Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symantec Restricts Crypto Export

Posted by Zonk on from the bad-old-days dept.

PhilK writes "Symantec is now refusing to sell LC5 (the Windows password cracking tool, previously from @stake) to anyone outside of the USA and Canada, claiming new Homeland Security laws. Symantec declined to field questions on the rationale for its policy and whether it applies to other products." From the article: "Symantec's restrictions recall the dark days of the crypto wars when users outside the US were not entitled to buy products featuring strong ciphers. These rules, relaxed by the Clinton administration and following a long running campaign by cryptography experts and net activists, are once again rearing their head. Symantec's response to our reader (below) suggests the policy was imposed on it by the US government."

16 of 186 comments (clear)

  1. Re:ITAR Revisited? by dada21 · · Score: 4, Insightful

    Last I recall, there are about 201 Democrats (and 1 Socialist?) in Congress. This isn't a republican versus democrat issue, this is an issue used to make both authoritarian parties in Congress more powerful, along with the Executive Branch. It is the Feds versus the States and the Feds versus the People. I wouldn't say Dubya (or Clinton or anyone else) is alone in violating the rights they're precluded from violating.

  2. Re:ITAR Revisited? by garcia · · Score: 5, Insightful

    And now, Dubya & Company want to try to restrict crypto once again. I really wish I could say I was surprised, but this is sadly a completely predictable move.

    Well, obviously because Clinton relaxed those laws the "terrorists" were able to get these products and then use them against the US! What don't you understand?!

    This strategy is doomed to failure, not only because foreign companies are perfectly able to develop their own products, but because these 'restricted' products are easily available on warez servers all over the world. If I want a copy of LC5, I can get one in less than five minutes, entirely free of charge, and I don't need to be in the U.S. to do it.

    Just like anything that we try to restrict the "terrorists" from getting their hands on. It's a losing battle but one that's not meant to do anything to stop terrorism. It's meant to control the US population.

    You might think that D&C would at least try to just keep tabs on international users of LC5 (after all, a wasp in a tent is a lot friendlier when you can see it), but instead, they choose the option to ban export, insuring that truly malicious users will stay well under the radar. Well done, George.

    It's just another way to help the trade deficit!

  3. Now... by wishbone · · Score: 5, Funny

    All your Cyphers are belong to U.S.

  4. Good News/Bad News by sunderland56 · · Score: 5, Funny

    Bad news: I can't buy a copy of LC5.

    Good news: According to another Slashdot story, I can download one for free from a French web site!!

  5. LC5 - L0phtCrack by spacerog · · Score: 5, Interesting
    It is quite a shame to think of what could have been only to see what has become.

    Yeah, I know, I'm partly at fault. Still, things could have been great.

    But hey, we were all just a bunch of FBI Snitches anyway. Which if true means that there is probably a secret back door in L0phtCrack and still in LC5 that transmits all cracked passwords direct to the FBI so that they can get into any server anywhere. Of course if that is true (and of course it is) DHS and Symantec should actively promote the use and distribution of LC5. All the more passwords they can get. Whatever.

    - Space Rogue
    L0pht Heavy Industries
    Whacked Mac Archives
    Hacker New Network
    Sell Out
    FBI Snitch

    (Pay no attention to this rambling bitter old man.)

  6. Dark days indeed. by merc · · Score: 4, Funny

    What sad times are these when passing ruffians can say 'Ni' at will to old ladies. There is a pestilence upon this land. Nothing is sacred. Even those who arrange and design cryptographic software are under considerable economic stress at this period in history.

    --
    It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
  7. Oh come on... by Noryungi · · Score: 3, Insightful

    I travel regularly between the USA and Europe... What's to prevent me from buying several copies of this tool and take them back with me to Europe? Do you think Symantec and/or the shop owner will ask me for my passport before selling me this software?

    For that matter, there is a good chance that there are mirrors and/or legal copies of this tool in Europe already. So what's the point? This type of restriction is ridiculous.

    Oh, and by the way, I have a copy of O'Reilly's 'Knoppix Hacks' on my desk somewhere. I think there is a recipe in that book to remove or replace the administrator password of a Windows machine using Knoppix. Again, what's the point behind this restriction?

    --
    The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
  8. Imposed? by HardCase · · Score: 4, Informative

    Although the Reg article claims that Symantec appears to have had the restriction imposed by the government, both Symantec and the Register seem to have things a little bit wrong.

    For starters, section 5A002 of the ECCN covers hardware. Perhaps Symantec meant section 5D002, software. 5D002.c.1 covers their situation. But the list of restricted countries hasn't changed for quite a while - it's the usual gang: Syria, North Korea, Sudan, etc. It seems to me that Symantec is being a little lazy here. Yes, they have to have an export license to sell the software outside of the US, but the restrictions aren't any more onerous than they were in 1999, when the EAR was updated to move cryptographic software from munitions to commerce.

    Oh, and this "news" is almost a month old.

    -h-

  9. Re:Time to sing... by Tackhead · · Score: 3, Insightful
    > I think as I please
    > And this gives me pleasure,
    > My conscience decrees,
    > This right I must treasure;
    > My thoughts will not cater
    > To duke or dictator,
    > No man can deny--
    > Die Gedanken sind frei!

    "The thought police would get him just the same. He had committed--would have committed, even if he had never set pen to paper--the essential crime that contained all others in itself. Thoughtcrime, they called it. Thoughtcrime was not a thing that could be concealed forever. You might dodge successfully for a while, even for years, but sooner or later they were bound to get you."

    >Are you listening, Dubya?

    "SMITH! SMITH, D.P.B., 263124! Yes, you! Bend lower, please! You can do better than that. You're not trying. Lower, please! That's better, citizen. Now stand at ease, the whole squad, and watch me... Anyone under forty-five is perfectly capable of touching his toes. We don't all have the privilege of fighting in the front line, but at least we can all keep fit. Remember our boys on the Iranian front! And the sailors in the Freedom Fortresses! Just think what they have to put up with. Now try again. That's better, citizen, that's much better"

  10. Arrogance? by Goth+Biker+Babe · · Score: 4, Interesting

    The export ban always made me laugh because it arrogantly assumed that no one outside of the US/Canada was capable of developing their own encryption technologies.

    This is something that British Secret Services have used to their advantage. Public key encryption technologies were developed at GCHQ in the early 70s but unlike the US, they didn't tell anyone until recently so they could use it without anyone knowing.

    Something similar was done with Enigma. The fact that Enigma had been cracked was kept very quiet so that Enigma machines could be sold by the Brits to foreign governments after the war and we could listen in! News that we invented the World's first electronic computer was also kept secret for the same reason.

  11. Could this law be used to stop DRM? by Comboman · · Score: 3, Interesting
    This isn't a republican versus democrat issue,... It is the Feds versus the States and the Feds versus the People. I wouldn't say Dubya (or Clinton or anyone else) is alone in violating the rights they're precluded from violating.

    True enough. After all, Clinton forced the DCMA on us; is using the law to prevent the distribution of LC5 any worse than using it to stop the distrubution of DeCSS?

    Which gives me an idea. Since most DRM schemes are essentially a form of strong encryption, could this "Homeland Security" law be used to prevent the export of media (DVDs, iTunes songs, Microsoft Reader eBooks, etc.) that are encoded with DRM? If someone manages to use this law to force media companies to sell their products unencumbered with DRM and restore fair use to consumers, then maybe it's not such a bad law after all.

    --
    Support Right To Repair Legislation.
  12. Re:ITAR Revisited? by Decius6i5 · · Score: 5, Informative
    This isn't news. When encryption software was removed from the ITAR list it was added to the Commerce Control List instead. Encryption export in the US is regulated by BIS "Dubya and Company" didn't do this. This has been the case since the Clinton years. And, no, the government isn't completely confused about the Internet, and they don't think these regulations are useless.

    Cryptoanalytic items are more strictly controlled then encryption items because the regs are immature. Few people actually make and export them, and most cryptanalytic stuff is designed for snooping on people and not protecting computer security. The regs are designed with snooping equipment in mind. I don't think Lopht Crack is the droid BIS is looking for, and I figure Symantec could probably get a license to export it if they tried. Furthermore, I figure that if you had an open source cryptanalytic program you could probably distribute it online with the same sort of TSU notification you have to do when you ship open source cryptography software. However, IANAL, so don't take my word for that...

  13. Yawn, another bullshit screed from The Register by Anonymous Coward · · Score: 4, Interesting

    The crypto regulations haven't changed since they were relaxed under Clinton. Either Symantec is just too lazy to follow the export licensing procedures which are unchanged, or they're trying to drum up interest for a faltering product by pretending that "the US government doesn't want you foreigners to have it,"or it could even be a crass political ploy to cause the usual fly-off-the-handle sorts to rant against some imagined sin of Bush.

    It's quite difficult to take The Register seriously when they post articles such as this. So many of The Register's articles are breathless screeds of the form Civil Liberties to be Abolished in the USA, Film at 11. Remember that the UK has oppressive laws (e.g., the Official Secrets Act) that make the PATRIOT Act in the USA look like a model of civil liberties protection by comparison. I wonder if The Register is secretly funded by the propaganda arms of the UK government.

  14. Re:Violation of my rights by Main+Gauche · · Score: 3, Insightful

    "I do remember 9/11. ... Afghanistan did not attack us."

    You certainly have an interesting perspective on things.

    "I don't see how one attack killing 3000 people ... should infringe on my right to trade with whomever I want"

    Yes, it's awfully convenient to partition the world into so many parts that no single thing has anything to do with another. Now back to reality: that's just not how things work. The world is a complicated place. Issues cannot always be separated from each other, and they are not simply black and white. Unfortunately, the rest of the world stereotypes my fellow Americans as seeing the world as such; and unfortunately the sterotype is too often right.

    E.g., elsewhere you wrote:
    "When we declare war against Iran, I'll accept a closing of trade. Then, and only then, will I have a concern about Iran."

    and before that (in a modded up post !?):
    "I should be able to trade with whomever I want to trade, without restrictions by the State. That's what freedom means."

    I'm sorry to point it out, but this is exactly what I am referring to. Absolutes. Black and white. "Trade if and only if no war." The world simply does not function that way.

    MG

  15. How incredibly hard it was for me to get lc5. by matthew_pang · · Score: 3, Interesting

    Hello, my name is Matthew Pang, and I live in Selangor,Malaysia.(This isnt in the U.S or canada just incase you didnt know that. 5:18pm (GMT)-Decides he wants to get lc5 (just because he saw this on /.) 5:19pm (GMT)-performs this search "http://www.torrentz.com/search_lc5_9_0_0.html" 5:20pm (GMT)-Downloads the torrent file from "http://www.seedler.org/en/iindex.x?a=info&id=1952 55" 5:21pm (GMT)-Launches Azureus and starts torrent download. 5:26pm (GMT)-Azureus completes download.Also seeing. 5:26pm (GMT)-Runs lc5 Setup 5:27pm (GMT)-lc5 setup complete,runs lc5,runs keygen and unloacks lc5 5:28pm (GMT)-Runs a dictionary attack on all password the program sniffed from the local network.Found 7 exposed accounts.2 of which are privelaged. 5:29pm (GMT)-Starts comparison against pre-computed hash tables The moral of the story: Dont restrict export.It`ll just make angry people like me run out and get it.Also making sure to save a copy to distribute to his friends.

  16. Re:Personal question for Space Rogue by drwho · · Score: 4, Insightful

    Hi Chris (Space Rogue)! and to rewt66, SR left @Stake a long time ago. He had nothing to do with Symantec.

    I think what Symantec has done to @Stake is sad, really sad. They're sitting on some really cool software technology and not doing anything with it. My guess is that the same heebie-geebies that make them do export restriction on L0phtCrack (a.k.a. LC5) are making them sit on this decompilation technology.

    I'd say that I'd like to see l0pht reborn from the ashes, but differently. Hasty Pastry is close to it, and I am glad I was able to my part and start it, and sad I couldn't afford to stay involved. But I think that more than HP is needed. Hasty Pastry is specifically non-commercial. L0pht become overly commercial. There needs to be something that's commercial but not a part of The Machine. A place where there's both money and fun. But that's not going to happen in Boston, this city has become too expensive.