Slashdot Mirror
RSA Goes Down Under to Circumvent Lame Laws
VAB wrote in
to tell us that the
RSA opened an Australian branch
to get around the United States's stupid encryption
export restrictions. They also hired
SSLeay fame) and Tim Hudson to staff the new corp.
I've been kinda following the encryption stuff since Clinton announced Clipper. I don't think we'll see real progress on the export restrictions until companies prove to Congress that America isn't a viable producer by moving out. :(
Chris Cioffi
Of course this means that SSLeay will no longer
be around as an open source library (which of course makes RSA very happy).
On a brighter note, www.openssl.org is looking to carry on the development of the library as freeware.
Now that the congradulations are over. I would like to say "DARN!" RSA has not exactly been overly kind to the OpenSource community inside the US. C2Net Software has been extreamly kind to ensure funding of the SSLeay development. Even in the face of SSLeay based Apache mod_SSL and in the face of mod_SSL based RedHat Secure Web Server (which was clearly directly competting with C2Net's Stronghold), C2Net has continued to push SSLeay forward. Counterpane Systems has pritty much dontated Twofish encryption to the world, thus putting crypto experts in a better position to attack companies that have promoted their XOR "encryption" enabled product as being secure. Since Twofish is free, fast and impliments well in software and hardware there is no excuse for continuing to push XOR as "encryption." Certicom Corp. has been extreamly friendly regarding third-party non-commerical implimentations of Elliptic Curve Crypto (which has shown itself to be a possible alternative to RSA). How does RSA measure up to all these other companies? Well, RSA puts on additional restrictions on RSA than ITAR ever has or well! While ITAR makes it *difficult* to make cryptography available on the internet for peer-review. RSA makes alternate implimentations of RSA *impossible* to legally make available for peer-review. The only RSA "educational" use there can be is on their own RSAlib. While exploring alternative meathods (languages, done via hardware, etc) of existing crypto algorithms can help keep cryptographer's minds sharp, RSA attacks any peer review of other methods. To take things a step further, RSA goes all out in enforcing it's patent on both encryption and *DEcryption*. This is despite that finding a solution to a formula (2+x=4 hence x=2) is not patentiable. While using prime numbers for encryption maybe a unique patentable concept, the formula for decryption has pritty much been dictated by the formula used for encryption. Hence, the decryption of RSA is pritty much the solution of a formula and should not be patentable. RSA knows this but continues to ride on the stupidity of the US patent office and the non-crypto savvy court system. Hence, I definately think there are preferable companies in the crypto game other than RSA.
Btw, to see creative use of applied cryptography, look into Zeroknowledge. They are presently looking for beta tester for their linux (the first platform type they have software available for!) privacy software. This is one product you have to check out!
If so, this is just temporary relief for RSA.
SSLeay is not GPL. Its a BSD-like license so what
you say still holds. However SSLeay as maintained
by eay appears to be dead. SSLeay as maintained
by others (As OpenSSL or whatever else crops up)
is not.
snot GPL
No. Wrong. RSA is still patented and illegal to
use without permission from RSA, inc. Their free
RSAref library can be used in certain
non-commercial applications without paying any
licensing fees to RSA; check the RSAref terms of
use for more info.
The good news: the patent on RSA expires on
20 Sep, 2000. Just 21 months to go...
--Sumner
article at CyberLaw explains the effect that the vigerously enforced patent can have.
Btw, along the topic of math that has been around for "years and years," LZW doesn't become available in the US until Dec 2002. For those that haven't been following the LZW issues, UniSys holds the patent to LZW and silently watched CompuServe declair LZW part of the GIF87, GIF89 and GIF89a open standards. They also waited silently for LZW to become widely used as part of the PostScript standard. After YEARS of neglecting to enforce the patent they decided to then enforce payment requirements to use the GIF, TIFF/LZW, PostScript (and PDF) standards. Their targets have included GNU software contributor Derek B. Noonburg for xpdf and Linux friendly company Corel Corp.
No matter what the US government says about the encryption laws these laws cannot be in place to keep terrorists from getting there hands on them. There are all sorts of laws to keep terrorists from getting their hands on weapons and they still get them. Any terrorist group that had any intelligence could easily get there hands on non exportable encryption software. Either they are there to stop the general public, or the government has less intelligence than previously thought.
Show us your RESEARCH!!!!!!
Eric & Tim Hudson both live in Australia, plus our crypto laws are a bit saner down here. As a bit of trivia, Eric placed first or second in the "King of the Mountain" race (the race sung about by Midnight Oil in the song of the same name) a few years ago.
When are the liars and deceivers in Congress going to stop trying to save humanity. How many times do they need to step on the Bill of Rights to save us from ourselves? Exerpt from article:
[Federal regulations forbid US software companies from exporting strong encryption technologies on the grounds that they might be used by terrorists to conceal their plans.]
Congress ALWAYS says that what they're doing is because of terrorists. Are they talking about the terrorists and dictators they sold arms to for the past 50 years?
read this dudez3 .html
http://www.livelinks.com/sumeria/politics/shadv
A large volume of documentary evidence exists that reveals that many of the richest, most powerful men in the United
States, and the giant corporations they controlled, were secretly allied with the Nazis, both before and during World War
II, even after war was declared between Germany and America. This alliance began with U.S. corporate investment during
the reconstruction of post-World War I Germany in the 1920s and, years later, included financial, industrial and military aid
to the Nazis.
On the pages which follow we will review which prominent Americans and corporations were involved, what aid and
comfort they gave our nation's enemies - treasonable offenses during time of war, and investigations into these matters
which produced evidence of a US/Nazi corporate conspiracy to bring a fascist state to America, and eliminate competition
in the industrial raw materials market in order to force world-wide dependance on oil-based petrochemicals.
Big deal. All the Wassenar clause says is that you have to apply for an export licence. It is not forceing the US ITAR. The Wassenar agreement has been in effect for a couple of years now and has not affected Canadian crypto companies such as Entrust. As RSA is opening up an Australian office it would only make sense that it is a similar situation Down Under.
The recent changes say that free software is no longer exempt. This sucks for guys like openBSD.
--
Bishop
http://www.wassenaar.org/docs/index1.html
Second country listed. Someone forgot to tell the Wassenaar site that.
Australia is hardly the perfect place for the development and sale of cryptographic software, but it does have its advantages. We have signed on to the Wassenaar Arrangement, as has been pointed out, but we do not exclude the export of crypto software to the extent that the US does. For example, an Australian may take crypto software out of the country for personal use without prior permission, under certain conditions.
Cryptographic software is, however, on the list of export-controlled goods. See for yourself (it's right at the bottom of the page). Furthermore, software "in the public domain" (and GPL or other Open Source is categorised as such) is expressly included in the restriction by the terms of the general software note (bottom of page, again). In fact, crypto software is the only software "in the public domain" that is still export-controlled. Gee, thanks for pushing that one on us, Uncle Sam! American cultural values should be export controlled.
But all is not lost, however. Australia doesn't have the alarmist attitude of the US on these issues, and so I'd feel much safer leaving crypto software on an Australian website than a US one. I get the feeling I'd be shot for treason in the US, whereas in Australia I'd get a slap across the wrist. Maybe.
In any case, you can apply for an export license, and if you are exporting to another Wassenaar signatory, there's no reason why you'd be knocked back. From that perspective maybe RSA are onto something. They'd better actually have a program to sell. Their steenking patents won't get them very far here, I'm pleased to say. Gee, at least I don't think so. I'd better double check we haven't adopted any boneheaded US patent laws as the result of some other treaty recently.
Permission to export will be much easier to obtain in Australia, because we aren't quite so paranoid as the US. Probably we figure we know so little of what's really going on that a bit of crypto won't hurt. "Hey -- if everyone else has crypto, we won't be able to eavesdrop on them! Will we notice the difference?" Most of the secrets which are of the most importance to us are probably held by the US Govt anyhow. Allies can be more dangerous than enemies sometimes.
I just resent the constraint it imposes on free speech. Why shouldn't I be allowed to work freely on open source crypto software on the net? Reconstructing the artificial boundaries of "state" that the net eliminates is annoying in the extremest extreme.
Who did they hire??? Are you sure you posted all that was to be posted???
In Soviet Russia, Jesus asks: "What Would You Do?"
Yes!
I guess... RSA does'nt have any record of supporting free software at all ... they're an evil software patent company, AFAIK.
The RSA patent is still *legally* valid. It expires next September and I can barely wait.
No, I'm not a socialist.
Hum, that is similiar to what Network Associate is doing last year. They setup a independant company outside of US, with the aim of reverse engineering the code, so they won't get tag by ITAR.