Slashdot Mirror

← Back to Stories (view on slashdot.org)

Crypto Restrictions Are Taking Over the World

Posted by timothy on from the and-you'll-like-it dept.

zeke writes: "An article on SecurityFocus details how forced key escrow and other crypto restrictions have taken root around the world, in countries like France, South Africa, the Netherlands and the UK. Ironically, this leaves the United States -- the birthplace and graveyard of the Clipper Chip -- as one of the few bastions of unregulated encryption."

22 of 348 comments (clear)

  1. U.S. Encryption by Anonymous Coward · · Score: 3, Insightful

    Sometimes, it's really useful that the U.S. has so many different conflicting (powerful) interests, and a fairly lengthy legislative process, because it keeps things like this away (or atleast delays them a while.) Sure, the export policy was especially bad for a while, but overall, things weren't (and there will still ways around the export rules).

    Besides, we all know the NSA's top top top secret quantum computer can break any encryption quickly...

  2. And Canada by Newtonian_p · · Score: 3, Interesting
    Canada is the only developped country in which there are no laws regulating encryption.

    That's one of the reasons for which Openbsd is developed there.

    --

    There are 2 kinds of people in this world: Those who write in decimal and those who don't

    1. Re:And Canada by gmack · · Score: 3, Interesting

      Actually that's not true. I used to think that as well but then somone pointed me to the laws in question.

      We have a specific exemption for open source or free software. Commercial apps still have regulation (although less ornerous than the US)

    2. Re:And Canada by dark_panda · · Score: 5, Informative

      Some links to info on Canadian crypto laws:

      Electronic Frontier Canada's Crypto Page

      A Notice to Exporters, part of the Canadian Export and Import Permits Act: "Export Controls on Cryptographic Goods"

      A speech by John Manley from 1998, then the Minister of Industry: Canada's Cryptography Policy

      The Canadian government's cryptography website: Cryptography/Cryptographie

      I have somewhat of a stake in Canada's crypto laws, as I've been writting and maintaining a strong cryptography extension for PHP which uses the Crypto++ library. Of course, my code itself contains absolutely no cryptographic code, it just links to the aforementioned library, but still...

      J

    3. Re:And Canada by Anonvmous+Coward · · Score: 4, Interesting

      I think the idea is not to thwart, but to provide punishment for it.

      I'm playing Devil's Advocate here, I'm not saying it's right. I think the mentality might be along the lines of "Yah well it sure sucks that we weren't able to bust Al Capone on anything but IRS dodging."

      It's very possible that they're looking for ways to define 'accomplice'. Let me put it another way: Lots of people were involved in executing 9-11. But besides the hijackers (that died), how can we punish the other people involved? Well, if they used illegal encyrption to communicate, they could be arrested and pulled out of the plan of the next attack.

      Again, I'm playing Devil's Advocate here. I'm explaining what their reasoning probably is, I'm not saying that I support it or that it'd even work. I'm saying that I could see some old powerful fart using reasoning like that.

  3. Which turns out to be ok by Mr+Guy · · Score: 3, Funny

    Because last time I checked, we STILL can't export the good stuff to them anyway. Or post the source. Or talk about it too loud.

    --
    Never confuse volume with power.
  4. What about recent H2K2 stuff? by mesozoic · · Score: 3, Insightful

    The author makes a very good point: whether we have the freedom to use crypto or not, crypto software itself hasn't come very far in the past few years.

    So what can we do about it? Could Peek-a-Booty or the Six/Four protocol be used as springboards into more user-friendly crypto applications? Are there any other free/OSS projects to bring crypto to the masses? (Because God knows your average user couldn't figure out PGP or GPG if his life depended on it.)

  5. Irony? by w.p.richardson · · Score: 3, Insightful
    What is the irony of encryption being allowed in the US? After all, the US is a free country.

    It may not be free beer (no EU-style social safety net), but you have all the opportunity that you can make for yourself.

    --

    Curb CO2 emissions: Kill yourself today!

  6. Re:Of course its taking root. Its a good idea. by MarvinMouse · · Score: 3, Insightful

    There is a considerable difference between a gun and a lock on the door to your house.

    Just as there is a considerable difference between nuclear weapons and "munitions-grade encryption".

    Encryption doesn't have the power to kill anyone, it just has the power to protect privacy and hide information. While a nuclear weapon has the power to destroy.

    If they ban encryption, why not ban locks, doors, window shades, make walls out of glass, and allow video cameras and audio tapes to be placed in every nook and cranny of your house. You have nothing to hide, that's why high-grade encryption is useless right?

    Think about it.

    God, I love the fact I am a Canadian at times like these.

    --
    ~ kjrose
  7. I wonder about e-commerce by jc42 · · Score: 3, Interesting

    The main way that most people use encryption is when they order something from a web site, and the traffic is encrypted to protect credit-card numbers. I've been wondering how well the various restrictive governments police this.

    Consider that most users aren't even really aware that they are encrypting their internet traffic. It's done by behind-the-scene transactions between their browser and the remote web site. The user never invokes any encryption software, and never sees the keys.

    Will we eventually see cases where a poor baffled user is arrested and charged with illegal encryption, when what they really did was order a pair of socks from llbean.com?

    --
    Those who do study history are doomed to stand helplessly by while everyone else repeats it.
    1. Re:I wonder about e-commerce by jc42 · · Score: 3, Insightful

      You may be right; I've never seen what I'd call reliable statistics about online ordering or online banking. I suspect that you can't get reliable statistics because "that's proprietary".

      And, I suppose, the main effect of anti-encryption laws will be to make it easy for ISPs to spy on both sorts of commercial traffic. All it would take would be a few bribes to the right person in your local ISP, and you could get the credit card or bank account numbers of all their customers.

      Of course, considering some of the recent financial scandals in the US, it might not be long before we have anti-cryptography laws passed to that this sort of interception is possible. I wonder how much it would cost per senator to make commercial encryption illegal?

      (I hope I'm just joking ... ;-)

      --
      Those who do study history are doomed to stand helplessly by while everyone else repeats it.
  8. You dont need encryption.. by perlyking · · Score: 3, Interesting

    ....when you are being detained as part of the "war on terror" without trial and denied legal counsel.

    But yeah there are bad encryption laws in other places like here in the UK. Its worrying.

    --
    no sig.
  9. Re:We could argue the other side of the coin... by Ubi_UK · · Score: 5, Insightful

    You are completely missing the point

    'The terrorists' are the guys that have the finance to develop and use illegal-level encryption (it's not really the biggest crime they'll commit). Same goes for other big time criminals. They have more to lose with low encryption (which the police can read) than high encryption (which wiull just give them a $20 fine)

    Only small-time criminals with no resources and normal citicens will be forced to downgrade their encryption, making it easy for big brother to read their email....

  10. Something to bear in mind is tradition of Freedom by MemRaven · · Score: 5, Insightful
    Something that I think people should bear in mind in the article is that the tradition of Freedom allowed in countries which are currently making moves to restrict cryptographic freedoms is much lower than in the US, either with the consent of the governed or without. For example, while the author points to places like Burma and Russia as Bad Places that have serious cryptography restrictions, it also points out that places like France, the UK, the Netherlands, and South Africa also are looking at them, and after all, they don't seem like they have horrible military regimes, so what gives?

    Well, those countries don't have a history of providing their citizens with the almost absurd levels that the US does. In Britain, you don't have nearly the same rights that you do in the US, and while the Netherlands is a socially permissive country in many respects, it's also very tough on law and order for those things that it deems are social problems (just because in Amsterdam you can buy pot and sex doesn't mean you can kill someone in Utrecht). And South Africa has hardly had any history whatsoever of having solid personal freedoms. So while you can look at the problem pragmatically ("the US looked at the issues and realized that they're unworkable"), you can't just look at it from a US-civil-liberties perspective ("no one should be willing to give a government that much power").

    The problem, as the author correctly identifies, is that anything along the lines of key recovery is completely unworkable in practice at all. While it might look nice sitting in a piece of legislation, it's impossible to enforce. Cryptography isn't something like a gun, that's physically manufactured, it's a bunch of mathematical equations (remember the whole RSA on a T-Shirt campaign?). You can't stop the providers of something based on mathematics, and you can't force everybody in teh world to start keeping track of other people's keys, or else they'll just start using "illegal" encryption.

    And that's the real kicker: regardless of whether you want your citizens to have the power to encrypt things such that you can't have acccess to them, you can't stop them in any way. All you do by attempting is instantly incriminating a pretty significant portion of your population to access information that you can still get elsewhere (like keystroke loggers that the FBI uses to get passwords, or search warrants for hardware encryption devices, which are both pretty effective IMHO for key recovery purposes). You can't outlaw mathematics (the whole US issue highlighted that), so you really shouldn't try.

  11. Re:From the other side by gmack · · Score: 5, Insightful

    Lets think about that logically for a second...

    What exactly makes you think criminals and terrorists are going to hand over thier keys for escrow?

    I don't think this is an invasion of privacy so much as a complete waste of money and a source of unneeded complexity.

  12. The UK has less rights than the US? by oliverthered · · Score: 4, Informative

    Well that all depends on your point of view.
    The UK has far more employment rights than the US has.
    also the right to medical treatment.

    the right to life (no death penality).

    The right to get arrested without being put in handcufs.
    Hell I can even crack a joke with the police if they get stopped, and give them a bit of hastle e.g. Have you got any ID? so long as i don't break any serious law or take the piss to much.

    I can buy tin foil, baking soda, spoons, bongs etc.... without feer of being arrested.

    I can have a open bottle in the car.

    I can cross the road.

    When I was younger I had even more rights, maybe the UK is just trying to catch up with the poor human rights policy in the US.

    --
    thank God the internet isn't a human right.
    1. Re:The UK has less rights than the US? by MemRaven · · Score: 3, Interesting
      Yeah, I don't think I made my point on that particularly well. I think what I was meaning to say is that in terms of freedom from government intrusion in your privacy, the US has it pretty paranoid-leaning. Partially it's a historical thing in the US, partly it's a cultural thing, but we have the most paranoid culture about government intruding on your privacy without your consent that I can imagine. That's what I was really trying to get at.

      Although, I would point out that any nation without an actual constitution or any viable or realistic checks on its Prime Minister can hardly be considered to be a place where you can be guaranteed your rights (as anti-terrorism legistlation passed to try to deal with teh Northern Ireland conflict can attest to).

    2. Re:The UK has less rights than the US? by davebooth · · Score: 3, Informative

      As a Brit living in the US (still undecided on whether I'll switch citizenship so hopefully free of undue bias) I'll have a stab at answering this one...

      • In the UK it is illegal to fire a woman simply because she is pregnant. It is also required for a company to offer maternity leave that must be paid for a statutory minimum time, after which up to a years unpaid leave must be offered with the employee able to return with no loss of status or seniority. Unfortunately some companies (just like in the US and everywhere else any corporate behaviour is regulated) dont like living up to these rules and will often do the bare minimum their lawyers think they can get away with. The ones with the good lawyers do get away with it, the others get sued or prosecuted.
      • The police in the UK and in the US have a duty to protect the public. They have lots of rules about how they are allowed to go about it which they are expected to apply before anything gets into court to decide questions of law. Three or more huge guys wearing Vikings colors making a point of getting in the face of anyone coming down the street wearing green and gold would likely get arrested over here too. UK cops are expected to use their judgement just as US cops are. In either country its still true that is you piss off a cop badly enough (s)he can probably find something to nick you for.
      • One could probably refuse to divulge a crypto key on the grounds that you cannot be required to answer questions.. However, that is one area in which the US has the superior laws since in the US courts are not allowed to even mention whether you answered questions or not. In the UK the advice of your rights when arrested goes on to say that if you do not answer questions then that refusal itself may be alluded to in court - That caused a HUGE stink when it got pushed through.
      • This one isnt much of an issue. In MN I cant buy wine in a grocery store. Similarly liquor stores are not open past 8pm and are all closed Sundays. This has in the past few years caused me more hassle than being unable to buy beer or wine before 11am or on Sunday afternoons in the UK. Wherever you are you'll find folks who dont like the licensing laws.
      • Stores closed on a Sunday.. not much of an issue anymore. First it was a holdover from the days when the church was a legislative power in Europe, then small local stores were exempted to try and save them from being driven out of business by huge supermarkets and then large corporations lobbyists got their megastores exempted too... Hmmm.. sounds kinda familiar :)
      • In the UK you ARE guaranteed a refund if the product is faulty. Some stores will try and persuade you to accept a replacement or an in-store credit but if you insist they must take faulty goods back and refund your money. Most folks just dont want the hassle of insisting on a refund and threatening the store with legal action if they dont comply. In the US I believe you have similar rights but unlike in the UK you're more willing to complain so it makes business sense here to just refund with no questions asked beyond seeing the receipt. In the UK there isnt that pressure so again they dont do more than the law requires.
      --
      I had a .sig once. It got boring.
    3. Re:The UK has less rights than the US? by thales · · Score: 3, Insightful
      An AC wrote:
      "Of course it is. That's what a (civil) right is: a constraint on other people's behavior as it relates to you. This is distinct from a liberty, which is your freedom to do various things as you please."

      Your definition of a "right" is in fact a negation of the concept of rights. just because the government abitrally gives someone a privellege and calls it a "right" dosen't make it one. 50 years ago the state I live in assigned Whites the privillege of constraning the behavior of minorities, and defended this injustice under the banner of states rights. Those laws were just a big a violation of real rights as the so called civil rights laws are.

      " We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness. --That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed"

      Notice the source of rights, "endowed by their Creator"?. It dosen't matter if you consider the "creator" to be a devine power, or natural laws, rights are NOT the creation of governments, which only exist to protect rights. The US government could no more magicly create a "right" not to be discriminated against in 1964, than the slave states could magicly create a "right" to own another human being between 1776 and 1865.

      Allowing the government to assume the power to create "rights" is very dangrous, because at the same time you are giving them the power to repeal rights, real ones like "Life, Liberty and the pursuit of Happiness" one of which you have allready claimed can be constrained by the arbitary civil "rights" created in 1964.

      --
      Quemadmodum gladius neminem occidit, occidentis telum est
  13. Crypto, who needs it? by Hornsby · · Score: 4, Funny

    Why should I need crypto when I have palladium to ensure the security of my PC anyway?

    --
    A musician without the RIAA, is like a fish without a bicycle.
  14. Germany ... by 216pi · · Score: 5, Insightful

    ... supports strong encryption for it's fellow citizens and the industry and I count Germany to the developped countries...

  15. Now just you hold on there a minute... by johnlcallaway · · Score: 5, Interesting

    Am I the only one who really read this, or did I not read it right.

    I saw places where it said "..and the police can order you to hand over your keys" or '..such and such a company has to register with the officials', but nowhere did it say '...you can't use encryption'. (I do agree that the key escrow stuff is very bad though.)

    Just like a gun, ecnryption can be used for good things (hiding my p0rn from my girlfriend), or bad (emailing terrorism plots to agents.) In this country (USA), if the police have enough evidence, they can go to a judge and get a very specific search warrant. So, if they accuse me of having illegal p0rn (instead of just the good stuff), they can search my computer till the cows come home. But if they find a terrorism plot, they can't use that information.

    To follow that point, what is wrong with issuing a search warrant and demanding that I decrypt the data?? I may not like it, especially if I'm guilty or don't want to share my p0rn, but I don't see where that is any different than letting the police go through a drug dealers house looking for drugs. Ok...there is that fifth amendment thing, so maybe a law like that couldn't even be enacted in the US.

    And so what if company X has to register with the government. They probably had to get a business permit anyway, and if they do anything novel they probably have patents. Not too many companies survive by being secret about their existance.

    So...tell me what is all the hub, bub.....

    --
    I rarely read replies, it's my opinion and if you thought about your opinion a little more, I'm OK with that.