Slashdot Mirror
Clueful Crypto Legislation
Industrial Disease writes "ZDNN has a brief article on the Security and Freedom through Encryption Act. If passed, this bill would ease export restrictions, eliminate key escrow requirements, and make using cryptography a crime only if used to commit a secondary crime. A similar bill never reached a full House vote last year, but this one seems to have a broader base of support. " This bill was also known as SAFE - the problem it had last time was a huge arguement over encryption in e-commerce, but this time the sponsers think it has a much better chance of passing.
Think about this a minute. Suppose someone commits a minor crime, one that would normally carry the penalities of, say, a fine and community service. If that person (naturally) trys to conceal the commission of this crime by using crypto, then he could be facing hard time! Are they still with equating crypto with munitions here - since I believe that peanalities are increased (in some parts of the USA) when crimes are committed with guns? Basically it seems that the increased punishment is being dealt out not because of actual increased harm or potential harm (like more traditional aggravating circumstances), but because of the increased inconvience that crypto causes law enforcement agencies, i.e. this is a political gesture.
This seems part of the a general trend in the USA to criminalize everything possible, and thereby reduce every problem to a law-n-order issue. Every time this happens, the police state grows, and out freedom shrinks.
Remember: Your local police are armed and dangerous!
An esoteric scratched itch:
Homeworld Map Maker Tool
Who knows what the bill will look like in its final form after it has been ground up into little pieces by various committees. Hopefully it will still have a positive effect.
One good thing to note is that it seems to have bi-partisan support.
In particular, note how the witness from the National Security Agency, Barbara McNamara, tries to argue conflicting points at various points in her testimony:
. Good encryption isn't available abroad, but
. at least some is, since most foreign governments use it, but
. it isn't very good, and therefore
. we still think export controls are working.
ACP Webmaster
webmaster@computerprivacy.org
When the hell is the Aussie government going to wake up to the reality that STRONG CRYPTO CANNNOT BE SUPPRESSED. It will be exported and used not dependent on the legality of the issues involved. To me, the aussie crypto laws are a load of shit. If you have any comments to add, ICQ me [15037019]
~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^
Am I the only one thinking that there is a maximum of 10 american congressmen who know anything about the internet (and judgeing by the success of cda the majority of those 10 are probably republicans which is weird) and the rest of the congressmen are just "riding the wave" (had to say that) of popularity with a bill just to get re-elected. If you ask me britain has the right idea, the house of lords (equivalent to the senate) is unpaid (of course they are lords so they are rich, but never mind that), so they arn't in politics for the money. Politicians should be unpaid and on welfare (wouldn't that teach them something).
Erm... actually most Lords get secondary benefits, eg from large firms wanting someone influential on their board, or as consultants etc. The house of Lords are not elected by the people of Britain, but instead are appointed "by the Queen" ie by the government of the time in an attempt to stack the deck so they can railroad any silly bill they like through to become law. They tend too to be really old guys whose everyday reality is so different from the average citizen they have little idea what effect their legislation may have on the populace. They also tend to sleep a lot through the debates. I've no time for them.
I never really understood why the government was so worried about encryption to begin with. I'm sure there is a really good reason that I'm not seeing (yea right), but I always thought that freedom of speech covered everything, even if it was in 1's and 0's.
-davek
6th Street Radio @ddombrowsky
And does it stand a chance of having Clinton's veto overriden? I don't think that our President will like his police-state agenda attacked (and remember that he cared so much about national security in his draft-dodgint, i-did-not-inhale, hippy, communist-supporting Oxford days). Clue: law enforcement agencies do not have rights, individuals do. Law enforcement agencies only have those few powers that our legislation allows them. Arguing for the rights of law enforcement agencies has no logical basis. It's just a shame that so many people actually successfully do so, and usually on a basis of "well, for national security reasons, you'll just have to trust us."
Seriously, I'd like to see a good summary of the real meat of this bill. If this is just something that will allow certain companies to sell powerful encryption technologies to just banks, then it does exactly nothing for us. E-commerce is of rather small importance in my mind. My personal privacy, the privacy of the users I support, and the integrity of the systems that I administer are much more relevant to me. I'm sick of having to go to the Netherlands to get real security tools.
What happens when encryption is pervasive? Computers are turning up everywhere. If your next car uses encryption to run and you park illegally have you used encryption to commit a crime?
It doesn't say anything about source and libraries. Personally, I could care less about the commercial products, but I want to be able to collaborate on projects using kerberos, and that is currently a royal pain in the ass.
exporting a crypted message is not illegal, exporting the source code to a strong cipher is.
i can send as many des-crypted messages to a friend out of the u.s. as i want, just can't send him the algorithms needed to decrypt it -- unless i send them to him on paper, in a book.
you addressed the issue of cipher export, not encrypted information itself.
as far as "many attempts" to kill domestic crypto use, you will notice that each attempt was soundly struck down shortly after introduction. freedom of information and freedom to obscure information is now held equal with freedom of speech.
I always thought politicians should get paid the median income for an American family. That's somewhere around 35,000 right now.
That would create an incentive to improve median incomes...Or to sell out even further to corporate interests that pad their pockets.
Assuming they could sell out further.
http://www.house.gov/lofgren/ (Click "Contact")
and
http://www.house.gov/dreier/talkto.htm
(Unfortunately, Goodlatte's website doesn't accept email outside his district.)
And don't forget to mention your support of the bill to YOUR district rep!
http://www.house.gov/house/MemberWWW.html
Just to emphasise a point others have made: in the past such bills have been amended to the extent that crypto freedom campaigners have had to campaign against them. Make sure you know which version you're supporting.
--
Xenu loves you!
Check out an archived cybercast from yesterday's new conference on Capitol Hill announcing re-introduction of the SAFE legislation.
- 4.shtml
http://www.computerprivacy.org/archive/02251999
Very interesting...
No one goes into politics for the money, atleast not in the US. Most all of these congressmen could make far more money in the private sector. None the less they have families and mouths to feed. Do you really honestly believe that the average citizen is equipped to make decisions of great magnitude. Granted Congress has made plenty of mistakes, but so have other governments and other branches. Cutting salaries is not going to fix anything.
Last time the "SAFE" bill came up, it was completely amended into a police state measure by the time it got out of committee.
We'll see how far "key recovery" goes when the big corporations wake up and realize that "key recovery" means "Give us all of your Lotus Notes IDs, SMIME and Web server certificates." Fascism isn't so fun when it interferes with big business.
Business. Numbers. Money. People. Computer World.
"which makes cryptography a crime only if used to commit a secondary crime."
exucse me, but cryptography never has, never will be criminal. if use of cryptographic systems were illegal, you might as well arrest everyone on the internet because chances are their traffic passes through one or more encrypting hubs.
You don't seriously believe that their goverment salary is more than just a tiny drop in the bucket of graft our politicians collect from the lobbyists, do you?
Politics is one of the most lucrative jobs around.
Eagles may soar, but weasels don't get sucked into jet engines.
...encrypted file system driver for Linux?
<^>_<(ô ô)>_<^>
There's a modification to the loop filesystem driver that adds des, idea, and steganoraphy at http://www.alcrypto. co.uk/cryptocd/programs/filesystems/linux/.
I use it quite often. It needed alot of modifications to work with 2.0.35 tho.
--Loki
We've just put up the complete cybercast of the March 4, 1999 hearing on the SAFE act (HR850) which would allow more encryption products to be exported from the United States and restrict the government from mandating "backdoor access" to your private communications. You listen/watch/read testimony at: http://www.computerprivacy.org/archive/03041999/ In particular, note how the witness from the National Security Agency, Barbara McNamara, tries to argue conflicting points at various points in her testimony: . Good encryption isn't available abroad, but . at least some is, since most foreign governments use it, but . it isn't very good, and therefore . we still think export controls are working. ACP Webmaster webmaster@computerprivacy.org
The title itself is an oxymoron! Any regulation of private communication in form or content is unaccaptable. And crimialising crypto "if used to commit a secondary crime" is punishing a suspect for not accusing himself - something which is unconstitutional in any civilized state (if it doesn't happen to be the US president at some sex inquiry board, that is, but that's another story ...)
I do have to comment that this bill is an effort by the private sector to loosen the government's restriction on the export of encryption technology. Previously, the government classified any encryption technology as a munition and therefore subject to the rules governing military communications. Recently, the government has relaxed its export restrictions to allow the equivalent of 64-bit encryption to be exported without the permission of the Department of Commerce. Businesses can still file for stronger encryption export, but getting approval heavily depended upon the industry that was applying (and in any case, getting approval was like pulling teeth)...
The private sector and now bipartisan support voicing to the government that a separation between business commerce and a military munition seems to finally be getting through.
Certain government agencies critical to National Security (NSA, CIA, FBI, other law enforcement agencies) are obviously going to have problems with this -- it is their objectives to maintain the means to obtain any and all information. These agencies need to be forced to follow a legal procedure to obtain evidence like those of us in the private sector having to do the same type of investigations. I think it is about time!!!
The general public stands to benefit the most from this. Data integrity and confidentiality will have the capability to expand across international boundaries using stronger encryption mechanisms. After all, the internet knows no boundaries, so it stands to reason that the information contained within one country on the internet is basically fair game to anyone in the world.
This bill will not solve all of our problems. It is a step up to the realization that the internet and its content cannot be restricted and that when the need for secure communications via public networks is vital, beauracracy and red tape cannot stop it.
Just my $0.02...
--
"There *IS* no patch for stupidity" -www.sqlsecurity.com
Suppose that you and I agree to exchange information only in manners which are cryptographically secure, and we even conduct a business using that medium for all of our information transmission and storage. Suppose further that a significantly broad population of users do similar things, sharing a common space with us, in which all participants conduct all of their transactions securely -- meaning not only secure from snooping by outsiders, but also guaranteeing that the communicator on the other end really is who you think it is. The technology already exists to build a large, highly integrated "virtual machine" (a-la JVM on steroids) which runs over a worldwide network of voluntary hosts, in a secure, fault-tolerant, fully encrypted space. Such a machine would allow for the exchange of information and coordination of "real world" events in ways that make the current Internet look like a sadly primitive toy. If something like that actually gets implemented, it stands a decent chance of making contemporary governments completely obsolete and powerless to stop them. That's why they're scared, and that's why it's in their best interest to slow this down until they can find a way to make it work for them first.
http://www.computerprivacy.org/archive/03041999/
In particular, note how the witness from the National Security Agency, Barbara McNamara, tries to argue conflicting points at various points in her testimony:
. Good encryption isn't available abroad, but
. at least some is, since most foreign governments use it, but
. it isn't very good, and therefore
. we still think export controls are working.
ACP Webmaster
webmaster@computerprivacy.org
"... That will give us all 10% raises.."
Or something along those lines... Of course I got that from The Simpsons.