Slashdot Mirror
US Encryption Ban Would Only Send the Market Overseas (dailydot.com)
Patrick O'Neill writes: As U.S. legislatures posture toward legally mandating backdoored encryption, a new Harvard study suggests that a ban would push the market overseas because most encryption products come from over non-U.S. tech companies. "Cryptography is very much a worldwide academic discipline, as evidenced by the quantity and quality of research papers and academic conferences from countries other than the U.S.," the researchers wrote.
We have pushed many of our industries overseas again and again with heavy government regulations. While OSHA, workers comp, EPA, etc. minimum wage, etc. laws and regulations may have some sense, we have to realize that these same laws also reduce employment and push industries overseas and make many of our overseas competitors more competitive. If we could create a 100% safe society through passing safety and employment laws we may have to satisfy ourselves with 100% unemployment as well.
Cryptography is, ultimately, mathematics.
People who want to poke holes in crypto fundamentally don't understand that the math is out there for all to see.
So, flash back .. what, 20 years? When the US treated crypto as munitions and you couldn't export it. Now the US wants to break it, control it, and regulate it. And if people shift to other technologies, the US will be left with nothing but wishful thinking, and crypto they can't do anything with.
Indeed, wait for the marketing glossy to say "now, 100% American spying free!!!"
Oddly enough, if you make yourselves untrustworthy, nobody will trust you.
The people who want to spy on everybody don't understand this fact. You can't keep the benefits of crypto if you've ruined it. And trusting the spies will be the only ones who have broken into your stuff is utterly moronic.
The heads of these spy agencies are too ill-informed about the technology to understand the stupidity of what they say. All they see is a need for nobody to have any secrets from them -- and to them, a big fuck you.
Lost at C:>. Found at C.
These guys are morons.
We pushed crypto development to South Africa for FreeBSD back in the early 1990's to get around ITAR restrictions: "you can import, but you can't export".
We will happily route around this brain damage, too.
P.S.: The way to get better cryptographers in other countries is to make cryptographers criminals in the U.S.; obviously, it will not do fuck all to actually stop cryptography from happening, it'll just be that our people end up being shit at it compared to their people.
You would have thought that our government would have learned
You assume that politicians are capable *and* willing to learn...
You would have thought that our government would have learned when they attempted to ban PGP, decades ago.
For those of you who don't remember, the software got classified as a munition, people who sold it could be arrested as arms trafficers. Downloads instantly moved from US servers to those in Finland (and elsewhere) and the end result was a big spectacular nothing.
Calmer heads prevailed, in the long run.
The technology is out there, the knowledge of how to do encryption is impossible to stuff back into the bottle.
Yes, I remember the bad old days when a Netscape web browser was considered as a weapon of war and it was illegal to export it outside the US and there was a check box on the EULA saying you agree that you wouldn't export it.
If ITAR is again applied to encryption then the US will stop being able to sell pretty much any technology overseas and most people in the US who aren't complete morons will just import hardware and software from free countries where encryption is allowed.
when they attempted to ban PGP, decades ago.
They didn't actually ban it outright. They put it on the ITAR munitions list in an effort to keep it from being exported and used by the overseas targets of our espionage. Inside the USA, we were still free to use strong encryption between ourselves. Unfortunately, our moron legislators didn't understand that the underlying math and theory was already out there and how trivially easy it was to replicate and distribute from sites offshore.
Fast forward to today: What they want ('they' being a couple of half-wits in congress and law enforcement) is to restrict certain forms of encryption from coming back inside the USA. The TLAs are no longer spying on overseas entities. They are spying on their own population and don't want strong encryption schemes to interfere with that.
Have gnu, will travel.
If you want to make software that uses cryptography available worldwide, you're already incentivized to develop it in a foreign country and import it to the US. There's no restriction on using foreign cryptography in the US, but there are legal hurdles you have to jump if you want to export cryptography from the US.
OpenSSL themselves mentions exporting as an alternative to costly legal counsel:
"The only other safe course of action would be to pay non-U.S. citizens to develop the cryptographic software overseas and import it into the U.S., as imports are not restricted. Foreigners who benefit financially from this situation refer to the U.S. “export jobs, not crypto” policy." https://www.openssl.org/docs/f... (page 145)