Slashdot Mirror
House subcommittee passes crypto bill
kabir writes "Computerworld Daily reports that a House of Representatives Subcommittee has just passed a bill (H.R. 850) easing crypto export restrictions. Interestingly, there are also clauses preventing government officials from forcing people to decrypt data. It's not law yet, but looks like it's headed that way. " It passed unanimously in the subcommittee and is headed out to the general House.
This government assisted the Russians in assassinating the leader of the Chechnian rebels, which is 100% ILLEGAL
Where did you get that from?
For the children? This is dishonest. Its worse than faking video testimony in front of the court three times! We are talking about making laws here that are supposed to protect. The opposite will happen. Our lawmakers are spineless and crooked! Its lying and they are doing not a goddamn thing to protect children!
Apr 27, 99:
Referred jointly and sequentially to the House Committee on Intelligence (Permanent Select) for a period ending
not later than July 2, 1999 for consideration of such provisions of the bill as fall within the jurisdiction of that
committee pursuant to clause 11, rule X.
In other words, the Committee on Intelligence is on a deadline. Cool.
It's not a bug, it's a feature...
They'd have to prove that the encrypted messages are actually related to a crime. Of course, with the caliber of individuals (or in-duh-viduals for those in the DNRC) on today's juries, that is easier than it ought to be...
Article [V.] (AKA 5th Ammendment)
No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.
It depends on how you look at the 5th Ammendment or to be exact on which side you are, but from my point of view phraze clearly states that you don't have to witness against yourself, saying ANYTHING, including PGP passphraze. Afterall, you might well forget your super-duper 101 byte white noise pass.
If I fail to decrypt files under arrest for a felony charge, I should be protected by the Fith Amendment.
If there is a problem arresting and punishing people who cause harm towards people and property, why not change the laws in more constructive ways. This attempt seems to violate rights of people. If I stole enough candy bars from the store to qualify for a felony, sent dozens of encrypted emails about it, refused to open them, I could face life in jail?
Posted by Lord Kano-The Gangster Of Love:
"On the inside" on the discovery channel.
He was killed by a bomb as he spoke on his cell phone. Russian technology would have been eble to pinpoint him within 5 minutes. They zeroed in on him in less than that, only this government can do that.
LK
In Congress specifying that we have a right to use encryption of any length or method, we acknowledge that we are given the right to do that, and the possibility that it will be revoked at a later date/during 'emergency' periods. I'd much prefer a stronger protection, although I'm encouraged by its summary as an "affirmation" of the right to use encryption.
One possible argument comes from the US Govt. itself and its restrictions on exporting crypto: they claim it's a munition. Could that mean the 2nd Amendment applies to encryption?
Ah well. I'm just playing devil's advocate. I will be ecstatic if this passes. I think I just found out which House members are getting my vote in 2000.
I don't think any encyption products currently popular as free software or on the commercial market are ""custom-made" encryption products designed for "use in harming national security, use in the sexual exploitation of children [or] use by organized crime."
;)
There's a difference between "designed for" and "can be used for".
I think what they're trying to prevent is M$ Terrorist [tm] complete with custom encryption specifically designed for use in harming national security. (Click OK to install!)
So, unless there's a PGP whitepaper I missed out on...
This bill seems to prohibit mandatory key escrow (not forced decryption of data) and create some new crimes. It specifically says that law enforcement is still allowed to force you to decrypt your data.
At the risk of invoking Godwin's Law, is there some sort of statue of limitations beyond which government misconduct is not to be criticised?
is not proven or is just plain wrong (waco)
Huh? I can't find anything wrong with Kano's description of Waco. (Specifically, the ATF and/or FBI, I forget which, concocted a story about a methamphetemine lab in Davidians' village in order to invoke a "drug exception" to the Posse Comitatus Act.)
Illegally obtained evidence cannot be allowed in court
There are plenty of things corrupt government agencies can do with illegal wiretaps that don't involve any court -- recall for example the story of Martin Luther King's personal indiscretions being taped by J. Edgar Hoover's men.
the government doesn't care one bit about the email you send
Well, then, why are Louis Freeh's shorts in a knot because he won't be able to read it any more? He'll still be able to monitor the few hundred or so suspects who are legally targeted by search warrants using alternative technologies (planting old-fashioned bugs, Trojan Horsing the suspect's computer, reading van Eck emissions, etc).
This law is a big step in the right direction.
True, though as some others have pointed out there is some potential for abusing certain clauses.
I have travelled and lived in most industrialized countries, and we definatly have the best government of all.
Not as bad as the others, but I still see that particular glass as half empty.
/.
/. If the government wants us to respect the law, it should set a better example.
Well, it would seem that congress has finally done something intelligent! We'l see, though, how well they hold to it. Personally, I'm a little skeptical
It is by caffiene alone I set my mind in motion. It is by the beans of java that thoughts acquire speed, hands acquire
Posted by FascDot Killed My Previous Use:
No gov't can force a decrypt? Perfect!
Here's what you do: Build a module for Apache that auto-encrypts all pages before sending. Build a module in Mozilla that auto-decrypts the result and displays it. Get libraries to install Mozilla (fast, free, standards, etc).
Now filtering is a moot point!
--
"Please remember that how you say something is often more important than what you say." - Rob Malda
You know, having worked through a project involving encryption with a major university & various "high-tech" companies, the biggest problem is just explaining to people how stuff works and what it can be used for. As soon as anything sounds vaguely threatening (read: difficult to understand) they start trying to kill it
This one relates to easing export controls on "supercomputing" hardware. (Like your new Playstation ;-)
--The more you know, the less you know.
Posted by Lord Kano-The Gangster Of Love:
Slightly off-topic, but not much. Major rant ahead.
It's good to see eased crypto export controls, but the portion about forbidding the gov't from forcing people to decrypt data is a joke.
It's not like our government obeys it's own laws or anything. In the 1960's-1970's the FBI used illegal measured to bring down the Black Panther Party. There are rules against shooting unarmed people, but that didn't stop FBI sniper Lon Horiuchi from shooting Vicky Weaver inthe face while she held her infant daughter(musta been one of those fully automatic assault babies). It's illegal for the US military to engage in domestic law enforcement, but that didn't stop the FBI and BATF from filing bogus charges to get through a loophole in the law to get the US Special forces to torture and barbecue babies in Waco Texas.
This government also inturned AMERICAL CITIZENS for doing nothing more that being 1/4 Japanese. This government exposed mentally retarded people to radioactive substances just to watch them react. This government gave LSD to men in it's armed forces to gauge how well it could be used to interrogate prisoners. This government let men die from syphillis, while lying about giving them treatment, just to gain information about the progression of the disease. This government assisted the Russians in assassinating the leader of the Chechnian rebels, which is 100% ILLEGAL.
I could go on for paragraphs on this, but I think you all get the point. Agents of government (all of them) will routinely violate or circumvent (but usually the former) domestic and international law if they believe that it serves their purpose. Just because they added a provision forbidding their agents from forcing us to decrypt on demand doesn't mean a thing. It's a paper tiger with no teeth or claws to back itself up.
LK
Well, It's about time that the US congress dragged themselves into some semblance of reality on this issue.
The laws in the US regarding the exporting of encryption and decryption technology were all derived from the premise that US engineers and scientists were the only ones on the face of the planet with any ability whatsoever to invent any sort of encryption/decryption techniques, and that the scientific/engineering/software community elsewhere were completely incapable of developing any such technology on their own and would only obtain it if they got if from us.
Just a TAD bit stupidly arrogant, no?
The laws are, in fact, so stupid that if I download a program that does encryption/decryption from a site in, for example, France, and then I translate the text in its GUI from French to English and stick it back up on the Internet, I have committed treason. (Because I transfered a program containing encryption/decryption from my computer, on US soil, owned by a US citizen, to the world-wide Internet. It was irrelevant that the encryption/decryption portion of the code originated in another country anyway!)
From my reading of the article, (and it's kinda sketchy) it looks like this represents only the first small step towards sanity. But at least it's a step.
So how does one go about dissolving the gov't, legally? It is just like a constitutional amendment (2/3 house, 2/3 senate, 3/4 states)?
Speaking of US Government adherence to the rules, there was some sort of executive order recently to use the CIA to "undermine" the Serbian government. Supposedly it specifically referred to making electronic attacks on suspected bank accounts of Slobodan Milosevic in third countries. I doubt those countries will find the US government to be cooperative in extraditing those criminal hackers who attacked their banks' computer systems.
What I don't understand is how can an encryption be designed for use in harming national security. IF terrorist A sends terrorist B details of an attack on US soil and encrypts those details using PGP is not PGP therefore deisgned for use in harming national security?
How would "M$ Terrorist [TM]" differ from any general purpose encryption product? I certainly can't think of any features that would be useful ONLY to spies, terrorists, mafioso and child molestors.
My point is that any general purpose encryption product could be construed to fall under this phrase.
Yes, that's what I am. And lets not forget paranoid...
What are the odds that the forms of encryption whose restrictions are being eased are only the ones that the NSA has learned to crack?
(Had to say it, even if it does get moderated down.)
--Threed
At the risk of invoking Godwin's Law, is there some sort of statue of limitations beyond which government misconduct is not to be criticised?
Well since it is a different government with different policies, yes
I can't find anything wrong with Kano's description of Waco
Yeah the government burned it down, right
There are plenty of things corrupt government agencies can do with illegal wiretaps that don't involve any court -- recall for example the story of Martin Luther King's personal >indiscretions being taped by J. Edgar Hoover's men.
Well i'll give you this, but Hoover isn't around anymore is he, and there is much more accountibility now
Since they can't force you to file a key, and you can't be forced to witness against yourself, you surely could encrypt your MP3's safely, as long as you do it with a good enough alogrithm that they don't manage to brute force crack it. You just "forget" the key, and voila: They can't prove that the file contain any illegal material.
Using the OJ simpson trial to support you first post just reduced your credibillity to nil
SB
Yeah posting as an AC is really bad. I appoligize Lord Kano-The Gangster Of Love
SB
Posted by Lord Kano-The Gangster Of Love:
The difference is this AC. Posting as an AC allows you to hide in amongst others who refuse to tie their posts to a name. Even though one would have to do a little work to find out my given name all of my posts are attributable to me.
LK
If this were law, the gov't would be prevented from legally forcing decryption of content. But since the decryption modules were available for public use, the content itself in viewable form would still be subject to any content laws.
This is no different than phone scramblers or, even, the modem concept itself: nobody is able to simply listen to the audible garble of a modem, but the text provided by that garble is still subject to all sorts of content laws: libel, filtering, insider trading, etc.
Posted by Lord Kano-The Gangster Of Love:
>>Yeah the government burned it down, right
I never said that they did. You're lying and putting words in my mouth. The origin of the fire is still in dispute and until there's more evidence I won't accuse anyone.
LK
What if you're convicted of a crime, but didn't realize that one of the divices you used implemented encryption?
For instance, it is entirely possible that the music and movie industries will try to use cryptogrophy in every day consumer electronics.
"Since the child pornogrophy you own is on an encrypted DVD disk, you get up to an extra 5 years even though any up-to-date DVD player can decrypt the content."
but the best part is his top reason: he's a visionary. as he has proved in the past & continues to proves. i don't know where this world would be without bill. i'd probably still be fashioning tools out of stone. plus, as a bonus reason, he claims that one day microsoft may make something revolutionary. not today. not after 10 or 20 years of R & D, though. some day, 15 or 20 years down the road, there will be something coming out of the billions of annual spending on R & D; something that doesn't seem anti-intuitive, useless, a big waste of resources, or doesn't force you into that same old "not quite clear on the concept" path that microsoft seems to love so much. of course, i've always been convinced that the precise reason most people hate MS isn't because of their monopoly power, it's that they haven't done anything to advance the state of the art. for all of their money and effort and time, i have yet to see anything clean, elegant, or innovative. for having one of the greatest visionaries of all time and the most R & D budget of just about an company, you'd think they could come up with one thing that was at least an elegant implementation of one of their products/APIs/languages/etc.
Hmmm...that would put a damper in Win98/IE5 sales. The fact that these things tell Microsoft lots of tidbits about you over the Internet implies that it tells lots of tidbits about everybody over the Internet.
I wonder how well this goes over at the Pentagon.
--The basis of all love is respect
It also makes it a crime to use encryption to hide criminal activities. Seems akin to mail fraud. Watch out for encrypting those MP3s, though! That's an extra 5 years in jail.
Tie-in's like this reek of double-jeopardy. If I encrypt something I own, no problem. But if I encrypt a pirated MP3 I can get extra charges against me? There is really only one crime going on here (pirating). This could probably be challenged in court.
You DID accuse them, or at least inferred an accusation.
" It's illegal for the US military to engage in domestic law enforcement, but that didn't stop the FBI and BATF from filing bogus charges to get through a loophole in the law to get the US Special forces to torture and barbecue babies in Waco Texas. "
Later you qualify this some, by saying that the tear gas poisoned them (through conversion to a cyanide compound), but you said the US Special forces "barbecue babies" which they probably did not. They made a VERY bad (and illegal) assumption about the Branch Davidians, but they probably did not start the fire and they certainly didn't make the occupants of the building stay IN the fire. I would go so far as to say that even if they DID set the fire, it was to get the people out and not to kill them all.
One thing that I find particular amusing about the US law about encription software is that the US goverment comonly says that this law exist so that terrorists and drug dealers woundn't have access to this technology. Since terrorists and drug dealers are known to comit crimes, why they would obey that law???
There are plenty of crypto-software available outside the US and they will use it, even if there is no american software available for them. I am a common person, brazilian, and have access to the technology, so why the US goverment think that the "bad guys" woudn't have it?
--
"take the red pill and you stay in wonderland and I'll show you how deep the rabitt hole goes"
[]'s Victor Bogado da Silva Lins
^[:wq
Let's look at some stuff about Waco:
Adults and children in the compound.
Weapons (many illegal ones), and explosives inside. This was verified.
On top of that, often times it was one parent / one child in the compound, and the other parent NOT in the compound screaming for our government to do something about this.
Government started a stakeout. The people in the compound HAD time to come out long before the government went in forcefully. Personally I think the BATF and FBI should have just waited until they ran out of supplies. But if I made that decision, and then the Branch Davidians committed suicide, people like Kane here would be saying our government is reckless and doesn't protect our people from crazed religious fanatics.
The main reason for the military assistance was to get armored vehicles to prevent even MORE deaths. As I recall, more than one FBI agent was shot by the Davidians. Blame goes both ways.
- Speed
>Everything that you stated either happened over 20 years ago, is not proven or is just plain wrong (waco).
Randy Weaver's wife was shot less than a decade ago. If you are saying that it is wrong from an ethical point of view, I'll go right along with that. If you are saying it didn't happen that way, I suggest you check ANY news source, national, local, or even a militia zine for the facts on the situation.
Geek-grrl in training
"Always two there are. A geek and her sig."
To truly understand recursion, you must first truly understand recursion.
Every bloated line of code in Windows 2000
"The number of suckers born each minute doubles every 18 months."
-jafac's law
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
"It shall be lawful for any person within any State, and for any United States person in a foreign country, to use " (or sell) "any encryption, regardless of the encryption algorithm selected, encryption key length chosen, or implementation technique or medium used."
...but Clinton, et. al. will veto this legislation even if it does pass out of Congress.
Clinton has had an opportunity to cozy up to the topic before, but Reno and other "national security" wonks have always turned Clinton to the standard government line.
I remain highly skeptical that this situation will be improved by our silly government anytime soon.
Anyone who is interested in the topic, I'd like to highly recommend Whitfield Diffie's book exploring the entire policy debate: Pri vacy On the Line: The Politics of Wiretapping and Encryption . It's quite a good and succinct.
While checking up the House Sub-Committee on Telecommunications, Trade, and Consumer Protection, I decided to look at some other bills that they are considering. This is highly misleading (w/o reading the text of the bills) but some of the titles are very interesting.
/.)
H.R.543: A bill to require the installation and use by schools and libraries of a technology for filtering or blocking material on the Internet on computers with Internet access to be eligible to receive or retain universal service assistance. (obviously to screen out
H.J.RES.47: A joint resolution expressing the sense of the Congress regarding the need for a Surgeon General's report on media and violence. (where Dr Koop when you need him?)
H.R.313: A bill to regulate the use by interactive computer services of personally identifiable information provided by subscribers to such services. (Note: This one actually looks good, hence it will never pass)
H.R.515: A bill to prevent children from injuring themselves with handguns. (Great title, totally misleading)
Keep in mind that only a small amount of bills even get out of sub-committee. This is a good thing. Back onto the subject at hand, IMO the other sub-committees are going to gut the export provisions of HR850. IOW, those aspects (exports) may not reach the House Floor for a vote.
Like I said the first time. The operative words are "designed for".
:)
;)
It doesn't say any encryption product that can be used for those purposes is illegal, it says any encryption product *designed for* those purposes is illegal.
For example, a car is a personal transportation device. It is designed to move people from point A to point B. A wheelbarrow is not designed for moving people from point A to point B, it's designed for other non-people things. However, it can effectively be used to move people, also.
So, if the criteria for judging the legality of the car & the whellbarrow were "any device designed for transporting people is illegal", the car would be illegal, the wheelbarrow wouldn't.
In your example, whatever Phillip Zimmerman designed PGP for remains what he designed PGP for regardless of how people use it. From what I recall, it was designed to give individuals the ability to be secure in their electronic data from eavesdroppers.
Now, if M$ Terrorist [tm] used PGP as its encryption engine, M$ Terrorist [tm] would be illegal, as it is would be a custom encryption product designed to harm national security, but PGP itself would still be legal.
Of course, the politicians could say "Trying to ensure that people have access to the protections granted by the bill of rights shall be considered intent to harm national security". That would indeed result in PGP becoming illegal, but not for the reasons you stated.
One note:
> >>Unlikely. Judging by the window 2000 beta traces they run a BSD stack derivative
> >>close to freebsd - and the BSD license permits such use
> >
> >Which is a good reason to *NOT* release open source code under
> >BSD style licenses. You might as well just send your code
> >directly to Microsoft.
>
> And the problem with Microsoft using all sorts of Unix code is...?
is that they would never admit it, _and_ they would continue badmouthing
Unix/Linux/BSD. They simply can take advantage of BSD code whenever they
see fit - without acknowledging it and without giving back anything. It's
unethical and abusive, and this is what the GPL prevents. It also drains
developers from the BSD space (after all they could now just go and
develop networking code for Microsoft), which is bad for the BSD project
as a collective effort. These are just a few of the many naivities the BSD
license has, and Microsoft Halloween documents pretty accurately point
this out. They are afraid of Linux, but they are not afraid of *BSD.
The ship sank. Get over it. (This sig was cut out from another's shirt and painstakingly hand-posted)
I think you hit the nail on the head. It is the intent of the encryption application's author that is the key to determining what purpose the software is "intended" for. Unfortunately, I haven't found the actual full bill text of that amendment which defines what intent is prohibited and what is allowed. News reporters sometimes have the unintended tendency to manipulate the meaning of an original document by only including bits and pieces of it. Nonetheless, just the idea of regulating a programmer's intent is curious.
For one, determining the intent or original purpose of encryption software is a messy, ambiguous world. For example, what criminal in their right mind would deliberately define their software as something for "penetrating and destroying national security defenses" or "exploiting and exporting child pornography"? The obvious implications are a very difficult and treacherous road to defining an author's intent.
Secondly, what situation would we run into if for instance if a programmer unknowingly created an encryption application that was especially fast at encrypting 16 bit JPEG's (a semi- to hi-quality photo realistic image format), and made the picture 3/4 of its original size so that it became easier to transport via network or floppy? If such a hypothetical program, no matter how unlikely, appeared in the market it may just become the preferred vehicle for digital pornography (child or not) on the Internet. Possibly similar to the way MP3's have become the poster child for electronic piracy. If the programmer's intent was benevolent, say encrypting gnome applets, but it becomes a common criminal tool should the software still be allowed under this amendment? As was defined by ninjaz, a car is for people, and a wheelbarrow is for dirt. Regardless, this situation seems sticky, but until the entire amendment is read it is too early to pass judgment.
Hrm... it is kind of odd... the whole thing was completly self contained, they could have just left those people alone, it wasn't like the were going to attack the town or somthing... whatever
---------------
Chad Okere
ReadThe ReflectionEngine, a cyberpunk style n
I'm no lawyer, but as I read it the export restrictions on encryption that applies to end-user to end-user links only applies to the exemption from export licensing of hardware/software that is not already exempted by Sec.(3)(g)(2)(A, B, C, or F). This appears to me to mean that the end-user to end-user restriction applies to the export of proprietary encryption and that publicly available encryption - including end-user to end-user - has a blanket exemption from export licensing.
Isn't that the same IR footage that shows Davidian's firing INTO their own building? I've seen the footage myself, some of the people attempting to escape were killed by their own comrades.
Anyone else notice in the transcript portion Barbara McNamara of the NSA has no link. HMM . . .
Was that a black heli arrrrrghghhaahdsh.
"Maybe he was killed by the heli"
"If he was being killed by the heli would he take the time to type arrrrrghghaahdsh?"
Just out of curiosity, has the matrix come out in brazil, or have you only seen the pirated version?
---------------
Chad Okere
ReadThe ReflectionEngine, a cyberpunk style n
Nothing more extreme than a little sodium penethol is usually necessary to get your pass-phrase.
Crypto is nice, but if your opponent is powerful and serious (like the ATF in the waco case), you *will lose*. Piss off the gov't and they will whack you with a big bat - right or wrong, lawful or not.
Often, I think we could do with a little more prime directive in government. I think we legislate morality far too often. This is a dangerous trend. Witch hunt anyone?
-=Julian=-
Love that Ben Franklin sig.
If a person is killed during the commission of a felony, then the person committing the felony is guilty of murder. That doesn't say anything about intentions, but that's the way the law reads. If the government agents were committing a felony, then they are guilty of murder. If the Dravidians were committing a felony then THEY are guilty of murder. If they were BOTH committing a felony, then they are BOTH guilty of murder. IANAL.
I think we've pushed this "anyone can grow up to be president" thing too far.
This doesn't mean much. It's only passed
the subcommittee, which means it has to go through
the full committee, the full House, then through
a Senate subcommittee, committee full Senate,
and probably conference committee, and then back
to the House and Senate again...
Then it might be vetoed...
The bill doesn't cover export of encryption
either.
Signatures would merely link the spam to a particular account. Spammers would simply get a new throwaway account (with a new signature) for each spam.
/.
/. If the government wants us to respect the law, it should set a better example.
I found it interesting that the US government would deny exporting encryption products if they were designed to exploit little children. What does encryption and little children have to do with each other? Might as well ban cars that are designed to help child molesters. Its nice that the US is watching out for the rest of the world and wanting to play "big brother." I do not feel my taxes should be used in this way.
Restricting encryption puts a damper on free distribution of solid communication tools and operating system distributions.
Posted by FascDot Killed My Previous Use:
If you use steganography along with encryption (or even by itself) there's no way to know there's even data there, let alone block it.
--
"Please remember that how you say something is often more important than what you say." - Rob Malda
One of the amendments grants the Secretary of Commerce the authority to deny the export of any "custom-made" encryption products designed for "use in harming national security, use in the sexual exploitation of children [or] use by organized crime."
Is it just me or is this a giant loophole? It seems that anything other than SSL type commercial transactions could fall under this loop hole (e.g. PGP) They [Government/ Law Enforcement] seem to think that they have an absolute right to spy on people at whim.
Obviously this subcommittee dosen't realize what this really is yet.
How long before the NSA fires back? I love to see an all out war between the NSA and a powerful(supposedly) elected body. How quickly do you think congress could pass a bill outdating the NSA's usefullness? How many house members would be found floating in a river?
Enough silly rant...This is the meat right here... (Sec. 3) Amends the Export Administration Act of 1979 to grant the Secretary of Commerce exclusive authority to control exports of all computer hardware, software, computing devices, customer premises equipment, communications network equipment, and technology for information security (including encryption), except that which is specifically designed or modified for military use.
Which is exactly what we need for usefull protection without stale laws. A human being in charge and acountable for regulation of encryption. Who not only has the power to regulate (upon a 50 day review period) but not to regulate at all.
This may be a rouse though, supposedly he is to compile data on impedements to law enforcment created by his policy. If the NSA could just buy him out...
To learn more about the Secretary of Commerce... Department of Commerce website
How long until we can get a human being in a federal postition directly responsible for regulating cameras, I can think of a few I'd like an explanation for.
I expecting the MIB in front of house any second now.
Novel theory: Modern Man evolved from psychopath
How coincidental! 256 cosponsors! And that should be plenty to get the thing passed (assuming they show up to vote, not a given)
Overall, seems a lot better than the status quo, but several problems remain:
1. The bill seems to have an NSA/FBI/CIA inspired loophole - it only relaxes standards on user-"inaccessible" or non-"end-to-end user encryption" products. In other words, you can use whatever you want to connect securely to your ISP, but not to use strongly encrypted VPN tunnels, or send encrypted messages via PGP/voice scramblers/whatever. The intent seems to be that the powers-that-be will still be able to tap your cleartext (presumably only by warrant, but what about the NSA's reputed ubiquitous taps?) at the first unencrypted hop. Of course, with PGP et al. already out of the bag, this may be a moot point anyway.
2. The tack-on penalties for using encryption in the furtherance of a crime, seem like they might run afoul of the Fourth and/or Fifth Amendment. Of course, our current batch of Supremes will likely not see it that way, especially if drug dealers and kiddie porners are the ones being prosecuted for encrypting the evidence. Besides, the cops will only be able to tell if the encrypted stuff was related to the bad stuff if they follow their current routine - seize everything that even looks like a computer, and try to crack all of it. This bill merely encourages that kind of overreaching behavior. More martyred Mitnicks to come? Start generating those 2048-bit keys now... maybe the statute of limitations on your crime will run out before they can decrypt your data. Does "self-incrimination" cover giving up your PGP pass-phrase?
3. It still has to make it past the Senate.... and judging from our enlightened members of both houses ("Ten Commandments" in every school, anyone?) a lot more could go wrong from here.
#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak
#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak
They are still allowed to restrict export of crypto technology in some situations. Particularly the national security thing looks like it could be pretty all encompassing. Personally, I would prefer the subpeona clause, because at least it would require a court to use it every single time.
"It shall be lawful for any person within any State, and for any United States person in a foreign country, to use " (or sell) "any encryption, regardless of the encryption algorithm selected, encryption key length chosen, or implementation technique or medium used."
"Neither the Federal Government nor a State may require that...a key, access to a key, key recovery information, or any other plaintext access capability be:"
"built into computer hardware or software for any purpose;"
"given to any other person, including a Federal Government agency"
"retained by the owner or user of an encryption key or any other person"
"The use of encryption by any person shall not be the sole basis for establishing probable cause with respect to a criminal offense or a search warrant."
"The Attorney General shall compile, and maintain in classified form, data on the instances in which encryption (as defined in section 2801 of title 18, United States Code) has interfered with, impeded, or obstructed the ability of the Department of Justice to enforce the criminal laws of the United States."
Excuse me, did that trial not happen? If you were to argue that the evidence did not yield that conclusion then I would understand your reasoning. If you were arguing that the evidence was, in fact, legally obtained, then I would understand your reasoning. As it is, all I can presume is that you feel that the blaze of publicity created an emotional situation in which untoward thing could be expected to happen. I happen to agree with that, but still recognize that some of those untoward acts were performed by agents of the government.
I think we've pushed this "anyone can grow up to be president" thing too far.
There's a lot of information on Waco that didn't make it into most media outlets.
I highly recommend the 1997 documentary film, Waco: The Rules of Engagement. Anyone who wants to have a comprehensive picture of what happened owes it to themselves to see it.
Well, the acceptance of strong crypto is a good thing. It could even end up being a good means of further securing the net and eliminating spam and anonymnity.
With strong crypto and one-way functions, it will be possible to securely sign messages. This paves the way for a requirement that ALL messages (to Usenet or by e-mail) be signed. Without secure crypto that just isn't possible. It could pave the way for end-to-end validation of all email and Usenet traffic. Messages without validatable return addresses can be silently dropped at various points along the way. With signing, spammers won't be able to assume anybody else's identity. And we can all have permanent validated email addresses.
I suspect there will be people who find this a bad thing. I don't.
This could transform the 'net from being a 'wild west' environment into a civilized medium. Only the outlaws need regret that.
How is signed spam any worse? It doesn't do any good if anyone can generate a new signature.
There needs to be a reliable key system in place by the government. You think $10 is going to stop a spammer from getting 50 IDs from verisign?
Well, It's about time that the US congress dragged themselves into some semblance of reality on this issue.
Rather, it's about time that the U.S. Congress dragged the Executive Branch into some semblance of reality. The Arms Control Export Act only applies to cryptography because the Executive branch is delegated the authority to name what goods are covered by the Act.
(Note that under the non-delegation doctrine, largely abandoned by the Federal Courts in the 1930's, giving the Executive branch this kind of authority is unconstitutional.)
The laws are, in fact, so stupid that if I download a program that does encryption/decryption from a site in, for example, France, and then I translate the text in its GUI from French to English and stick it back up on the Internet, I have committed treason
No, you're just illegal international arms dealer. See Article III, section 3 of the U.S. Constitution for the definition of treason in the U.S.
Posted by Lord Kano-The Gangster Of Love:
>>The people in the compound HAD time to come out long before the government went in forcefully.
They did not come out beause they were afraid that they'd be shot. They had people shooting from helicopters. David Koresh took a 9mm round in the abdomen.
>>The main reason for the military assistance was to get armored vehicles to prevent even MORE deaths. As I recall, more than one agent was shot by the Davidians. Blame goes both ways.
I don't care what the reason was, they LIED in order to get ILLEGAL military assistance. Not a single FBI or BATF agent or supervisor lost his/her job because of this.
LK
There are no statutes in the U.S. that ban the use or export of cryptography.
You read that right. Instead, we have a law that controls the export of articles of defense that allows the Executive Branch to define articles of defense.
That means President William Jefferson Clinton, since he is in charge of the Executive branch, could unilaterally authorize the export of encryption software right now. He could also unilaterally redefine SUVs, Metallica CD's, and sex toys as articles of defense subject to all the export restrictions to which cryptogrpahy is currently subjected, right now.
Signed spam means that notorious spammers can get identified very rapidly. People can forward the return address of spam they receive to a database that pools the addresses of offenders that all subscribers can draw on for killfiles. It would prevent victimisation of account holders whose addresses get spoofed by spammers and would allow anti-spam efforts to focus on specific accounts rather than whole domains. Nothing that isn't being tried already, but if forging an identity becomes impossible, spammers will have far fewer ways to hide.
Monty Python's Quest for the Holy Grail, and I claim my Holy Hand-Grenade of Antioch.
Posted by Lord Kano-The Gangster Of Love:
It was because of the instructions of the Army that the BATF and FBI poked several holes in the branch davidian home. These holes allowed to fire to burn hotter and spread faster. They alsy know that the branch davdians didn't have child sized gas masks.
Torture and barbecue no doubt. The only doubt is as to who started the fire.
LK
One of the amendments grants the Secretary of Commerce the authority to deny the export of any "custom-made" encryption products designed for "use in harming national security, use in the sexual exploitation of children [or] use by organized crime."
This was obviously put in to ease the concerns of the clueless and has no legal meaning whatsoever. Come on - custom-made encryption products for child pornographers? Anybody know of any?
Of course, anything that helps this bill get passed by people who don't really understand it is great in my book.
/* The beatings will continue until morale improves. */
Here's a link to an analysis by the Center for Democracy & Technology. It's actually a bit more informative than the House of Representatives page.
--
Behold the Power of Cheese!
It doesn't look like it says they can't decrypt things. It just says they can't force you to file a key with the government or a government agency (outlawing key escrow). Maybe I missed the part about not decrypting.
It also makes it a crime to use encryption to hide criminal activities. Seems akin to mail fraud. Watch out for encrypting those MP3s, though! That's an extra 5 years in jail.
And it says that using encryption is not by itself "probably cause" for decrypting. Good! You know they'd use that if that clause weren't in there.
We've seen bills get this far before. If you check out the detailed legislative status, you'll see that it was also referred to the armed services committee, and the intelligence committee. I expect that it will never get out of the intelligence committee.
When campaigning for re-election, the politicians want to be able to make statements like: "I voted for n bills that protect the little children of the world from exploitation."
By tacking this amendment onto this bill, that of course has absolutely no relevance to the issue of child exploitation, the politicians can count this bill in that total of n.
oops, I type to fast to think
I'm not convinced anybody ever thought there weren't comparable crypto products available outside the U.S. If this were the real reason for the export restrictions they would have been removed long ago. Now the European crypto market is quite well developed.
As I see it, the only reason for the restrictions is to put economic shackles on U.S. based crypto companies. Keeping these companies small and unprofitable limits their ability to sell crypto products domestically, and therefore slows the inevitable adoption of real crypto in this country.
(In the interest of disclosure, I work for such a company)
/* The beatings will continue until morale improves. */
Encryption products are general-purpose and content-neutral. PGP can be used to encrypt business plans and negoitations, love sonnets, nuclear weapons designs, harmless gossip, discussions among illegal drug dealers, political campaign plans, kiddie porn - i.e. anything that can be stored in a disk file (a stream of bits). That provision is just for pandering to computer-illiterate "middle america" - but it seriously weakens the value of the proposed law.
--
An esoteric scratched itch:
Homeworld Map Maker Tool
The Prime Directive was the most abused and ignored law in Star Trek (excluding the physical laws of reality :)
Someone around here was telling me about a local election in their hometown for city council. One candidate had only one plank on their platform: Child Safety. When the other candidate said he wanted to talk about something else, our hero would simply say "Don't you think Child Safety is important?"
-- Don't Tase me, bro!
I read the text. One question. Does this include ANY bit length, or did I miss something?
Sig
Appended to the end of comments you post. 120 chars
The United states government is an extention of the American people. It is also one of the most democratic government in the world (look and Canada and Austriala). If you do not like it leave and go to a country that would suit you better. Everything that you stated either happened over 20 years ago, is not proven or is just plain wrong (waco). Illegally obtained eveidence cannot be allowed in court, and contrary to what you may believe, the government doesn't care one bit about the email you send.
This law is a big step in the right direction. I have travelled and lived in most industrialized countries, and we definatly have the best government of all.
Para2801 Sec 3
`(1) GENERAL RULE- Subject to paragraphs (2) and (3), the Secretary shall have exclusive authority to control exports of all computer hardware, software, computing devices, customer premises equipment, communications network equipment, and technology for information security (including encryption), except that which is specifically designed or modified for military use, including command, control, and intelligence applications
from what I can tell this is less of a real move to free american companies from restrictive export controls than a power grab. it is basically saying that the sec of commerce is responsible for export controls and checks rather than any other department. except in the case of things that are specifically listed as being military in nature.
it does remove the need for an export liscense for things after a 15 day review by the commerce dept. which IMHO is a good thing (TM) because if anyone has ever dealt with the government they know that 15 days is a laughably small time frame. it looks like if you submit it and if 15 days later it's not listed as restricted then you get to sell it all you want.
the one that worries me the most though is `(1) in the case of a first offense under this section, shall be imprisoned for not more than 5 years, or fined in the amount set forth in this title, or both; and
`(2) in the case of a second or subsequent offense under this section, shall be imprisoned for not more than 10 years, or fined in the amount set forth in this title, or both
this basically says that if you're arrested for a felony and you use encryption on your files then you get lots of prision time tacked on. since there's no real way to determine what's in the file other than decrypting it and if you refuse to do that then the state can say that that's evidence of it being used in the commission of a felony. Say you have 200 encrypted emails on your hard drive. and you get arrested for grand theft(a felony). you refuse to decrypt the email claiming that it's personal in nature and irrelevant. The state says that it was used to plan your crime. then you get convicted of the crime. they tack on 5 years for the first offense (message) and 10 years for the next 199 offenses (messages. that adds up to about 2000 years in jail for encrypting your love letters or whatever.
while it's unlikely that it will be pushed to that extreme point we need to be aware that it's a possibility and not just assume that the whole bill is good for our side of this debate.
"Understanding is a three-edged sword"--Kosh
So, we can look at the list who voted for this bill and see the spineless and possibly corrupt. Preventing export of encryption that is designed to exploit children? That has nothing to do with protecting little children in the US and its not honest to say they are voting for our children. Something's fishy.
If one wants to protect little children, there are better ways. This is ignoring a problem and creating a new one.