Slashdot Mirror
Symantec Restricts Crypto Export
PhilK writes "Symantec is now refusing to sell LC5 (the Windows password cracking tool, previously from @stake) to anyone outside of the USA and Canada, claiming new Homeland Security laws. Symantec declined to field questions on the rationale for its policy and whether it applies to other products." From the article: "Symantec's restrictions recall the dark days of the crypto wars when users outside the US were not entitled to buy products featuring strong ciphers. These rules, relaxed by the Clinton administration and following a long running campaign by cryptography experts and net activists, are once again rearing their head. Symantec's response to our reader (below) suggests the policy was imposed on it by the US government."
Back in the day, crypto was classified as munitions under ITAR. This restriction was lifted principally because some smart eggs figured out that since the U.S. doesn't have a monopoly on math (no matter how much they might wish that to be the case), foreign countries could develop their own algorithms, so all the U.S was doing was shooting themselves in the foot by restricting what they could do in the international market.
And now, Dubya & Company want to try to restrict crypto once again. I really wish I could say I was surprised, but this is sadly a completely predictable move.
This strategy is doomed to failure, not only because foreign companies are perfectly able to develop their own products, but because these 'restricted' products are easily available on warez servers all over the world. If I want a copy of LC5, I can get one in less than five minutes, entirely free of charge, and I don't need to be in the U.S. to do it.
You might think that D&C would at least try to just keep tabs on international users of LC5 (after all, a wasp in a tent is a lot friendlier when you can see it), but instead, they choose the option to ban export, insuring that truly malicious users will stay well under the radar. Well done, George.
____
~ |rip/\/\aster /\/\onkey
I can't believe that few people see the flagrant violation of the 1st amendment in restricting expression and speech when government prevents code from crossing borders. Even without looking into COnstitutionally protected actions, why do you allow your government to make these victimless-crime laws? You can't stop code from crossing borders (not even in China). If the code does leave this country, it has hurt no one in the process. If some madman uses a Windows password cracking tool to steal a password and hurt someone, it is called trespass and there are already laws governing it.
Anyone still supporting the two big parties in this country is continuing to get what they deserve, I believe. There is no slippery slope of tyranny anymore, they're over the cliff and falling straight down.
I travel regularly between the USA and Europe... What's to prevent me from buying several copies of this tool and take them back with me to Europe? Do you think Symantec and/or the shop owner will ask me for my passport before selling me this software?
For that matter, there is a good chance that there are mirrors and/or legal copies of this tool in Europe already. So what's the point? This type of restriction is ridiculous.
Oh, and by the way, I have a copy of O'Reilly's 'Knoppix Hacks' on my desk somewhere. I think there is a recipe in that book to remove or replace the administrator password of a Windows machine using Knoppix. Again, what's the point behind this restriction?
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
> And this gives me pleasure,
> My conscience decrees,
> This right I must treasure;
> My thoughts will not cater
> To duke or dictator,
> No man can deny--
> Die Gedanken sind frei!
"The thought police would get him just the same. He had committed--would have committed, even if he had never set pen to paper--the essential crime that contained all others in itself. Thoughtcrime, they called it. Thoughtcrime was not a thing that could be concealed forever. You might dodge successfully for a while, even for years, but sooner or later they were bound to get you."
>Are you listening, Dubya?
"SMITH! SMITH, D.P.B., 263124! Yes, you! Bend lower, please! You can do better than that. You're not trying. Lower, please! That's better, citizen. Now stand at ease, the whole squad, and watch me... Anyone under forty-five is perfectly capable of touching his toes. We don't all have the privilege of fighting in the front line, but at least we can all keep fit. Remember our boys on the Iranian front! And the sailors in the Freedom Fortresses! Just think what they have to put up with. Now try again. That's better, citizen, that's much better"
Hi Chris (Space Rogue)! and to rewt66, SR left @Stake a long time ago. He had nothing to do with Symantec.
I think what Symantec has done to @Stake is sad, really sad. They're sitting on some really cool software technology and not doing anything with it. My guess is that the same heebie-geebies that make them do export restriction on L0phtCrack (a.k.a. LC5) are making them sit on this decompilation technology.
I'd say that I'd like to see l0pht reborn from the ashes, but differently. Hasty Pastry is close to it, and I am glad I was able to my part and start it, and sad I couldn't afford to stay involved. But I think that more than HP is needed. Hasty Pastry is specifically non-commercial. L0pht become overly commercial. There needs to be something that's commercial but not a part of The Machine. A place where there's both money and fun. But that's not going to happen in Boston, this city has become too expensive.