Slashdot Mirror
Symantec Restricts Crypto Export
PhilK writes "Symantec is now refusing to sell LC5 (the Windows password cracking tool, previously from @stake) to anyone outside of the USA and Canada, claiming new Homeland Security laws. Symantec declined to field questions on the rationale for its policy and whether it applies to other products." From the article: "Symantec's restrictions recall the dark days of the crypto wars when users outside the US were not entitled to buy products featuring strong ciphers. These rules, relaxed by the Clinton administration and following a long running campaign by cryptography experts and net activists, are once again rearing their head. Symantec's response to our reader (below) suggests the policy was imposed on it by the US government."
Back in the day, crypto was classified as munitions under ITAR. This restriction was lifted principally because some smart eggs figured out that since the U.S. doesn't have a monopoly on math (no matter how much they might wish that to be the case), foreign countries could develop their own algorithms, so all the U.S was doing was shooting themselves in the foot by restricting what they could do in the international market.
And now, Dubya & Company want to try to restrict crypto once again. I really wish I could say I was surprised, but this is sadly a completely predictable move.
This strategy is doomed to failure, not only because foreign companies are perfectly able to develop their own products, but because these 'restricted' products are easily available on warez servers all over the world. If I want a copy of LC5, I can get one in less than five minutes, entirely free of charge, and I don't need to be in the U.S. to do it.
You might think that D&C would at least try to just keep tabs on international users of LC5 (after all, a wasp in a tent is a lot friendlier when you can see it), but instead, they choose the option to ban export, insuring that truly malicious users will stay well under the radar. Well done, George.
____
~ |rip/\/\aster /\/\onkey
All your Cyphers are belong to U.S.
Bad news: I can't buy a copy of LC5.
Good news: According to another Slashdot story, I can download one for free from a French web site!!
Nobody would be stupid enough to think it is possible to keep a commercial product out of foreign hands. Maybe making it illegal to export this product is just a way to provide an excuse for search/wiretap warrants.
Since I think the administration is at least semi-intelligent, I am looking for the ulterior motive.
Your song sounds subversive. Your name has been added to the aviation watch list. Have a nice day, citizen.
Real Daleks don't climb stairs - they level the building.
Or do you somehow believe people be able to send munitions plans to Iran in the name of free speech?
I do. I should be able to trade with whomever I want to trade, without restrictions by the State. That's what freedom means. If we had open trade and didn't stick our noses in other countries' business, we wouldn't be living under fear of restribution.
Nonetheless, I do believe that the Feds can restrict trade by declaring war. They didn't declare war on Iran, or Iraq or Afghanistan or Bosnia or Vietnam, so trading with those people is fine.
Speech is not just words out of your mouth, speech and expression is everything you do -- how you express yourself. I should be able to express my favorite political candidate in an unlimited way with my words, my voice and my money. I should be able to burn flags, dance, and even wear a dress if I want to. That is what freedom is about.
What does freedom mean to you?
hey, the government is just worried that scary e-terrorists that don't know how to download the software for free will break into the dept. of homeland security and compromise the sensitive windows 95 network they've got running.... i, for one, feel safer already.
Yeah, I know, I'm partly at fault. Still, things could have been great.
But hey, we were all just a bunch of FBI Snitches anyway. Which if true means that there is probably a secret back door in L0phtCrack and still in LC5 that transmits all cracked passwords direct to the FBI so that they can get into any server anywhere. Of course if that is true (and of course it is) DHS and Symantec should actively promote the use and distribution of LC5. All the more passwords they can get. Whatever.
- Space Rogue
L0pht Heavy Industries
Whacked Mac Archives
Hacker New Network
Sell Out
FBI Snitch
(Pay no attention to this rambling bitter old man.)
What sad times are these when passing ruffians can say 'Ni' at will to old ladies. There is a pestilence upon this land. Nothing is sacred. Even those who arrange and design cryptographic software are under considerable economic stress at this period in history.
It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
http://rainbowtables.shmoo.com.nyud.net:8090/
Bittorrent to Download.
FYI
Alpha-Numeric and 14 Symbols = 11 GB
All Characters and the Space Character = 43 GB
It helps if you have enough RAM to load each 700MB section of table into memory. The longest part of this process (for me) is waiting for my puter to finish reading the tables off the DVD I burnt them too.
BTW- If something is illegal for export, that means the only people who will get in trouble are the exporters, not the people 'illegally' obtaining software.
Hell, if it's illegal to export something, is there any reason to buy it? If you don't do business in/with the U.S or Canada, what is the gov't/company going to do if you pirate unexportable software? Sue you for violating their copyright?
[Fuck Beta]
o0t!
I travel regularly between the USA and Europe... What's to prevent me from buying several copies of this tool and take them back with me to Europe? Do you think Symantec and/or the shop owner will ask me for my passport before selling me this software?
For that matter, there is a good chance that there are mirrors and/or legal copies of this tool in Europe already. So what's the point? This type of restriction is ridiculous.
Oh, and by the way, I have a copy of O'Reilly's 'Knoppix Hacks' on my desk somewhere. I think there is a recipe in that book to remove or replace the administrator password of a Windows machine using Knoppix. Again, what's the point behind this restriction?
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
"Back in the day, crypto was classified as munitions under ITAR."
It still IS controlled (US Department of Commerce) and has been for a while; check your facts.
"foreign companies are perfectly able to develop their own products"
That is not the point. The point is that you don't want US companies AIDING foreign companies in creating cryptography systems to which the details are not known. Yes, I know, the strength of crypto lies in the mathematics not how it is done (read source); but having the algorithm details is also important.
Although the Reg article claims that Symantec appears to have had the restriction imposed by the government, both Symantec and the Register seem to have things a little bit wrong.
For starters, section 5A002 of the ECCN covers hardware. Perhaps Symantec meant section 5D002, software. 5D002.c.1 covers their situation. But the list of restricted countries hasn't changed for quite a while - it's the usual gang: Syria, North Korea, Sudan, etc. It seems to me that Symantec is being a little lazy here. Yes, they have to have an export license to sell the software outside of the US, but the restrictions aren't any more onerous than they were in 1999, when the EAR was updated to move cryptographic software from munitions to commerce.
Oh, and this "news" is almost a month old.
-h-
> And this gives me pleasure,
> My conscience decrees,
> This right I must treasure;
> My thoughts will not cater
> To duke or dictator,
> No man can deny--
> Die Gedanken sind frei!
"The thought police would get him just the same. He had committed--would have committed, even if he had never set pen to paper--the essential crime that contained all others in itself. Thoughtcrime, they called it. Thoughtcrime was not a thing that could be concealed forever. You might dodge successfully for a while, even for years, but sooner or later they were bound to get you."
>Are you listening, Dubya?
"SMITH! SMITH, D.P.B., 263124! Yes, you! Bend lower, please! You can do better than that. You're not trying. Lower, please! That's better, citizen. Now stand at ease, the whole squad, and watch me... Anyone under forty-five is perfectly capable of touching his toes. We don't all have the privilege of fighting in the front line, but at least we can all keep fit. Remember our boys on the Iranian front! And the sailors in the Freedom Fortresses! Just think what they have to put up with. Now try again. That's better, citizen, that's much better"
There is a way for it to be put on /. without going through the front page?
...
The export ban always made me laugh because it arrogantly assumed that no one outside of the US/Canada was capable of developing their own encryption technologies.
This is something that British Secret Services have used to their advantage. Public key encryption technologies were developed at GCHQ in the early 70s but unlike the US, they didn't tell anyone until recently so they could use it without anyone knowing.
Something similar was done with Enigma. The fact that Enigma had been cracked was kept very quiet so that Enigma machines could be sold by the Brits to foreign governments after the war and we could listen in! News that we invented the World's first electronic computer was also kept secret for the same reason.
Your definition of speech is somewhat all-encompassing. If I were to want to "express" myself by taking pictures of naked children (without their knowledge, perhaps) and display them on billboards throughout the country your argument would permit that. You base your argument on some sort of arbitrary freedom that you think you have as a member of this country. Nowhere in the Constitution are you granted that freedom.
In fact, the Commerce clause gives Congress the right (and the power) to regulate commerce with foreign nations and between states. Your hypothetical trade of arms with Iran is commerce with a foreign nation, and the Congress has every right to regulate that commerce. You cannot argue reasonably for unrestricted and unregulated trade without also arguing that the Constitution is void, because the Constitution clearly gives Congress the right to regulate trade. I also happen to know that you do believe that the Constitution is void, because you mentioned on your blog (http://anarcap.blogspot.com/) that you were burning your "Cato pocket Constitution" and replacing it "with a real pro-freedom guide: Champions of Freedom from the Mises Institute."
Coming from that standpoint, your posturing is contradictory because you believe the government can restrict trade during time of war, but that the government itself is based upon a void document and doesn't have any power at all. So which is it? Do you believe the government can restrict trade during war, which means they can restrict trade at any time, or do you believe the government shouldn't even exist?
*"this" being the United States.
Men occasionally stumble over the truth, but most of them pick themselves up and hurry off as if nothing ever happened.
stable, horse, bolted and door
Q. make a familiar phrase out of the above
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
A. Closing the stable door after the horse has bolted
I'm surprised with your oversimplification of the concept of freedom. Saying we can form a militia to protect ourselves is irresponsible. One of the historical reasons for government is to protect its citizens from enemies both forgein and domestic.
I agree with you! A militia is a great way to keep our people strong and able. A militia prevents us from running around the globe trying to instill through force a system that came through voluntary cooperation (over time). Government is supposed to defend our borders, yes, but they're doing the opposite -- they're attacking hundreds of countries (TODAY) and the People are hated all over the world.
I would argue that declaring math of any kind as a munition is silly, but your argument about that government doesn't have an obligation to try to protect us against dangerous information being transferred is equally irrational.
This is the slippery slope towards censorship and tyranny. Once information is printed on paper and in the eyes of a few dozen people, consider it not top secret any longer. In fact, I believe that our government should be 100% transparent to the People, and this means having NO secrets in government. Our most secret weapons have fallen into the hands of enemies through our government's backdoor deals. Remember Iran-Contra? Remember Afghanistan-Russia? We did that, our government, us. It is fair for a government of the People to trade with the enemy, but not the People? Huh?
By your standard, it would be okay to give information to a foreign entity that has openly declared hostilities against the United States. I encourage you to continue to fight for freedom, but doing so blindly, without considering the complexities of an international community is damaging to the cause of freedom
The foreign entity hates us for our actions against people they are aligned with. I would expect no less.
I do business all over the world, and am starting a business in Dubai and in Eastern Europe. These "enemies" don't hate freedom or Christians or MTV, they hate the hundreds of thousands, maybe millions, of murders we committed in the name of our People. If you've never BEEN to the Middle East or Eastern Europe, don't even start with an opinion that isn't based on facts.
True enough. After all, Clinton forced the DCMA on us; is using the law to prevent the distribution of LC5 any worse than using it to stop the distrubution of DeCSS?
Which gives me an idea. Since most DRM schemes are essentially a form of strong encryption, could this "Homeland Security" law be used to prevent the export of media (DVDs, iTunes songs, Microsoft Reader eBooks, etc.) that are encoded with DRM? If someone manages to use this law to force media companies to sell their products unencumbered with DRM and restore fair use to consumers, then maybe it's not such a bad law after all.
Support Right To Repair Legislation.
The crypto regulations haven't changed since they were relaxed under Clinton. Either Symantec is just too lazy to follow the export licensing procedures which are unchanged, or they're trying to drum up interest for a faltering product by pretending that "the US government doesn't want you foreigners to have it,"or it could even be a crass political ploy to cause the usual fly-off-the-handle sorts to rant against some imagined sin of Bush.
It's quite difficult to take The Register seriously when they post articles such as this. So many of The Register's articles are breathless screeds of the form Civil Liberties to be Abolished in the USA, Film at 11. Remember that the UK has oppressive laws (e.g., the Official Secrets Act) that make the PATRIOT Act in the USA look like a model of civil liberties protection by comparison. I wonder if The Register is secretly funded by the propaganda arms of the UK government.
Your definition of speech is somewhat all-encompassing. If I were to want to "express" myself by taking pictures of naked children (without their knowledge, perhaps) and display them on billboards throughout the country your argument would permit that. You base your argument on some sort of arbitrary freedom that you think you have as a member of this country. Nowhere in the Constitution are you granted that freedom.
:) In the Constitution, a property owner DOES have the right to take pictures of anyone on that property without warning. See the 9th and 10th Amendments.
:)
You picked one of maybe 5 places where I don't have a good response -- yet. I do believe that if you are taking secret pictures of naked children on your property, you likely DO own the right to those pictures. In my free market utopia (note that I don't believe in utopias), I would have to say that I would not take my children onto anyone's property without an agreement that they won't be taking private video, pictures or record our conversations. I understand that this isn't a perfect reply, but the naked children picture taking debate comes up SO OFTEN that I continue to work on my reply
In fact, the Commerce clause gives Congress the right (and the power) to regulate commerce with foreign nations and between states
Wrong. The Commerce clause was written specifically to prevent the individual states from restricting trade. The original founders never intended Congress to restrict trade -- in fact, most of them actually said that we should never have alliances or entanglements with other countries. Trade with all, prosper with all. The Commerce clause is badly abused.
I also happen to know that you do believe that the Constitution is void, because you mentioned on your blog (http://anarcap.blogspot.com/) that you were burning your "Cato pocket Constitution" and replacing it "with a real pro-freedom guide: Champions of Freedom from the Mises Institute
I'm pro-Constitution, actually, but I am anti-State. I made that comment because Cato aligns themselves with the Constitution on their face, but behind your back they attack it at ever chance they get, it seems. A Constitution published by Cato is worthless, in my opinion, unless that Constitution is upheld as the true letter of the law for government.
Coming from that standpoint, your posturing is contradictory because you believe the government can restrict trade during time of war, but that the government itself is based upon a void document and doesn't have any power at all. So which is it? Do you believe the government can restrict trade during war, which means they can restrict trade at any time, or do you believe the government shouldn't even exist?
You are 100% correct -- in some posts I actually will say (and the end) that I don't believe in the State and am only posturing for those who do.
If our citizens want a Constitutional government, they should stick to it, and I will listen. If they don't want one, I will live outside of the law and outside of their rules. The citizens need to make a decision, so I know how to live, but they can't.
I will never accept a government that fights undeclared wars. If we could agree to a truly Constitutionally-limited government, I WILL accept a government that defers to the minority decision of an individual except when that individual commits an act of physical force against another person, or violates a contract.
Sorry for the confusion, thanks for holding me to my beliefs
"I do remember 9/11. ... Afghanistan did not attack us."
... should infringe on my right to trade with whomever I want"
You certainly have an interesting perspective on things.
"I don't see how one attack killing 3000 people
Yes, it's awfully convenient to partition the world into so many parts that no single thing has anything to do with another. Now back to reality: that's just not how things work. The world is a complicated place. Issues cannot always be separated from each other, and they are not simply black and white. Unfortunately, the rest of the world stereotypes my fellow Americans as seeing the world as such; and unfortunately the sterotype is too often right.
E.g., elsewhere you wrote:
"When we declare war against Iran, I'll accept a closing of trade. Then, and only then, will I have a concern about Iran."
and before that (in a modded up post !?):
"I should be able to trade with whomever I want to trade, without restrictions by the State. That's what freedom means."
I'm sorry to point it out, but this is exactly what I am referring to. Absolutes. Black and white. "Trade if and only if no war." The world simply does not function that way.
MG
Hello, my name is Matthew Pang, and I live in Selangor,Malaysia.(This isnt in the U.S or canada just incase you didnt know that. 5:18pm (GMT)-Decides he wants to get lc5 (just because he saw this on /.)
5:19pm (GMT)-performs this search "http://www.torrentz.com/search_lc5_9_0_0.html"
5:20pm (GMT)-Downloads the torrent file from "http://www.seedler.org/en/iindex.x?a=info&id=1952 55"
5:21pm (GMT)-Launches Azureus and starts torrent download.
5:26pm (GMT)-Azureus completes download.Also seeing.
5:26pm (GMT)-Runs lc5 Setup
5:27pm (GMT)-lc5 setup complete,runs lc5,runs keygen and unloacks lc5
5:28pm (GMT)-Runs a dictionary attack on all password the program sniffed from the local network.Found 7 exposed accounts.2 of which are privelaged.
5:29pm (GMT)-Starts comparison against pre-computed hash tables
The moral of the story: Dont restrict export.It`ll just make angry people like me run out and get it.Also making sure to save a copy to distribute to his friends.
Here is something really funny for you: I also travel with several CDs (music and/or data) in my luggage. I have never been stopped, not just once, by the US customs.
;-)
I mean, seriously, what's to prevent me from slipping the Symantec CD-ROM in a little Case Logic CD folder, among dozens of other CDs? Do you really think the customs officer are going to check me? Do you think they are going to review each and every CD in my little folder, looking for the illegal-to-export LC5 CD? (short answer: NO).
What about copying an image of the CD on the hard disk of my laptop? Sure, they check laptops, but only to make sure that this is really a computer and not a disguised bomb.
Of course, if the NSA (hi, guys, and thanks for reading this!) decides I am an international terrorist, I am in trouble the next time I set foot in the USA. But I think right now, they are too busy spying on US citizens to bother with me...
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
Hi Chris (Space Rogue)! and to rewt66, SR left @Stake a long time ago. He had nothing to do with Symantec.
I think what Symantec has done to @Stake is sad, really sad. They're sitting on some really cool software technology and not doing anything with it. My guess is that the same heebie-geebies that make them do export restriction on L0phtCrack (a.k.a. LC5) are making them sit on this decompilation technology.
I'd say that I'd like to see l0pht reborn from the ashes, but differently. Hasty Pastry is close to it, and I am glad I was able to my part and start it, and sad I couldn't afford to stay involved. But I think that more than HP is needed. Hasty Pastry is specifically non-commercial. L0pht become overly commercial. There needs to be something that's commercial but not a part of The Machine. A place where there's both money and fun. But that's not going to happen in Boston, this city has become too expensive.
OK, so this is a US law, but the product is available in Canada. So what about Canadian resells? How about me as a user. I could buy the software, and then resell it to somebody in another country. EULA preventing that... how about if I leave the shrink-wrap on, then I haven't agreed to anything.
Not that such laws would actually have a snowball's chance in hell of preventing this software from reaching other countries, but I do wonder when the US includes Canada in their private little party whether or not they expect us to play with their rulebook.
Both.
I wasn't around when @Stake was bought by Symatec. I was around for L0pht's sell-out to @Stake.
There were two issues back then, one we were greedy, we all were. We all saw $$ signs and ran towards them. However it wasn't just the money (Which really there wasn't that much of but some of us got more than others.) We had grand visions, "Make a dent in the Universe" and all that. We were niave and believed them. It took me a few months to see the writing on the wall, then HNN got canned and I saw the @Snake for what it was.
I sit here and wonder what could have been. At the time L0phT was pretty much self sufficient and growing. But I hvae no one but myself to blame, well for most stuff. Ah, well, like I said nothing but the memories of a bitter old man.
- SR
A violation of "freedom of speech" would be the feds telling Symantec that they cant create the software in the first place. Restricting where they sell it is not. The first Amendment only guarantees freedom to create speech/expression, not an audience for said expression. By your theory, do you think that porn not being sold to minors is a violation of the publisher's free speech "rights"?