Slashdot Mirror
Europe Sets Encryption free, USA Protests
Jor writes "This (english) article on Telepolis (german site) says that the European ministers of Foreign Affairs are expected to decide next monday (27th) to drop all export regulations regarding encryption software to countries outside the European Union. The article also points out that the USA are pretty pissed off by this decision.
"
what can be explained by stupidity.
In any case, its always been easy to get strong encryption in the US, so your argument makes no sense whatever.
On the flip side, it's always been easy to get encryption out of the US too. The so called export restrictions have always been an ridiculously porous barrier -- not only because the easy but illegal transfer of encryption programs, but because the restricted algorithms themselves have been protected under the first amendment -- if exported in printed form.
I think you miss two important alternative explanations.
(1) Politics.
Politicians are by in large not stupid. They just do stupid things for smart reasons. Export restrictions are symbolic not practical.
Politics is about appearances. If there is an item on the news that grabs everyone's attention, you can expect to congressional hearing pretty soon. That's why we get things like "crime bills". On the theory it's better to be ineffectual than indifferent, do something and if you're lucky and people aren't watching too closely, they may not even notice you are being ineffectual.
On the flip side, it's bad to have the appearance of coddling criminals, welfare mothers or terrorists, so it makes perfect sense (from a political sense) not to be the one caught pulling the plug. Do you think the Republicans would praise Clinton for dropping export restrictions? As a Democrat, I'm very sure that my party wouldn't have kind words for a Republican president who did so.
(2)Inertia
The very ineffectualness of the restrictions is what keeps them going. Nobody in the defense or intelligence estabishment who really understands these issues is going to care much, except for the people whose job it is to enforce the restrictions. Given the political exposure of "weakening" a defense, even if it is obsolete or as in this case merely symbolic, it's much easier to go along and not make waves.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
'But the European Union does not make their policies dependent on the opinion of the United States.'
First up, the opinion of the United States and the opinion of the United States Federal Government tend to differ, I would imagine. With regard to privacy issues, the government has a long history of going against public opinion.
While I like this from a crypto standpoint, I can't help but wonder why the sudden change in policy. It most likely was not due to any kind of public support of crypto, since by and large, the public does not care about this issue.
I'm guessing that corporations have been pushing for this and exerting power to make this happen. While I'm glad they did, it is another example of money buying policy (and for once, not in the US). What happens when these companies exert their influence for the purpose of making the DMCA an international law?
Granted, this is all conjuncture on my part. This story doesn't do into enough detail for me to support these guesses. But given recent events, I still find this pretty scary.
Finkployd
Besides, all of the major encryption standards were developed in the US, so the EU's decision will not really affect distribution of the well-known algorithms
All of the 'standards' (OpenPGP, SSL/TLS, S/MIME) have been published in RFCs. And documents describing almost every algorithm known are available online, either in RFCs, or the conference proceedings where they were first presented. Only code is restricted from export - textual descriptions are fine. And of course reference code for algorithms invented in Europe, Canada and other non-restrictive areas is available too.
in the business sector. .) and general bitching and moaning on the part of industry lobbyists to Congress. Eventually, Congress will have to make amends or risk continuing flack and re-election problems from companies who feel that their interests are being hurt by the current crypto laws. The recent reforms in the crypto laws in the US were a nice, if ambiguous start, but this development may be the flahspoint for a nice, unambigous movement of encryption technology out of the sphere of 'restricted munitions', and back into the hands of people who would like to prevent everyone in the world from reading everything they own.
This is exactly the sort of development that is needed in order to push the US into dropping restrictions on the use of strong crypto. The US govt. has limited concern for the demands of lone privacy advocates and crypto-lovers, but it has a hard time ignoring the concerns of big business, particularly now with the spotlight being on the one's and zero's industry. From the look of the article, a lot of the motivation behind the EU changing these restrictions was economic; companies that have to wait 6-8 months every time they want to sell products containing encryption to someone in another telephone exchange are less competative than those that don't. So this change makes European cryptography exporters (which could include a very wide range of products now a days, not just PGP style personal crypto managers, but also products with embedded protection) more competative. US businesses don't like being less competative than there overseas counterparts. It leads to the creation of "buy American" commercials (in this case, "Encrypt Americans". .
I'd like to see Slashdot, for example, have the option of being served up on 128-bit SSL. I mean all the pages on the site. It would probably be best for the slashdot folks if this were done with hardware encryption support.
For one thing, encrypting all one's casual traffic helps to provide cover for people who really do have something to hide.
I recommend using a web hosting service which provides secure shell login access. One such web hosting service is Seagull Networks. Here is how I retrieve my POP mail through SSH port forwarding. The tip entry gives BeOS specific instructions but the basic idea should work on any platform for which SSH is available.
And yes I know my email is sent to seagull in the clear, but what this does is generate encrypted traffic (generally a good thing) and also prevents my ISP from snooping on me unless they hack into my hosting service.
If you work in a company and are concerned that your employer may be snooping on your personal email (you're not mailing out your resume are you? Know how an ethernet sniffer works?) then you should definitely use SSH for your mail.
Also on my laptop I use PGPDisk to encrypt my Quicken Checkbook and source code on NT, and the Linux Encrypting Kernel to encrypt source code on Linux. If someone steals my laptop, my clients won't have all their trade secrets stolen too.
Mike
-- Could you use my software consulting serv
The reason that the FBI wants to keep crypto out of the hands of the citizens is indirectly our own fault.  We clamor that we want security and safety and we bitch and moan when our law enforcement (part of our government) doesn't provide it for us.  The war on drugs, the crackdown on guns are simply responses to people's fear and insecurity.  Crypto does make law enforcement's job tougher and that is a fact that everybody should just accept. 
Personally, I'll take the freedom to use crypto in any way that I see fit and I'll argue that even those that wish to use crypto in a way that is counter to my beliefs should be allowed to do so.  The benefits far outweigh the problems that it brings.
"When you trade freedom for security you get neither" - Thomas Jefferson
From: WhiteHouse
To: Joe Public
The Whitehouse, on behalf of the United States Goverment would like to clear up a few rumors that have been causing an uproar with the citizens of this Great Country.
There was been some acusations and rumors going around that the White House and the United States Goverment are not fully happy with the state of the union. To clear this up, and to fully put out or offical statement on this, on behalf of the United States Goverment we would like to state for the record "We are really fucking pissed".
I know this may come to a surpise to most of the citizens of this Great Country, but ever since the CIA and rosewell conscripies, the Goverment and the White House of this Great Nation of ours, have not really been getting any, and this makes us really pissed off. We (the United States Goverment) watch our citizens going day in and day out getting laid by great looking women, and on behalf of the United States goverment I would like to say "Where is my booty, why don't I get any hoes?" and also like to add "And the United States Goverment is pissed about this"
Thank you for taking the time to read this press release and hope this clears up any details the American public might not be aware about.
"`Ford, you're turning into a penguin. Stop it.'" -THHGTTG
The US (in particular the FBI and probably the CIA/NSA) wants to keep encryption out of the hands of USians. (The reason doesn't matter for the purposes of this post). The best way to do this is to keep there from being any "encryption infrastructure" and the best way to THAT goal is to keep from having any standards.
And if you disallow exports, you can't create a world-wide standard. But whoops, the EU allows exports now, so we can standardize on that.
So the US is pissed for two reasons:
1) The EU will be the encryption (and thus privacy, etc) standards-bearer for the 21st century. This causes loss of money and face for the US.
2) The US can't keep EU encryption out of the hands of USians unless it also bans encryption imports. And since that action isn't compatible with the nominal "munitions" argument, it would tip their hand too much.
--
Have Exchange users? Want to run Linux? Can't afford OpenMail?
Linux MAPI Server!
http://www.openone.com/software/MailOne/
(Exchange Migration HOWTO coming soon)