Slashdot Mirror
US Encryption Ban Would Only Send the Market Overseas (dailydot.com)
Patrick O'Neill writes: As U.S. legislatures posture toward legally mandating backdoored encryption, a new Harvard study suggests that a ban would push the market overseas because most encryption products come from over non-U.S. tech companies. "Cryptography is very much a worldwide academic discipline, as evidenced by the quantity and quality of research papers and academic conferences from countries other than the U.S.," the researchers wrote.
We have pushed many of our industries overseas again and again with heavy government regulations. While OSHA, workers comp, EPA, etc. minimum wage, etc. laws and regulations may have some sense, we have to realize that these same laws also reduce employment and push industries overseas and make many of our overseas competitors more competitive. If we could create a 100% safe society through passing safety and employment laws we may have to satisfy ourselves with 100% unemployment as well.
You would have thought that our government would have learned when they attempted to ban PGP, decades ago.
For those of you who don't remember, the software got classified as a munition, people who sold it could be arrested as arms trafficers. Downloads instantly moved from US servers to those in Finland (and elsewhere) and the end result was a big spectacular nothing.
Calmer heads prevailed, in the long run.
The technology is out there, the knowledge of how to do encryption is impossible to stuff back into the bottle.
Don't take life too seriously; it isn't permanent.
I feel there should be a massive public backlash against this. The line between reading all encrypted data (never mind the inevitable security catastrophe of building in backdoors to encryption - making it no longer encryption at all, really) and reading people's minds to know their every thought is very thin. Our government would love to do the latter. Our populace seems indifferent to both. Time to move somewhere else maybe. But what country actually provides more than the illusion of liberty and privacy?
Cryptography is, ultimately, mathematics.
People who want to poke holes in crypto fundamentally don't understand that the math is out there for all to see.
So, flash back .. what, 20 years? When the US treated crypto as munitions and you couldn't export it. Now the US wants to break it, control it, and regulate it. And if people shift to other technologies, the US will be left with nothing but wishful thinking, and crypto they can't do anything with.
Indeed, wait for the marketing glossy to say "now, 100% American spying free!!!"
Oddly enough, if you make yourselves untrustworthy, nobody will trust you.
The people who want to spy on everybody don't understand this fact. You can't keep the benefits of crypto if you've ruined it. And trusting the spies will be the only ones who have broken into your stuff is utterly moronic.
The heads of these spy agencies are too ill-informed about the technology to understand the stupidity of what they say. All they see is a need for nobody to have any secrets from them -- and to them, a big fuck you.
Lost at C:>. Found at C.
These guys are morons.
We pushed crypto development to South Africa for FreeBSD back in the early 1990's to get around ITAR restrictions: "you can import, but you can't export".
We will happily route around this brain damage, too.
P.S.: The way to get better cryptographers in other countries is to make cryptographers criminals in the U.S.; obviously, it will not do fuck all to actually stop cryptography from happening, it'll just be that our people end up being shit at it compared to their people.
See I remember this shit. My very first exposure to any kind of encryption at all involved finding out about PGP and wanting to try to port it to my system.
Multiple versions of the same library? why? They didn't DO anything different at all, just one was produced in the US and one outside so nobody had to go to prison for sharing well understood fucking math with people who already knew it.
Politicians are fucking neanderthal pinheads. Let them make their laws, they will do nothing but make laughing stocks of themselves....AGAIN.
"I opened my eyes, and everything went dark again"
Sounds to me there will still be one company or 2 left for the DoD to request services to (for billions of dollars of course). Then they'll just force every US company to us that encryption instead of foreign tech for most stuff that needs to go to/from a citizen-bound device. Seems to be somebody is gonna get very rich, and everyone will be very secure from everyone else but the government itself.
What I believe is more effective at convincing them is to point out that even if banning strong encryption genuinely made law enforcement's job easier in absolutely every way they expect it to, if law enforcement can read your confidential data, however benign they might claim to be, then potentially, so could someone else.... someone with less benevolent intentions, and law enforcement would actually be *further* burdened with the task of keeping those who are innocent protected from predatory criminals who would seek to exploit the now weaker security systems that everyone is supposed to use, as mandated by law. The net effect is that the law enforcement has *more* work to do... not less, and the general public's safety is weakened, not improved. The only ones that can possibly come out ahead in the game are those who break the law.
File under 'M' for 'Manic ranting'
We have pushed many of our industries overseas again and again with heavy government regulations. While OSHA, workers comp, EPA, etc. minimum wage, etc. laws and regulations may have some sense, we have to realize that these same laws also reduce employment and push industries overseas
No they don't. So-called "Free Trade" agreements designed specifically to undermine such laws, by opening boarders for unfettered trade without requiring a corresponding level playing field in the regulatory and labor protection spaces. NAFTA etc. are working exactly as designed, inspiring a race to the bottom in terms of quality of living and wages. This is squarely the fault of such one-sided agreements ... not the sensible regulations, minimum wage, worker safety requirements, etc. that helped fuel the largest and longest economic expansion in US history.
You'd first need to convince me that doing something detrimental to a strong western country is not the actual intended side effect.
Free, as in your money being freed from the confines of your account.
I remember the days of the Clipper Chip, and of the prohibition on exporting strong crypto. I remember getting a package from Checkpoint in Ramat Gan, Israel (over international DHL, I believe it was) that was slathered with warning stickers that said it could not leave the USA...when it originated from Israel.
I remember in 2000, doing an IV&V of a VPN solution that did something really funky with their key generation, such that they were allowed to export strong (based on bit size) encryption without having to do key escrow. They put some of the key generation material in the handshake exchange...which means it went in the clear. I shit you not. Oh, and also, their algorithm had no forward secrecy...which was the whole point. Anyone who had sniffed the session could go to the operator of the VPN with a warrant, and have them re-generate the key that was negotiated between the two endpoints...making it possible to decrypt the session. Of course, this came along with a whole metric shitload of security problems, like the fact that compromising the VPN concentrator and pulling a little data off of it would give you the ability to decrypt any session that included that concentrator (we never got to the point of seeing if we could get the same effect by attacking the client). Basically, the whole thing was just a big pile of bitch cock, just waiting for disaster. (We also found a one-packed DoS, a buffer overflow, and other things...all unauthenticated attacks.)
And the best part? The client for whom it turned out I was doing this IV&V. It was the United States Secret Service...specifically the protective detail for the incoming Bush administration. This pig-fucker of a VPN solution was going to be used to protect the President of the United States. That was fun to find out...at the outset of the engagement, we thought our client was the Treasury Department in general (which was kind of true, in a way). When we had "The Meeting" to tell them what a disaster the solution was, they told us who we were really working for in specific. I really needed a drink after that meeting.
Needless to say, the Secret Service ended up going with a different solution.
And now here we are again...with different people but the same organizations bringing up the same dogshit reasons to try and justify demanding the same dumb-shit idea be implemented...backdoored encryption. I find it so incredibly interesting that, when it came down to it, the US Government wouldn't rely on a solution like that to protect themselves, but they would insist that the rest of us accept it for our own use. It makes me want to spew a litany of every obscene word and phrase I can remember, in alphabetical order.
For your security, this post has been encrypted with ROT-13, twice.
nobody could safely bank or buy products online anymore, i would close my checking account and wipe my entire harddrive clean, make new disk partitions and do a clean install knowing i will never use a credit or debit card online ever again
Politics is Treachery, Religion is Brainwashing
I think the headline was missing something:
"US Encryption Ban Would Only Send the Market Overseas".... Again.
They tried this ITAR ban on exporting encryption back in the 1990s and people just moved open source software projects to overseas servers and were careful not to openly contribute encryption code to those projects.
It is complete idiocy and fatally undermines US national security to ban encryption or put restrictions on its use. The US has the most to lose security-wise by making it harder to secure communications in the US. Everything we do and say is track-able online.
For every potentially missed terror cell you might find by trolling through unencrypted communications, there are millions of government employees walking around vulnerable to having their personal (and official) communications hacked by all sorts of state sponsored and non-state sponsored groups all because the government has put pressure on providers not to make communications "too secure".
I don't want terrorists to kill people, but I also don't want to have our national security so vulnerable as collateral damage.
...And have a better educated populace some years hence. For example, this children's book on cryptography.
You would have thought that our government would have learned when they attempted to ban PGP, decades ago.
The reason they didn't learn is that most people in Congress are lawyers. Lawyers typically have a very poor understanding of technology and computer related issues. In their world, you just pass a law making something legal or illegal and - boom - the problem is solved for all time.
You have a few law enforcement officers and a few democractic legislatures(NY cough cough) calling for it. I would hardly call this a consensus.
When you outlaw math, only criminals will do math.
Hmm, that doesn't seem right.
This issue is a bit more complicated than you think.
Isn't a ban on encryption a ban on free speech?
It seems to me that encrypted communication is akin to two people having a conversation in Klingon. If a third party, a police officer, were to interrupt the conversation shouting, "Hey! Speak English! You must be understood!", then that would clearly be a violation of first amendment rights. I cannot imagine a judge would allow the police officer to use a defense of, "Well, they could have been planning terrorism." If the conversation is electronic, and the government does not know what is being said, then it still seems absurd to me for that to be illegal.
Banning encrypted communication is akin to banning all foreign languages, made-up languages, and baby talk. Speak English, little baby, you must be understood or the cops will get you! Absurd.
Yes, theory and maths knowledge is everywhere, but software are hardware is not built everywhere.
Most products are USA origin, even if they are manufactured in China.
How many operating systems are from out of USA? WIndows, Mac, Android, IOS?
How many CPUs do not belong to USA companies? Intel, AMD? ARM from UK?
How many gadget are from USA companies? CISCO, NVIDIA
How many Internet services and software? Facebook, Google, Gmail, Whatsapp, Skype
So they could "backdoor" a good share of market.
And moreover. It looks like people, even governments, don't mind too much being spied. If they did, Windows would have been banned from every government long time ago.
So, It's not that bad idea.
The entire encryption industry went overseas while the government had encryption defined as "munitions".
RSA wasn't developed in the US - but Austrailia and New Zealand (with Switzerland getting in there). Only after the promotion of those versions did it get "imported" for use.
Weren't discussions about providing back doors to mobile devices with the help of manufacturers and service providers? How did this ludicrous jump in scale happen? Is this an example of the legislature gone plaid?
What do they think? That only the US knows about cryptography? How stupidly arrogant can you be to swallow the American exceptionalism claptrap lock, stock and barrel? Come down to Earth, you clowns.
If laws can drive industry away, they can keep it around too.
There is little evidence for that. [...] Do you think America would be richer if we produced more t-shirts and fewer aircraft and CPUs?
About 20 years ago when the original NAFTA and its ilk came into being, people complained about exactly this issue. The meme of the day was "a giant sucking sound" as jobs and manufactured goods went South to Mexico.
The non-governmental economists claimed that wages would stagnate.
The government economists responded by saying that wages would stagnate, but the markets would be flooded with cheaper goods, so overall purchasing power would increase.
Here we are 20 years later, wages have stagnated for most workers, and there are Chinese dollar stores everywhere.
It's exactly as the economists predicted.
Do you still like your free trade?
If you want to make software that uses cryptography available worldwide, you're already incentivized to develop it in a foreign country and import it to the US. There's no restriction on using foreign cryptography in the US, but there are legal hurdles you have to jump if you want to export cryptography from the US.
OpenSSL themselves mentions exporting as an alternative to costly legal counsel:
"The only other safe course of action would be to pay non-U.S. citizens to develop the cryptographic software overseas and import it into the U.S., as imports are not restricted. Foreigners who benefit financially from this situation refer to the U.S. “export jobs, not crypto” policy." https://www.openssl.org/docs/f... (page 145)
Are you advocating removing all regulations?
If not, then realize that there may be a correct level of regulations that is somewhere between all and none. More regulation may help us but much more than that may harm us.
Maybe in retrospect, you should have just went with it and allowed Bush to have bad security.
Maybe in retrospect, you should have just went with it and allowed Bush to have bad security.
That ramification of what facts my teammate and I (for 48 hours, only two of us knew what we'd found) knew crossed my mind for about a millisecond. But then, I thought of two things:
1, That he was (as much as I disliked it) elected lawfully, through due process. It went up to the ragged edge of that due process, but still. I was being trusted to help defend more than just one person, but rather the idea that an assassin shouldn't be allowed to negate or counter the rights of hundreds of millions of people.
2, Also, Cheney was next in line.
For your security, this post has been encrypted with ROT-13, twice.
Unless we could put in a back door.