House subcommittee passes crypto bill

kabir writes "Computerworld Daily reports that a House of Representatives Subcommittee has just passed a bill (H.R. 850) easing crypto export restrictions. Interestingly, there are also clauses preventing government officials from forcing people to decrypt data. It's not law yet, but looks like it's headed that way. " It passed unanimously in the subcommittee and is headed out to the general House.

Re:Lies, damned lies, and the above post

[Steve+B]

Everything that you stated either happened over 20 years ago

At the risk of invoking Godwin's Law, is there some sort of statue of limitations beyond which government misconduct is not to be criticised?

is not proven or is just plain wrong (waco)

Huh? I can't find anything wrong with Kano's description of Waco. (Specifically, the ATF and/or FBI, I forget which, concocted a story about a methamphetemine lab in Davidians' village in order to invoke a "drug exception" to the Posse Comitatus Act.)

Illegally obtained evidence cannot be allowed in court

There are plenty of things corrupt government agencies can do with illegal wiretaps that don't involve any court -- recall for example the story of Martin Luther King's personal indiscretions being taped by J. Edgar Hoover's men.

the government doesn't care one bit about the email you send

Well, then, why are Louis Freeh's shorts in a knot because he won't be able to read it any more? He'll still be able to monitor the few hundred or so suspects who are legally targeted by search warrants using alternative technologies (planting old-fashioned bugs, Trojan Horsing the suspect's computer, reading van Eck emissions, etc).

This law is a big step in the right direction.

True, though as some others have pointed out there is some potential for abusing certain clauses.

I have travelled and lived in most industrialized countries, and we definatly have the best government of all.

Not as bad as the others, but I still see that particular glass as half empty.
/.

Lies, damned lies, and the US government.

[gavinhall]

Posted by Lord Kano-The Gangster Of Love:

Slightly off-topic, but not much. Major rant ahead.

It's good to see eased crypto export controls, but the portion about forbidding the gov't from forcing people to decrypt data is a joke.

It's not like our government obeys it's own laws or anything. In the 1960's-1970's the FBI used illegal measured to bring down the Black Panther Party. There are rules against shooting unarmed people, but that didn't stop FBI sniper Lon Horiuchi from shooting Vicky Weaver inthe face while she held her infant daughter(musta been one of those fully automatic assault babies). It's illegal for the US military to engage in domestic law enforcement, but that didn't stop the FBI and BATF from filing bogus charges to get through a loophole in the law to get the US Special forces to torture and barbecue babies in Waco Texas.

This government also inturned AMERICAL CITIZENS for doing nothing more that being 1/4 Japanese. This government exposed mentally retarded people to radioactive substances just to watch them react. This government gave LSD to men in it's armed forces to gauge how well it could be used to interrogate prisoners. This government let men die from syphillis, while lying about giving them treatment, just to gain information about the progression of the disease. This government assisted the Russians in assassinating the leader of the Chechnian rebels, which is 100% ILLEGAL.

I could go on for paragraphs on this, but I think you all get the point. Agents of government (all of them) will routinely violate or circumvent (but usually the former) domestic and international law if they believe that it serves their purpose. Just because they added a provision forbidding their agents from forcing us to decrypt on demand doesn't mean a thing. It's a paper tiger with no teeth or claws to back itself up.

LK

A step toward sanity

[Fish+Man]

Well, It's about time that the US congress dragged themselves into some semblance of reality on this issue.

The laws in the US regarding the exporting of encryption and decryption technology were all derived from the premise that US engineers and scientists were the only ones on the face of the planet with any ability whatsoever to invent any sort of encryption/decryption techniques, and that the scientific/engineering/software community elsewhere were completely incapable of developing any such technology on their own and would only obtain it if they got if from us.

Just a TAD bit stupidly arrogant, no?

The laws are, in fact, so stupid that if I download a program that does encryption/decryption from a site in, for example, France, and then I translate the text in its GUI from French to English and stick it back up on the Internet, I have committed treason. (Because I transfered a program containing encryption/decryption from my computer, on US soil, owned by a US citizen, to the world-wide Internet. It was irrelevant that the encryption/decryption portion of the code originated in another country anyway!)

From my reading of the article, (and it's kinda sketchy) it looks like this represents only the first small step towards sanity. But at least it's a step.

Problems with H.R. 850

[fluffhead]

Overall, seems a lot better than the status quo, but several problems remain:

1. The bill seems to have an NSA/FBI/CIA inspired loophole - it only relaxes standards on user-"inaccessible" or non-"end-to-end user encryption" products. In other words, you can use whatever you want to connect securely to your ISP, but not to use strongly encrypted VPN tunnels, or send encrypted messages via PGP/voice scramblers/whatever. The intent seems to be that the powers-that-be will still be able to tap your cleartext (presumably only by warrant, but what about the NSA's reputed ubiquitous taps?) at the first unencrypted hop. Of course, with PGP et al. already out of the bag, this may be a moot point anyway.

2. The tack-on penalties for using encryption in the furtherance of a crime, seem like they might run afoul of the Fourth and/or Fifth Amendment. Of course, our current batch of Supremes will likely not see it that way, especially if drug dealers and kiddie porners are the ones being prosecuted for encrypting the evidence. Besides, the cops will only be able to tell if the encrypted stuff was related to the bad stuff if they follow their current routine - seize everything that even looks like a computer, and try to crack all of it. This bill merely encourages that kind of overreaching behavior. More martyred Mitnicks to come? Start generating those 2048-bit keys now... maybe the statute of limitations on your crime will run out before they can decrypt your data. Does "self-incrimination" cover giving up your PGP pass-phrase?

3. It still has to make it past the Senate.... and judging from our enlightened members of both houses ("Ten Commandments" in every school, anyone?) a lot more could go wrong from here.


#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak

Americans as sole source of good crypto?

[DiningPhilosopher]

I'm not convinced anybody ever thought there weren't comparable crypto products available outside the U.S. If this were the real reason for the export restrictions they would have been removed long ago. Now the European crypto market is quite well developed.

As I see it, the only reason for the restrictions is to put economic shackles on U.S. based crypto companies. Keeping these companies small and unprofitable limits their ability to sell crypto products domestically, and therefore slows the inevitable adoption of real crypto in this country.

(In the interest of disclosure, I work for such a company)