Slashdot Mirror
SAFE rewritten to be more law-enforcement friendly
Alex Bischoff writes "According to this article, SAFE (the Security and Freedom through Encryption act) has been rewritten to be more law enforcement friendly. 'The House Armed Services Committee voted 47-6 Wednesday to replace an industry-endorsed encryption bill with substitute legislation drafted by law enforcement advocates.' " And for once, it looked like the US Gov't was going to get a /clue/ about crypto.
Disclaimer: I did read the article.
While it is true that this bill does not contain any regulation of domestic encryption, it does contain certain ominous particulars. The most obvious of these is the clause which places the whim of the president above any law or court.
Don't assume that it will be found unconstitutional. When the issue of 'national defense' is raised, we have done far worse. Remember the atrocities committed during world war II, towards the general asian populace? Once this has been established, the framework will have been laid for much more extensive legislation. This is exactly analogous to the anti-gun movement, the pro-welfare movement, etc.
The first step in erasing freedom lies in restricting a basic right in such a way that no one will complain. No one needs field artillery or heavy machine guns. Later, this becomes 'cop killer' bullets and assault rifles; note that neither of these terms existed before they became illegal. In crypto, it will become 'strong' domestic crypto, or possibly 'military-grade' crypto. Why would anyone need that if they weren't using it for something illegal?
Later, someone will be caught dealing drugs or *gasp* helping illegal immigrants into the country, and it will be discovered that they used encryption to hide their nefarious activities. The brady bill of domestic encrytion will be passed, and everyone who stands against it will be a child molester just like everyone who opposes handgun control is a psychopath today.
After all, my mom doesn't understand either subject and votes the way the minister tells her to on sunday. Millions of other people do the same. The number one concern Curt Weldon and JC Watts have is getting re-elected, and the masses will be happy to do it as long as it makes them feel safe, regardless of how accurate that feeling is. In a democracy it is very dangerous to be a minority.
BTW back to the president's newest empowerment: if it passes, and he chooses to make all cryptography illegal to keep saddam from blowing us up or something, we won't be able to revoke it. Ever. Unless he decides to change his mind.
... and there is no doubt, that one day he will be
where the eye of his telescope has already been
At present, Canada's crypto export laws are wide open and one Industry Canada official stated in an interview with Shift magazine (http://www.shift.com/shiftonline/SiteMap/frames/m ag7.2.asp?searchfor=7.2power) that they were not going to be "boyscoutish" in applying crypto laws. So us lucky Canucks can rock strong crypto all we want. Plus, a company in Montreal called Zero Knowledge Systems (http://www.zeroknowledge.com) is going to launch Freedom, a privacy software that will provide super strong crypto for browsing, email an chatting. The Shift story with the quote from Industry Canada is a really good cover story on ZKS.
So you can export to Canada or , like ZKS, export from Canada.
Yeah!
Won't work. Canada respects the US's Crypto export laws, so it's still the same. Except that your violating canadian law instead of US :-)
DISCLAIMER: IANAL, This could kill your grandmother or dog. (Or, in some extreme cases both).
governments don't give rights, they only take them away. noodge.
Have you seen Ironstayn vs Supergovernment yet?
ok, daveo now realises his error. that must have been loooked over, soryr. too err is.....
-DAVEO
It's scary. Here's a bill that goes through the ardous process of being introduced, tweaked, voted on in the house, tweaked, voted on in the senate, tweaked to make even the private sector happy, and then *wham!* the Men In Black just come in and fscking "totally replace" the entire thing skipping over the whole normal process, like bonerz cutting in line, and their newspeak still manages to keep its high position in the queue and will soon go to the President for signing or veto? WTF is going on?
Sorry, I have to call you on this one. I have the right to own a gun only because 200 years ago a bunch of people got really pissed off and thumbed their noses at the government. The government is welcome to come knocking at my door and ask for my encryption keys. They won't get them, but they're certainly welcome to ask. And if they give me a choice between surrendering my keys and dying, well, you may fire when ready, Gridley.
The government hasn't given me anything it didn't take from me in the first place in the form of taxes. Certainly not the right to freedom of speech or any other right in the Constitution. When people stop claiming rights as belonging to them instead of being granted to them, we're in trouble.
-- Old Man Kensey
yeah, sure it is. I can't speak for the rest of you, but I'm fed up with all this big brother bullshit from the government and corporations. I would certainly not lose any sleep if every person in the NSA slowly burned to death over hot coals, in fact I'd probably be laughing while roasting marshmallows at the same time. The US government is a traitor to it's people and the constitution which it pledges to uphold, but does the exact opposite.
The French have reversed their opposition to /. not too long ago.
encryption. Read it on
No doubt to piss off the US Government. Good.
-kabloie
My understanding (being canadian) is that the US gov't wants to limit the use of strong crypto to protect the american people and their way of life. Assuming I am correct in that assumption.. even if they pass this law.. what is going to stop criminals from using strong crypto anyways?? If they are doing illegal stuff anyways.. what is one more thing like using strong crypto? Makes little sense to me.. but then again I'm canadian as I said before.
Lord_Rion
--Hired Net Grunt
Well, just like handguns require a 7 day wait in massachusetts. If one wanted, they could do like that guy in new york did and spring $300 for roundtrip airfare to FL, buy a gun and come back to Massachusetts with it. But just because I can do that doesn't mean its legal or right.
We don't export nuclear missiles to other nations. Oracle isn't allowed to sell their database software to enemy countries. SGI IBM and Sun can't export their computers to enemy countries. They all manage to get this technology anyways. Does this make it right? No. But should we make it easier and say its okay? I don't think so.
I'm sure the LEAs behind this re-write would force us all to accept brainwave tranceiver implants if they could figure out how to do it. As far as they're concerned, your average law-abiding citizen is just a mark to be hustled.
Congress, on the other hand, are just lazy, uninformed, spoiled, sub-par human beings who don't give a hoot in hell about the laws they pass as long as they are returned to their gravy train every few years. Most of them never bother to read the bills they vote on, even though they all fight for the chance to give a little "Give me this law, or give me death!" speech every time the C-SPAN cameras' little red lights flicker. They don't care if the laws they pass actually accomplish anything useful, as long as there will be another checkmark next to their name in the "Tough on crime" column in some lame "Voter Guide for The Braindead" in 00. Anti-crypto laws have just about as much effect on criminals' use of crypto as gun control has on their use of guns. The law-abiding are the only ones who obey these stupid laws.
Judging by the conduct of the folks from Washington, they think the laws they pass are for suckers. Kinda' makes me wanna' puke. Sorry for the rant, but I'm fed up.
slashdot broke my sig
That I create a new super-strong, criminal, whatever crypto software in the US and say that I made it in Mexico, or Canada, or Japan, or any otehr country out of the reach of Big Brother. How would they go about proving I wrote it here? The burden of proof is on them, remember.
-- Terry
can anyone who is more knowledgeable about this subject explain what affect this will be having on export encryption laws? if it *substitutes* the industrey endorsed bill, then why would it be more favoreable as hemos suggessts?
-DAVEO
Why do those people in the big white building on Capitol Hill believe that this is going to help law enforcement?
Do they honestly believe that the US is the only country in the world with strong encryption technology?
If a foreign government wants strong encryption, then it will get strong encryption. There is no way to stop this happening.
Historically Europe has been ahead of the US in encryption technology any way, and the only European country with this level of encryption control is France who have outlawed encryption entirely.
There is nothing on the planet stopping me (I live in the UK) from selling an encryption system developed outside the US to whomever I please, with certain restrictions (Iraq comes to mind). US export laws don't affect me because the stuff was never in the US.
I think that the Open Source community should try and come up with a really heavyweight encryption algorithm outside the US. That would effectively scupper any stupid moves like this.
You can't export from America? Don't - export from Wales, or Scotland. The code is not American, the country is not restricted by US export laws. Tough s**t chappies in Congress. If the NSA can't crack it, then they should get a bigger computer.
Now, is anyone interested in my One-time-pad encryption system? $40 per disk set. Guaranteed no two disk sets the same!
I worked in political campaigns for 4 years... promoing bills that I felt were right. Now, the problem with that is, after working on a bill that passed, we found out that the president/house/senate had added, removed, or in some way butchered the bill so it no longer did what it was supposed to, or it did something bad. Line item veto takes care of getting rid of the real point, and just keeping the pork.
Come on... Like the guys in Finland don't have all of the commonly available encryption packages. It isn't that hard to get them over the internet and out of the country. What's the point in writing more legislation that says "No exporting Encryption" when all you need is a US based shell to get all of the encryption software you want?
Idiots.
Five committees have passed versions of this bill. The Rules Committee decides which one to send to the entire House, and they are friendly(er) towards the bill. It almost certainly won't be the fascist inspired version from the Armed Services committee.
--
Infuriate left and right
This is just my little blab on government linguistics, but this just another example of how what a government service is called one thing, it usually means another, like the "Defense Department" or Nixon's "cointelpro". This "SAFE (the Security and Freedom through Encryption act" is just another example of how the title of one bill does the exact opposite of what it proposes to do, in order to decieve the public into believing that maybe progressive change is occuring.
-Ben
bensmith@biz1.net
You think that they don't know that if you use strong encryption that they can't read your email? Of course they know that. But they don't care that you don't want them to read your email. They want to be able to read it, screw you. And they realize that few enough people care today that they can go ahead and abridge rights now, and then people will never have them later to miss... they can seize the right now, before people realize they have it. And they know that if most people never become accustomed to it, they won't ever want it or miss it.
If you never saw a computer, never used email, and nobody else did, then you wouldn't miss it. If someone took it away from you now, you'd be pretty angry. I know I would. And it is the same way with all sorts of rights -- if people learn that they have a right, they will fight to keep it, however if they never think they have a right they won't really care.
Why do you think it's so hard to take away guns from people here in the US? Because it's our right to have guns. Law abiding citizens have the right, given to us by our government, to own firearms. I don't know if that was a good idea, and that isn't the point of the argument. The point is that when the government makes movements to abridge that right, people get angry. Because they have learned to exercise the right.
-- Erich
Slashdot reader since 1997
Canadian encryption policy is similar to the US. We can use what we please, but we have fallen in line wrt the Wassenaar agreement (Read US policy) in the relm of exporting.m l
I believe Wassenaaur states: (along with you can't export cool stuff like cryogenic systems for rocket fuel...)
Anything open source export is fine. (horsey outa da barn!)
56bits (piddley) fine
greater than 56 bits-- must apply on an individidual basis.
http://e-com.ic.gc.ca/english/fastfacts/43d7.ht
For entertainment check out the analysis of the submissions to the feds' policy paper. Of all the groups and individuals *nobody* wanted anything but market/no-restricitons except the police which wanted prefered restrictions and access to your keys. And we still get Wassenaar!
http://e-com.ic.gc.ca/english/crypto/631d6.html
Of note is that there were submissions from law enforcement agencies, but no submissions from security agencies. They have other avenues...
Cheers,
Bobzibub.
Well, would you want to use MS Crypto if they did??? ;)
In short, they make it illegal for US companies to create top-notch secure software. I guess that if the job really requires the security, our only legal option would be to import software from Europe.
This isn't crippling the world's ability to do crypto. It's just insuring that the US won't be able to cash in on it.
Methinks that the NSA came up to Washington one day and strongly encrypted some legislators' minds. In some cases, the point is that it inhibits rights. That aside, my problem is that it won't work to do the job it is supposed to do. It will just move the suppliers overseas, and let them legally export the tech to us.
--The basis of all love is respect
From the article: "It [the new bill] says any White House export decision cannot be challenged in court"
This is a democratic government? This all sounds highly dictatorial to me.
Thank you for pointing out something I forgot.
someone Mod my comment out of existance, plz.
from the press release
Provisions of the committee approved Weldon-Sisisky-Andrews amendment would:
- Reaffirm authority of the President to control export of encryption production products for national security purposes.
- Establish statutory framework for export control of high performance encryption products.
- Require the President to establish a performance threshold for encryption. Encryption products
- that fall below the threshold would be permitted for export without a license. Encryption products above the threshold would require an export license for export.
- Require a one-time technical review for all encryption products proposed for export.
- Allow the President to establish certain sectors that would be subject to license free treatment of encryption products above the threshold, consistent with current U.S. policy.
- Require the President to review the adequacy of the performance threshold every six months.
- Establish an advisory board to review and advise the President on the foreign availability of encryption products.
I don't like these provisions either, but everyone here should admit that this should be better than the current state of affairs. My problem is that it appears that the decisions will be solely made by the president. We all know how the president feels about issues of "national security." This means that things basically won't change until someone intelligent coms into office, which will happen eventually. Also it does not define who issues export liscenses, which might mean that they would be impossible to get if the wrong people are in power#define F(x) int main(){printf(#x,10,#x);}
F(#define F(x) int main(){printf(#x,10,#x);}%cF(%s))
Didn't we go through this once before? Why is it that every blistering time the people who are actually working with the technology get a bill into Congress, the bastards rewrite it to mean the exact opposite of what it once was so that we have to all call our Senators to tell them to vote against the same piece of legislation that we called them to tell them to vote for just a few months previous.
For that matter, I would like to know who was asleep at the switch and allowed the fascist thug squad to change the bill to begin with... I had foolishly assumed that this would not have been allowed to happen a second time.
Okay. We should start thinking about what we can do to make this bill ineffective right now. I have a few ideas, but one in particular seems easy to do and feasible.
The problem for Linux isn't that crypto development work can't be done in the US -- although that is a problem. The real issue is that distributions in the US can't include strong crypto. (And the kernel can't either.)
So how do we get around this? Easy! Change your makefile to depend on a file which doesn't exist. To resolve the dependency, have wget pull the file from a web site. For distributions, this would fix the problem for people with great network connections. For others? Well, maybe somethign else can be worked out.
For the kernel, distributions will still have a problem, but there could be a small program called secure_kernel which downloads the relevent code and recompiles and installs the kernel.
And, of course, applications can link into a library for which the source is downloaded and installed at install time.
This
Yes, indeed, they do. Win 98 includes Internet Explorer (remember, it's a part of the OS...repeat that enough times and you might believe it). Internet Explorer is an HTTPS client, and thus has SSL encryption. Now, are there two strengths of Win98/IE, one for domestic and one for foreign?
And so what if they did ship Win98 with the full 128-bit crypto? The government seems to have little control over Microsoft anyhow. Would the DOJ come by and issue a cease-and-desist?
Win98 ships with IE. IE ships with cryptography. The state department defines cryptography as a munition. Win98 comes with munitions.
Or, in short, Win98 bombs.
--The basis of all love is respect
Just wondering how strong is PGP (1024 bits ?)
It seems that RC5-64 will take years to crack by
brute force. How about PGP? Isn't PGP already available world wide ?
This is a message I sent to Congressman Weldon (a representative quoted in the article) and to my Congresswoman, Sue Kelly. It could make a difference if a lot of people did the same.
w +ByqDFc17wCeKJT6
Kyle
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Congressman Weldon and Congresswoman Kelly:
I don't know why people have a hard time getting this through their
skulls, you included. Let me make it plain:
Foreign countries already _have_ strong encryption technology.
Restricting export only causes inconvenience and financial loss for
providers of encryption within the United States.
Witness RSA Data Security's creation of a partner business in
Australia which will allow them to finally compete in the
international market for an encryption protocol that the three MIT
scientists created in the late 70's. Witness the hoops free software
developers have to jump through to get encryption code out of the
United States: printing it out on paper and then scanning it in
overseas.
Other countries already have access to all the major encryption
protocols: RSA and Diffie-Hellman/El-gamal on the public-key side,
IDEA, Blowfish, 3DES, RC5/6, et al. on the symmetric key side. This
is a _fact_: you cannot contest this. In fact, not only do they have
access to such algorithms, they have polished applications allowing
them to apply it! The following websites detail just two of many
such applications and libraries that are outside the control of the
United States and are available to anyone, anywhere in the world:
GnuPG, a free software replacement for PGP
http://www.d.shuttle.de/isil/gnupg/ (Germany)
OpenSSL, a free software library for the secure socket layer,
supporting encryption keys of arbitrary lengths
http://www.openssl.org/ (Switzerland)
Therefore, it is illogical to restrict the export of encryption
technologies from the United States with arguments based on
law-enforcement, because _everyone_ -- criminals and non-criminals
alike -- already has full access to the strongest available
encryption.
Since I refuse to believe that any of our elected representatives are
actually stupid, it remains that you must have _some_ reasonable
motive for retaining these inane, damaging, and futile controls. What
that is, no one else can figure out; but we, the people of the United
States, would certainly like to hear it. I would appreciate your
sharing this with the rest of the committee because I cannot honestly
believe they would support these controls if they actually knew the
information contained herein.
This email, by the way, is signed by my GnuPG private key. You can
verify its authenticity with my public key, which can be found on my
homepage.
Yours truly,
Kyle R. Rose
Registered NY State voter
- --
Kyle R. Rose "They can try to bind our arms,
Laboratory for Computer Science But they cannot chain our minds
MIT NE43-309, 617-253-5883 or hearts..."
http://web.mit.edu/krr/www/ Stratovarius
krose@theory.lcs.mit.edu Forever Free
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.9.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE3l0qp66jzSko6g9wRApD0AJ928fzYTNSaZG+/wUc
zp5Mfmmy/4uAbN+v6dcJwsM=
=He4J
-----END PGP SIGNATURE-----
--
Kyle R. Rose, MIT LCS
[ home ]
Every time crypto export regs come up for discussion, people say that the regs are nonsensical, that the theory is that the rest of the world is too stupid to develop strong crypto. This is incorrect on both counts.
Let me state at the outset that I support an elimination of the crypto export regs as I do not believe that they are effective. They have not prevented strong crypto from reaching the rest of the world, and esp. not the black hats, who are after all the sole legitimate target of this sort of thing anyway.
The idea that crypto is a munition is correct. It is a tool which is used to defend oneself (in this case, one's data) from an enemy. It can be used by one's enemies to defend their data from your perusal. Lest you think that this is a minor argument, recall that we won WWII mainly through the strength of our cryptology work; without it the Germans and Japanese would have controlled the globe (I discount the Italians for the simple reason that they would have in time been absorbed by the Germans).
The logic of denying one's enemy weapons is not that he cannot develop them for himself; it is rather that there is no point in developing them for him. Anyone can make an atomic weapon; it's not that hard to do. But we don't allow them to be sold. This keeps the barrier to entry higher than it would otherwise be. Ditto for cryptology. Anyone with a semi-decent grasp of programming and a book on cryptology can come up with a workable encryption program. But why should the US do the work for him?
There are legitimate concerns about cryptology. It makes intelligence gathering much more difficult, forcing it to rely on fallible human agents much more than on intercepted transmissions. Our national status is at present due in large part to the efficiency of our intelligence apparatus. Without it, we are much weakened (although not entirely; we also have an excellent military and a top-notch economy).
Unfortunately, the cat is out of the bag in regards to cryptology. With modern software only one person need duplicate functionality for the entire world to use it. Our export restrictions on cryptology now do more harm than good (and they do do good, by making it more difficult for encryption to be used); they have hurt the international competitiveness of our industry. Hence they must be revoked.
Crying that they're holding back technology means nothing; it's like a chemical firm complaining that chemical weapons restrictions are holding it back. It is futile and wastes precious political capital.
As regards encryption with the borders of the US, it is quite rightly allowed. This is a nation which deems rights more important than security. Hence the First, Second, Fifth and other Amendments. This is why we are innocent until proven guilty. This is why the right to encrypt one's data is preserved. IMHO, we should add a new amendment to the Constitution guaranteeing that right.
However, an internal right does no mean that it means anything when crossing international borders. A right to say what one wishes here does not nec. mean that one can carry that tape out of this country or into another. Otherwise espionage would be legal. Restricting export is not a free speech issue. It's a bad idea for other, equally important, reasons.
Two issues spring to mind: First, that if our national security is dependent on the unavailability of open mathematical algorithms and open-sourced freeware encryption programs, then we are in a world of hurt.
Second, the message that this gives the world about Americans isn't very flattering. The government is saying that privacy is OK if you are a citizen of the U$A, but citizens of the REST OF THE FUCKING WORLD have no right to privacy and should have no protection from CIA snoops. The arguments of this bill read like an open statement of intent to spy of the rest of the world without any regard for other people's privacy or national security.
Has any American corporation sued for damages over this? Has anyone protested diplomatically about the open statement of intent to spy on their countries' citizens? If not, why not?
One of the things that interests me in the Mac OSX is that it is supposed to have the facility for accepting a bunch of crypto plugins. (Apple apparently had to run it past the NSA for an OK, but it was s situation of "see, no crypto until you add it on later."
Apparently, if you have the plug-ins, you can encrypt file systems, etc. There was some talk from Apple that it would potentially be the tightest and most secure system on the streets when the right modules are implemented.
It will be interesting to see what actually hits the street when OSX comes out--if the slots for the code plug-ins are there, you can bet there will shortly be some strong crypto to plug into them there slots.
I have a little something I use to understand people: the "80% Rule".
This states that 80% of people are Morons.
If you consider this, things today make a lot more sense. It HAS to be true, look at the REALLY stupid things people say and do.
Look at the poll numbers. Something like 75% (awfull close to 80%) of people in the U.S. say they would vote AGAINST the US Constitution as it was orginally written.
Also, the funtional illiteracy rate (people who can't read and understand a newspaper) is in the 70% range.
Finally, about 80% of all incumbent congresscritters get re-elected. (And they are about 80% LAWYERS).
80% is a good, round number. Use it, it helps.
"to maintain an information-based advantage over our enemies"
In the "anti-terrorist" legislation, the American public was defined as an enemy of the government. So which "enemies" is the government talking about? Just something to think about.
--- "So THAT's what an invisible barrier looks like!" - Time Bandits
The problem with the various provisions of the amendment is that they take us right back to where we started. A centralized body with no incentive to allow free exchange of ideas decides whether US citizens can export any given piece of encryption software.
Clearly they're not doing this to prevent strong encryption from exiting the US, since it exists in quite usable forms elsewhere. They're doing it to advance an agenda that links privacy with illegality.
It's worth remembering that even representative governments are not reliable defenders of civil liberties....
NSA: Sir, will you please look into this light.
Representative: What is this some kind of eye tes...
(flashy light thing)
NSA: Now sir, remember you work for us, you do everything we tell you. You are being placed inside Congress as a representative, so act the part. But remember you must always report back to us. Now sit straight BOY.
I, personally, would always choose freedom over order here's why:
1. The government isn't protecting you. They just clean up the mess when the crazy part's over.
2. When the government crashes, the underground will still be completely intact.
3. The human race started free. We are the only species on the planet to surrender our freewill to legaslative control. This is not necessarily because we're smart. That's just what we've been taught.
I say, let the government get more and more and more oppressive. Bend it back and forth, see what breaks off. Let's go to the end of the road and see what's there. I'm not scared, just paying attention.
--- "So THAT's what an invisible barrier looks like!" - Time Bandits
Here is what this means: Bigbrother.
More legalistically put it means that Congress has dropped an encryption bill that would have protected the privacy interests of everyday citizens and has instead approved a version that favors American law enforcement agencies and their allies.
If you are American it means weak encryption at your disposal, this is a disadvantage for commercial interests engaged in international trade.
If you are not American it means you will probably have access to foreign encryption software that is strong, but it also means the US regards you as an enemy.
Please join the struggle! at ompages.com to build a great big Virtual Private Network based on strong crypto. Email me and find out how you can help. Cheers!
Won't work. Canada respects the US's Crypto export laws, so it's still the same. Except that your violating canadian law instead of US :-)
Not exactly. Canada respects the U.S. export restrictions... on software that was imported from the U.S. Any strong encryption we get from stateside we get on the condition we don't export it anywhere they wouldn't. Anything developed here in Canada, or elsewhere outside the U.S., does not fall under U.S. export restrictions and can be exported legally.
-- Bryan Feir
It ways that export decisions cannot be challenged. Under the proposed law, if Slick willie says Netscape can't export their 128-bit browser, then Netscape cannot challenge the export decision under the law. Internal to the law, there is defined to be no dispute procedure. Netscape can, however, challenge the law itself. This is a subtle difference. It is only within the law that there is no defined dispute procedure. The law itself, like any law, can still be challenged in court.
No, they are just under the impression that they have a clue. Any semi-competent international-terrorist/drug-lord/whatever will realize they can get their strong encryption abroad. The only group of people that these restrictions effect are those that follow the law... I don't understand why they can't see how utterly pointless these restrictions are!
Do the majority of US citizens actually support the regulation of strong encryption? Does the gov't really represent the people?
--Rob
personally, when I read that,
I got REALLY scared...and still am.
As my AP Goverment teacher pointed
out to us back in high school, the only
way bad US laws really get taken down
is when someone makes a fuss about them,
challenges them in court, and the
Supreme Court eventually rules them
unconstitutional. That power right there
is the only thing which has managed to
keep the corruption of congress from going
wild. So now they just pass a bill which
states "you can't challenge this in court!",
and as soon as Pres. Billy signs it,
no one can ever challenge it at all,
no matter what is done?
Just tack that on to every bill they pass,
and the Judicial branch becomes completely
irrelevant in the system of checks and balances.
The courts were the last refuge US citizens really have for fighting their government...everyone knows "writing your congressman(woman)" NEVER works.
I'm really scared that someday I'll be arrested,
and never be able to challenge the law, because the courts aren't allowed to challenge it.
-A scared US citizen, looking towards Canada.
or europe. or, better yet, Antartica.
...as a law that can't be challenged in court. Hell, if this bill contains such language that will ASSURE it will be challenged AND struck down. The courts WILL NOT give up any power like this.
Read up on so called "executive orders" (sorry, I don't have the URL handy). It turns out (via FDR's "War and Emergency Powers Act") that we have been under a "state of emergency" since 1934. It was never repealed.
The president can basically do ANYTHING HE WANTS and congress has sixty days to overturn each order. They never have.
Billy Boy issued more executive orders in his first term than all the other presidents combined.
If he can't get what he wants through congress he simply issues a "royal proclamation" and boom, it has the same force as law.
Now THAT'S SCARY!
Well, why don't we just have ourselves a dictatorship, eh? That would bypass pesky old congress. I trust a one person gov't even less that congress!
--Rob
I'm not a an anti-government nut,
but I think it's kind of obvious that the
"enemies" the bill refers to are not international terrorists, child pornographers, or whatever...the "enemies" are the average American public.
I don't think the US government is smart enough to engage in a conspiracy, in the words of Bill Maher, "conspiracy? they can't even deliver the mail!". But I do think that they are as smart as the bullies on the school playground...they know who they should fear. Criminals, intellectuals, etc...they aren't a threat, as far as numbers go. But the general american public, the masses, the "sheeple" (love that phrase), must be kept in line. If _they_ get out of line, the government is in trouble.
look act the facts:
- Export control in the US doesn't affect the outside world at all...numerous postings have made this clear.
- Export control does limit US companies from making exportable, strong encryption products.
Many therefore won't bother making them at all.
- Therefore, "export controls" limit the presence of crypto _within_ the US, without explicitly saying so. No real effect on non-US citizens, but internally, they can now monitor the sheeple, who won't really use encryption unless it's pressed under their maws.
For the note, I'm NOT an elitist.
Put me in a large crowd, whip us up to a frenzy
against something or other, and we'll all
mindlessly move that way without individual
thought. The archetype of Star Trek's Borg is but a reflect of the darker side of our minds, wherein we lose individual thought amongst a crowd...the most dangerous thing in the world is a _group_ of angry, cornered prey, especially humans.
Fear the people.
This is a recurring pattern. Brave ideas about a reasonable crypto regime, them a major jellyback act as congress caves in.
Back in the J. Edgar Hoover days, when the FBI's budget was threatened, certain incriminating photos and other information would be brought to the attention of those involved.
Suddenly the FBI's budget would be off the agenda.
Anyone got a better theory about what happens with the crypto laws?
The article makes it pretty clear the aim of restricting crypto export is to make it easier to spy on people. The US has a long record of spying on friend and foe alike and using the information to protect its interests, especially commercial interests.
The fact that the export regulations make it considerably more difficult and inconvenient to get strong crypto WITHIN the US and presumably makes it easier to spy on US citizens - in the hypothetical scanario that they wanted to do that - is just a bonus.
So what? Availability is nice, but law enforcement folks don't care whether it's available, they care whether it's used. It's clear that availability isn't enough to promote use. It needs to be ubiquitous and effortless, and that means building it into popular software systems.
If Microsoft, Netscape, and AOL all built strong encryption into their mail software, everyone would be using it. That's what law enforcement is afraid of, and the current legislation is effective at preventing it. They're not stupid; they're getting exactly what they need.
The jurisdiction of the courts has _always_ been under the control of Congress. Read the constituion a little closer and you will see this. In fact, this is hardly the first time nor even the most controversial use of such power. Following the U.S. Civil War the Congress removed from the jurisdiction of the federal courts all cases arising from the reconstruction acts.
The only exception to this rule are cases which have _original_ jurisdiction with the U.S. Supreme Court. These are cases of admiralty law and suits between the states themselves IIRC. Last year was rather noteworthy because the court heard one of the first such cases in something like 50 years (New York and New Jersey were fighting over which state Ellis Island is in...NJ won.)
You may have hit the nail in the proverbial head. Now if they could only legislate away clever terrorists inclined to use strong encryption even when it is not ubiquitous and effortless.
Yes, it works much like gun control... you disarm only the people who obey the law anyway.
Since JFK Jr. and family were reported missing and the popular news media have been *cough* *cough* 'reporting' on it, I've been waiting to hear through my favorite other sources (e.g. /.) that the 1st Amendment to the U.S. Constitution has been repealed. (For non-U.S.A.: 1st Amendment is freedoms of religion, speech, press, assembly, and petition) I guess this and the other Wired headlines for today indicate how close they (congress) dare, since most of America is watching the sea-burial.
:)
So is this convenience, conspiracy, or coincidence?
Oh, yeah. M-x spook.
Notes from the article:
"Proliferation of encryption technology would harm our ability to gather vital intelligence, jeopardize our early threat warning and attack assessment, risk our ability to maintain an information-based advantage over our enemies, and place our nation's most secure systems at risk," said Representative Curt Weldon (R-Pennsylvania), who introduced the amendment.
Bullcrap. Our enemies already have encryption that's probably good enough to hide what they're doing, if they want to use it. And if they haven't got it yet, they can order the books from Amazon.com and code it in themselves! Do all US Reprehensibles think the enemies of the US are stupid?
The version approved by the House Armed Services Committee would grant the president complete authority to deny any expert controls that he considers "contrary to the national security interests of the United States."
So the Prez will have dictatorial control over that aspect of our lives. Sieg heil!
Weldon's bill contains no domestic restrictions on encryption, but the measure is hardly what tech firms had hoped for.
Hmmm.. guess they haven't figured out a way around that pesky 1st Amendment yet, or they'd ban domestic encryption too....
It says any White House export decision cannot be challenged in court -- an attempt to block lawsuits like one brought by a math professor that won a recent victory in the Ninth Circuit Court of Appeals.
THIS is what burns me up. Either is is blatently unconstitutional, or we need to shoot the buggers and start from scratch. NO law or decision should be immune from challenge in court -- that's what the bloody courts are for in the first place!
I'll say it again... it's time for us to head for the moon and live there.
The NSA (and this is their long spiny fingers in action) is made up of either morally devoid or completely brainwashed people ("Must not give freedom, freedom leads to chaos, must not give" etc), but they are no doubt intelligent. They know they cannot stop crypto, they know that terrorists and foreign governments mostly have, or could have, unbreakable crypto today.
But, just like Microsoft who can't stop Linux, they know that if they use everything in their power to make it as clumsy and complicated for Crypto to be widely used, they can keep it out the hands of the every day man (their real favorite targets) for as long as possible.
And its working, until people either smarten up or the courts do, Crypto will never reach widespread use.
"It says any White House export decision cannot be challenged in court.."
IANAL, but isn't this clause blatantly unconstitutional?
Posted by Lord Kano-The Gangst:
This is about allowing the police to have an open window into all of our daily dealings. When broadband internet access is available to all do you think that the average idiot is going to know how to control the shares on his windows 9x, or 2k box? Hell no. Your local LEOs will be able to get a list of IPs from your ISP(just by asking), and browse HD's. Some of you may think "If there's nothing illegal then there's nothing to worry about."
I disagree, what if you're dating the cop's ex-wife? What if she left him for you? What if a cop has some other reason to want payback (like you beat him up in HS or whatever)? One picture of a naked kid gets "found" on your computer and you're getting butt-raped in a cold dark cell and the guards don't care because they think that you're a child molester.
This isn't about "early warning" systems. It's about big brother wanting to see everything that we do. I'm again going to borrow from Phil Zimmerman, this would be akin to the police trying to outlaw the use of envelopes on international mail. They want us to use postcards so that each piece of mail can be easily read in transit.
Screw that. I've seen cops lie in court, I've seen cops falsify reports, I've seen cops beat the tar out of an unarmed 15 year old kid. F*CK LEOs, I don't trust them, especially if they don't trust me.
LK
Does anyone know about Canada's crypto export laws? Are they similar to the US's? Because exporting crypto software to Canada is legal, right?
The line item veto has not been found unconstitutional, since it's really just a procedural motion (all appropriations bills are automatically broken up into lots of little bills that each stand individually). Congress is permitted to define its own procedures on matters such as these.
This, however, is not an appropriations bill and therefore the line item veto doesn't apply.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
Here we go again, executive orders. People, executive orders are good! It allows the president to create any law he deems fit and bypass that pesky, slow, and inefficant congress (check's and ballances my ass). How else would the president be able to grant FEMA the power to take control of land, people, and goods if they decide to. Congress, with their "Constition" whining would have fought that one. That's why I'm glad the FEMA executive order prevents congress from acting on FEMA's decision for 90 days.
Our congress is two preoccupied with those outdated amendments written by a bunch of dead white guys when the government was something to be feared, not completly trusted like today. Why back then, the govrenment actually fired on civilians! who opposed them or their rules! Without provocation! Can you imagine that?
I feel executive orders are a necessary part of todays government, I cannot for the life of me imagine why the press doesn't cover them more. I mean, here is the president getting work done, and never do I see the results of it on TV. I guess the media just figures the general public is too stupid to see the benifits of having the executive office in full control of the country. Paranoid wierdos.
Finkployd
"Oh no, I'm hording food! come get me, feds"
Take a look at Stronghold. They are hiring people outside the US and have been for months. It's just a matter of time that all the Crypto companies split out from the US and go buy a small island somewhere and export all they want.
Does anyone out there in Slashdot land work for a company that's been sued for exporting crypto? Who sued you? How'd they find out? Where was the server that send out the file?
Aside: Anyone here email their national offical recently? It's cool! You can say what you want to the people that you've chosen to form your gov't for you, and you get a nice form email back! It's worth ten minutes of time.
--
"The Truth is one, but the wise call it by many names." -- The Upanishads
Whether this particular restriction is constitutional is a harder problem, as it would seem to foreclose all avenues of relief for violation of a constitutional right. It's not a foregone conclusion, however.
I think you are confused.. basically the law would prohibit the DENIAL of export permission to be challenged. You could still challenge the law itself on Constitutional grounds.
This is only stage one folks....
Once they have a Bill saying what is xbits allowed they will pass the next one. The next one will say any US-Citz using >xBits to send Any Data(even if they could crack it) to a NON-USA target is a Spy/terrorist/kiddler QED. Wave byebye as you are taken for Re-Grooving.
Tell me I am full of FUD...please!!!
"Law abiding citizens have the right, given to us by our government, to own firearms."
No, no, no, no, no, no.
Please re read the Declaration, And the 9th and 10th amendments.Rights are *not* given by the goverment. They are intrinsic to being human. We, the people, give certain enumerated rights to the goverment.
The distinction is non trivial.
If they can stop 1 terrorist by infringing on everyone's rights, then they think it is worth it.
Ten minuts of actual research on the internet would show them that anyone in the world (except perhaps China) can freely download the latest in crypto technology from a number of countries.
The only explaination I can find is that they honestly believe that non-Americans are too stupid to develop strong encryption. Sombody's stupid, but it's not non-Americans.
The new bill contains NO restrictions on domestic crypto. It only upholds bone-headed restrictions on export.
You are absolutely right that, for any saavy internet user, the US export restrictions are a joke -- just surf over to a non-US site and grab any crypto you want.
What the US restrictions are effective in doing, however, is to cripple the development of cheap, commercial, embedded crypto. No US company want to develop a domestic-only product, that will qualify as munitions per export regulations. So they don't bother.
So, are the export restrictions effectiving in preventing all use of crypto? No. Are they effectiving in keeping the Bad Guys from using crpto? No. But, they are highly effective in preventing the widespread use of crypto. They are highly effective in preventing the use of strong crypto in part of the underlying communications infractructure.
I will leave it as an exercise to the reader to determine for themselves if we have this situation because the spooks at the NSA are so darn clever, or because the politicians in Congress are so darn stupid.
Of course, and here is where it gets sad, there's another problem:
It's not the "government" that doesn't want us to have any rights, it's the majority of the American population. You think there's any way in this universe that the First Amendment would pass if it were being proposed as law today? "What Communist drivel!" would be the likely response to it.
I'm fully aware that for various reasons the FBI's probably got a file on me (due to my connection with organizations that are "subversive" or perceivable-as-such, and possibly my ex-boyfriend who has ties to the IRA and probably has an even-more-interesting file on HIM lying around in some corner of the FBI).
I'm also fully aware that I held a job in a secured area of a bank, a job that required me to be bonded, with no problem.
I'm not paranoid about the "government" or "law enforcement." Not yet. I AM "paranoid" about the grassroots conspiracy in this country to take away our rights. It's much more of a threat to the not-so-average American, which probably includes most if not all
"Somebody exploded a letter-bomb today
It's just unbelievable to me that they really think they can do anything about strong encryption in other countries with these dumbass laws. Either they are, as you say, idiots or they have a different agenda in mind.
The only thing that these laws seem to accomplish is to prevent U.S. companies from putting strong encryption into their mainstream products in order to (a) avoid managing two versions and (b) avoid the legal liability of accidental exports of the products.
Therefore, I think this law is aimed at us, the regular citizens of the United States, rather then foreign countries. While there are undoubtedly "useful idiots" helping in this effort, I'm afraid it is optimistic to conclude that idiocy is the core problem. The real problem is people who don't want to be inconvenienced in reading our "private" correspondence.
Geeky modern art T-shirts
excuse my language, but damn! ... doesn't anybody get it yet? ...
... the whole thing sounds like 'cowboys and indians' ... doesn't anybody get that the world doesn't care ... the whole thing is like a bunch of old men playing chess ... the average man/woman doesn't care ... it's so archaic ... there are no 'enemies' on the net ... there are only handles ... what a bunch of crap ... they can't stop it ... it's too late for that ...
"to maintain an information-based advantage over our enemies"
enemies?
it always amazes me how on the money the movie hackers was "you may stop me, but you can't stop us all"
if knowledge is power, the internet is god - me again
A someone who travels (field service) I saw the increase in security and ID inspection after flight TWA 800 blew up.
When they found out it wasn't terrorism, just bad design and worse luck do you think they knocked off the "photo ID" nonsense? heck no.
Worse, I heard others passengers praising this stupidity. And when I pointed out that high school students routinely have fake IDs that the airlines would accept, nobody cared.
They didn't get that the whole sham was totally futile, if you assume it was supposed to increase passenger safety.
The only coherant explaination I've gotten is that it reduces the number of people who rack up Air miles on other peoples travel cards, and that reduces the expense to the airlines.
Windows 98 and Internet Explorer, indeed, does ship in two flavors: 128-bit and 40-bit. The 128-bit strong encryption version is only for use in the US and Canada.
sorry couldn't resist :)
But a lot of people get into this "Ohh protect my children from the evils of the world" Like cann't people be bothered to rase there own kids?
I don't actually exist.
I think that encrypted communication becomes truely strong when it becomes ubiquitous. If the government can focus on which comminiques to decrypt, they can focus a massive amount of processing power on the problem, but if they are just as likely to get someones recipe for steamed cabbage as they are to get an admission of crime, they would really have to think about their policy on this stuff.
What makes this kind of legislation important is that while it won't infringe on your ability to get encryption software, it will stop companies from rolling out built in strong encryption, thereby keeping strong encryption from becoming ubiquitous in the consumer and business worlds.
Pax -- Ob
Strong encryption will be built in to many products, they just won't be made or sold by American companies. This is a great opportunity for lesser known companies to get themselves into the market based on providing strong crypto.
American companies know this, and so would like to compete in that market. Unfortunatly, the Clinton administration just doesn't get it. Strong crypto WILL happen and WILL become ubiquitous. All it's going to take is the ineviatble stories of corperations loosing millions because of weak communications security. The only question is will U.S. manufacturers be locked out of the market.
As for law enforcement, even if they do know what to concentrate on, they could never enter it into evidence. With one time pad, there are many keys which will produce a coherent message, but you'll never prove which message was the one sent. Smart terrorists will know that as well, and dumb ones can be caught without breaking crypto.
Is there *any* case law on encryption exportation? Has the ACLU ever found someone willing to be a guinea pig for the current law? It seems like something that would fall to pieces in front of a judge, no matter how wacky the congress made it.
Interesting factoid. Look up the candidates for the gov't AES (Advanced Encryption Standard, replacing the DES standard encryption algo from 75 for non-classified documents, also available license-free to everybody). Check to see how many of the websites are from foreign countries (S. Korea included!) It's about 50% if I remember correctly, or 8/16 applicants.
Returned Peace Corps IT Volunteer
Posted by Lord Kano-The Gangst:
>The new bill contains NO restrictions on domestic crypto. It only upholds bone-headed restrictions on export.
Does MS include Crypto in Win9x? No, partly because they couldn't export it if they did.
Products like this are made for global consumption, they are also made to match the lowest common denominator.
When software for export and software for domestic release are linked. If you regulate one the other will necessarily be effected.
Think beyond the here and now.
LK
Our government leaders have learned well the lesson taught by Orwell. In times of chaos, people always choose order over freedom. Always.
All we need is the terrorist incident of the month, whether it occured in OK City or Littleton to whip the sheeple into a frenzy of lawmaking that has nothing to do with the original crimes. An interview of the Southern Poverty Law Center on TV, and suddenly everyone who wants to talk details is branded a Right-Wing Christian extremist. Works every time.
Coupled with the mentality that the government will protect us from evil corporations, and no telling what will pass. Heck, 90% of the people here thinks it's the government that will protect their rights.
Good luck.
...is to make our voices heard, if we care about this enough to do it. Head over to http://www.cdt.org and read their take on the latest news. Type in your ZIP code, find out if your representative is on any of the important committees. Even if they aren't, CDT provides the phone numbers for the committees so you can call and let them know how you feel. The most important thing in the end will be to let your representative know how important the right to use encryption is to you. Perhaps a well-worded letter can educate them a bit, you never know. But try to get them on the bandwagon to support this bill in its correct form when it eventually gets voted on. Oh, and of course the full text of everything related to this bill is on http://thomas.loc.gov, just look up HR 850.
Products like this are made for global consumption, they are also made to match the lowest common denominator.
It doesn't work quite like that. Several companies I've been at, including Peter Norton Computing, produced domestic and for-export versions of the same software. The only difference was the inclusion (or, in one case, the number of DES bits of) of encryption.
The bill is stupid, but it's not Microsoft that will suffer; it's smaller companies and perhaps database and ecommerce companies. They can't afford off-shore development and production.
What this article means: the original SAFE bill was a big step forward in allowing exports of U.S. crypto. This new version of the bill contains amendments made by the House Armed Services Committee. This particular version of SAFE doesn't include many of the pro-encryption points made in the first version. The House Rules Committee gets to decide which version of the bill goes to vote before the full House - the original, the crippled Armed Services Committee version, or some other version.
What this article doesn't mean: the entire House have totally reversed themselves on what they will support and are now strongly anti-crypto. The President will assume full control of crypto exports and this control can't be challenged in court. These things should not be read out of this article.
My opinion: It may be the case that SAFE will be watered down somewhat when it reaches the floor of the full House. Depending on the political realities of getting legislation through the House, some amount of compromise is probably unavoidable. The original SAFE bill was a big step forward though, and I don't think that momentum can be totally erased or even slowed for long. There are too many legitimate uses for encryption, and U.S. companies are only going to lose more money in the international market if they can't compete with strong crypto. The government may not want to encourage individual use of cryptography (and may even want to discourage it, depending on your level of paranoia) but there will be enough money in the business uses of encryption that export controls will have to be relaxed.
Disclaimer: I work for a large nameless company which would be very happy to export strong crypto. No more mainaining two product lines!
Your right to not believe: Americans United for Separation of Church and