Slashdot Mirror
Symantec Restricts Crypto Export
PhilK writes "Symantec is now refusing to sell LC5 (the Windows password cracking tool, previously from @stake) to anyone outside of the USA and Canada, claiming new Homeland Security laws. Symantec declined to field questions on the rationale for its policy and whether it applies to other products." From the article: "Symantec's restrictions recall the dark days of the crypto wars when users outside the US were not entitled to buy products featuring strong ciphers. These rules, relaxed by the Clinton administration and following a long running campaign by cryptography experts and net activists, are once again rearing their head. Symantec's response to our reader (below) suggests the policy was imposed on it by the US government."
And now, Dubya & Company want to try to restrict crypto once again. I really wish I could say I was surprised, but this is sadly a completely predictable move.
Well, obviously because Clinton relaxed those laws the "terrorists" were able to get these products and then use them against the US! What don't you understand?!
This strategy is doomed to failure, not only because foreign companies are perfectly able to develop their own products, but because these 'restricted' products are easily available on warez servers all over the world. If I want a copy of LC5, I can get one in less than five minutes, entirely free of charge, and I don't need to be in the U.S. to do it.
Just like anything that we try to restrict the "terrorists" from getting their hands on. It's a losing battle but one that's not meant to do anything to stop terrorism. It's meant to control the US population.
You might think that D&C would at least try to just keep tabs on international users of LC5 (after all, a wasp in a tent is a lot friendlier when you can see it), but instead, they choose the option to ban export, insuring that truly malicious users will stay well under the radar. Well done, George.
It's just another way to help the trade deficit!
All your Cyphers are belong to U.S.
Bad news: I can't buy a copy of LC5.
Good news: According to another Slashdot story, I can download one for free from a French web site!!
Yeah, I know, I'm partly at fault. Still, things could have been great.
But hey, we were all just a bunch of FBI Snitches anyway. Which if true means that there is probably a secret back door in L0phtCrack and still in LC5 that transmits all cracked passwords direct to the FBI so that they can get into any server anywhere. Of course if that is true (and of course it is) DHS and Symantec should actively promote the use and distribution of LC5. All the more passwords they can get. Whatever.
- Space Rogue
L0pht Heavy Industries
Whacked Mac Archives
Hacker New Network
Sell Out
FBI Snitch
(Pay no attention to this rambling bitter old man.)
Cryptoanalytic items are more strictly controlled then encryption items because the regs are immature. Few people actually make and export them, and most cryptanalytic stuff is designed for snooping on people and not protecting computer security. The regs are designed with snooping equipment in mind. I don't think Lopht Crack is the droid BIS is looking for, and I figure Symantec could probably get a license to export it if they tried. Furthermore, I figure that if you had an open source cryptanalytic program you could probably distribute it online with the same sort of TSU notification you have to do when you ship open source cryptography software. However, IANAL, so don't take my word for that...