Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symantec Restricts Crypto Export

Posted by Zonk on from the bad-old-days dept.

PhilK writes "Symantec is now refusing to sell LC5 (the Windows password cracking tool, previously from @stake) to anyone outside of the USA and Canada, claiming new Homeland Security laws. Symantec declined to field questions on the rationale for its policy and whether it applies to other products." From the article: "Symantec's restrictions recall the dark days of the crypto wars when users outside the US were not entitled to buy products featuring strong ciphers. These rules, relaxed by the Clinton administration and following a long running campaign by cryptography experts and net activists, are once again rearing their head. Symantec's response to our reader (below) suggests the policy was imposed on it by the US government."

11 of 186 comments (clear)

  1. Re:ITAR Revisited? by dada21 · · Score: 4, Insightful

    Last I recall, there are about 201 Democrats (and 1 Socialist?) in Congress. This isn't a republican versus democrat issue, this is an issue used to make both authoritarian parties in Congress more powerful, along with the Executive Branch. It is the Feds versus the States and the Feds versus the People. I wouldn't say Dubya (or Clinton or anyone else) is alone in violating the rights they're precluded from violating.

  2. Re:ITAR Revisited? by garcia · · Score: 5, Insightful

    And now, Dubya & Company want to try to restrict crypto once again. I really wish I could say I was surprised, but this is sadly a completely predictable move.

    Well, obviously because Clinton relaxed those laws the "terrorists" were able to get these products and then use them against the US! What don't you understand?!

    This strategy is doomed to failure, not only because foreign companies are perfectly able to develop their own products, but because these 'restricted' products are easily available on warez servers all over the world. If I want a copy of LC5, I can get one in less than five minutes, entirely free of charge, and I don't need to be in the U.S. to do it.

    Just like anything that we try to restrict the "terrorists" from getting their hands on. It's a losing battle but one that's not meant to do anything to stop terrorism. It's meant to control the US population.

    You might think that D&C would at least try to just keep tabs on international users of LC5 (after all, a wasp in a tent is a lot friendlier when you can see it), but instead, they choose the option to ban export, insuring that truly malicious users will stay well under the radar. Well done, George.

    It's just another way to help the trade deficit!

  3. Now... by wishbone · · Score: 5, Funny

    All your Cyphers are belong to U.S.

  4. Good News/Bad News by sunderland56 · · Score: 5, Funny

    Bad news: I can't buy a copy of LC5.

    Good news: According to another Slashdot story, I can download one for free from a French web site!!

  5. LC5 - L0phtCrack by spacerog · · Score: 5, Interesting
    It is quite a shame to think of what could have been only to see what has become.

    Yeah, I know, I'm partly at fault. Still, things could have been great.

    But hey, we were all just a bunch of FBI Snitches anyway. Which if true means that there is probably a secret back door in L0phtCrack and still in LC5 that transmits all cracked passwords direct to the FBI so that they can get into any server anywhere. Of course if that is true (and of course it is) DHS and Symantec should actively promote the use and distribution of LC5. All the more passwords they can get. Whatever.

    - Space Rogue
    L0pht Heavy Industries
    Whacked Mac Archives
    Hacker New Network
    Sell Out
    FBI Snitch

    (Pay no attention to this rambling bitter old man.)

  6. Dark days indeed. by merc · · Score: 4, Funny

    What sad times are these when passing ruffians can say 'Ni' at will to old ladies. There is a pestilence upon this land. Nothing is sacred. Even those who arrange and design cryptographic software are under considerable economic stress at this period in history.

    --
    It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
  7. Imposed? by HardCase · · Score: 4, Informative

    Although the Reg article claims that Symantec appears to have had the restriction imposed by the government, both Symantec and the Register seem to have things a little bit wrong.

    For starters, section 5A002 of the ECCN covers hardware. Perhaps Symantec meant section 5D002, software. 5D002.c.1 covers their situation. But the list of restricted countries hasn't changed for quite a while - it's the usual gang: Syria, North Korea, Sudan, etc. It seems to me that Symantec is being a little lazy here. Yes, they have to have an export license to sell the software outside of the US, but the restrictions aren't any more onerous than they were in 1999, when the EAR was updated to move cryptographic software from munitions to commerce.

    Oh, and this "news" is almost a month old.

    -h-

  8. Arrogance? by Goth+Biker+Babe · · Score: 4, Interesting

    The export ban always made me laugh because it arrogantly assumed that no one outside of the US/Canada was capable of developing their own encryption technologies.

    This is something that British Secret Services have used to their advantage. Public key encryption technologies were developed at GCHQ in the early 70s but unlike the US, they didn't tell anyone until recently so they could use it without anyone knowing.

    Something similar was done with Enigma. The fact that Enigma had been cracked was kept very quiet so that Enigma machines could be sold by the Brits to foreign governments after the war and we could listen in! News that we invented the World's first electronic computer was also kept secret for the same reason.

  9. Re:ITAR Revisited? by Decius6i5 · · Score: 5, Informative
    This isn't news. When encryption software was removed from the ITAR list it was added to the Commerce Control List instead. Encryption export in the US is regulated by BIS "Dubya and Company" didn't do this. This has been the case since the Clinton years. And, no, the government isn't completely confused about the Internet, and they don't think these regulations are useless.

    Cryptoanalytic items are more strictly controlled then encryption items because the regs are immature. Few people actually make and export them, and most cryptanalytic stuff is designed for snooping on people and not protecting computer security. The regs are designed with snooping equipment in mind. I don't think Lopht Crack is the droid BIS is looking for, and I figure Symantec could probably get a license to export it if they tried. Furthermore, I figure that if you had an open source cryptanalytic program you could probably distribute it online with the same sort of TSU notification you have to do when you ship open source cryptography software. However, IANAL, so don't take my word for that...

  10. Yawn, another bullshit screed from The Register by Anonymous Coward · · Score: 4, Interesting

    The crypto regulations haven't changed since they were relaxed under Clinton. Either Symantec is just too lazy to follow the export licensing procedures which are unchanged, or they're trying to drum up interest for a faltering product by pretending that "the US government doesn't want you foreigners to have it,"or it could even be a crass political ploy to cause the usual fly-off-the-handle sorts to rant against some imagined sin of Bush.

    It's quite difficult to take The Register seriously when they post articles such as this. So many of The Register's articles are breathless screeds of the form Civil Liberties to be Abolished in the USA, Film at 11. Remember that the UK has oppressive laws (e.g., the Official Secrets Act) that make the PATRIOT Act in the USA look like a model of civil liberties protection by comparison. I wonder if The Register is secretly funded by the propaganda arms of the UK government.

  11. Re:Personal question for Space Rogue by drwho · · Score: 4, Insightful

    Hi Chris (Space Rogue)! and to rewt66, SR left @Stake a long time ago. He had nothing to do with Symantec.

    I think what Symantec has done to @Stake is sad, really sad. They're sitting on some really cool software technology and not doing anything with it. My guess is that the same heebie-geebies that make them do export restriction on L0phtCrack (a.k.a. LC5) are making them sit on this decompilation technology.

    I'd say that I'd like to see l0pht reborn from the ashes, but differently. Hasty Pastry is close to it, and I am glad I was able to my part and start it, and sad I couldn't afford to stay involved. But I think that more than HP is needed. Hasty Pastry is specifically non-commercial. L0pht become overly commercial. There needs to be something that's commercial but not a part of The Machine. A place where there's both money and fun. But that's not going to happen in Boston, this city has become too expensive.