when you disarm the people and the trigger-happy fanatics run wild. Except for Switzerland. God Bless their machine-pistol toting hearts...
--
Nothing to see here. Mooooove along...
Obviously this renders the crypto export restrictions in the US
redundant: you can export anywhere from the US in two hops. I see
three main options for US policy makers (from least likely to most
likely): drop their own export restrictions, reimpose crypto
restrictions or pretend it is not happening.
It would not be surprising that the US is pissed about this development. But please don't try to stir the sauce - it's hot enough as it is.
> For example in the UK it is actually illegal to do encryption in hardware You mean like the nCipher device which performs RSA and DH operations in hardware? Produced in Cambridge (not the one in MA)? A little more care required before you post inaccurate stuff like that It is not illegal to perform encryption in hardware, software or via two packs of playing cards in the UK. Much to the security services' annoyance.
The US (in particular the FBI and probably the CIA/NSA) wants to keep encryption out of the hands of USians. (The reason doesn't matter for the purposes of this post). The best way to do this is to keep there from being any "encryption infrastructure" and the best way to THAT goal is to keep from having any standards.
And if you disallow exports, you can't create a world-wide standard. But whoops, the EU allows exports now, so we can standardize on that.
So the US is pissed for two reasons:
1) The EU will be the encryption (and thus privacy, etc) standards-bearer for the 21st century. This causes loss of money and face for the US.
2) The US can't keep EU encryption out of the hands of USians unless it also bans encryption imports. And since that action isn't compatible with the nominal "munitions" argument, it would tip their hand too much.
--
Have Exchange users? Want to run Linux? Can't afford OpenMail?
Linux MAPI Server!
http://www.openone.com/software/MailOne/
(Exchange Migration HOWTO coming soon)
Technology will always be one step ahead of whatever is trying to squash it. The government wants to control encryption to save them the trouble of cracking new techniques, but it's never going to be that easy for them. They'd be better off accepting the technological advances and working around them, instead of focusing so much on the past and hoping that nothing changes.
Got Rhinos?
Pretty much shows that our gov't is *not* representative of the people or our interests, eh?
--
Ok, so first, the EU enacts privacy laws that do a good job of protecting the privacy of citizens. Then, it sets crypto free, which also helps with the first goal, making sure that information that is transferred is secure.
Meanwhile, the US goes on with its laissez faire "privacy" laws (feel free to collect anything you want, and to cross-correlated to your heart's content). Furthermore, we have these lame crypto export restrictions, making secure interoperability on the Internet difficult.
Can anyone call the United States the "Land of the Free" without a touch of sarcasm?
I see both issues about Universal Access to the net and the relaxing of data encription export controls as being important and related. Companies in the US eg: MPAA, RIAA and eTOYS seem to think that they can set the international agenda. Well, first France tells eBAY it cnnnot auction Nazi stuff and then the EU tells the US that all export control on data encription is being lifted. What goes around, comes around. Important issues about who controls the universally accessed net have not been decided. Which contries law's control the net? Who defines TLDs? Should we all work together to get the UN in control of the net, not that the UN is anything like a world goverment or anything but it may be the closest thing we have. We'll never get into the Federation of Planets without a world goverment.
zenray
- You don't need a chip to do encryption
- Chips wouldn't be (and arne't) that expensive, anyhow
- You can put such chips on an ISA/PCI/USB interface, as they don't need to be on the motherboard (e.g. hardware that enhances SSL processing)
Did you even read the post you were replying to? How much do you think that individual spent to be able to apply encryption to so many aspects of his computing and communications methods? Virtually nothing.Your argument is not unreasonable; in fact, I think it's a common misconception. It's not some huge monumental ordeal to deploy encryption for yourself, casually. It should be obvious after reading the parent post that it encryption can be employed almost everywhere, cheaply and effectively, in the status quo.
send flames > /dev/null
Only 'flamers' flame!