Slashdot Mirror
SAFE rewritten to be more law-enforcement friendly
Alex Bischoff writes "According to this article, SAFE (the Security and Freedom through Encryption act) has been rewritten to be more law enforcement friendly. 'The House Armed Services Committee voted 47-6 Wednesday to replace an industry-endorsed encryption bill with substitute legislation drafted by law enforcement advocates.' " And for once, it looked like the US Gov't was going to get a /clue/ about crypto.
Disclaimer: I did read the article.
While it is true that this bill does not contain any regulation of domestic encryption, it does contain certain ominous particulars. The most obvious of these is the clause which places the whim of the president above any law or court.
Don't assume that it will be found unconstitutional. When the issue of 'national defense' is raised, we have done far worse. Remember the atrocities committed during world war II, towards the general asian populace? Once this has been established, the framework will have been laid for much more extensive legislation. This is exactly analogous to the anti-gun movement, the pro-welfare movement, etc.
The first step in erasing freedom lies in restricting a basic right in such a way that no one will complain. No one needs field artillery or heavy machine guns. Later, this becomes 'cop killer' bullets and assault rifles; note that neither of these terms existed before they became illegal. In crypto, it will become 'strong' domestic crypto, or possibly 'military-grade' crypto. Why would anyone need that if they weren't using it for something illegal?
Later, someone will be caught dealing drugs or *gasp* helping illegal immigrants into the country, and it will be discovered that they used encryption to hide their nefarious activities. The brady bill of domestic encrytion will be passed, and everyone who stands against it will be a child molester just like everyone who opposes handgun control is a psychopath today.
After all, my mom doesn't understand either subject and votes the way the minister tells her to on sunday. Millions of other people do the same. The number one concern Curt Weldon and JC Watts have is getting re-elected, and the masses will be happy to do it as long as it makes them feel safe, regardless of how accurate that feeling is. In a democracy it is very dangerous to be a minority.
BTW back to the president's newest empowerment: if it passes, and he chooses to make all cryptography illegal to keep saddam from blowing us up or something, we won't be able to revoke it. Ever. Unless he decides to change his mind.
... and there is no doubt, that one day he will be
where the eye of his telescope has already been
Won't work. Canada respects the US's Crypto export laws, so it's still the same. Except that your violating canadian law instead of US :-)
DISCLAIMER: IANAL, This could kill your grandmother or dog. (Or, in some extreme cases both).
governments don't give rights, they only take them away. noodge.
Have you seen Ironstayn vs Supergovernment yet?
Sorry, I have to call you on this one. I have the right to own a gun only because 200 years ago a bunch of people got really pissed off and thumbed their noses at the government. The government is welcome to come knocking at my door and ask for my encryption keys. They won't get them, but they're certainly welcome to ask. And if they give me a choice between surrendering my keys and dying, well, you may fire when ready, Gridley.
The government hasn't given me anything it didn't take from me in the first place in the form of taxes. Certainly not the right to freedom of speech or any other right in the Constitution. When people stop claiming rights as belonging to them instead of being granted to them, we're in trouble.
-- Old Man Kensey
My understanding (being canadian) is that the US gov't wants to limit the use of strong crypto to protect the american people and their way of life. Assuming I am correct in that assumption.. even if they pass this law.. what is going to stop criminals from using strong crypto anyways?? If they are doing illegal stuff anyways.. what is one more thing like using strong crypto? Makes little sense to me.. but then again I'm canadian as I said before.
Lord_Rion
--Hired Net Grunt
Well, just like handguns require a 7 day wait in massachusetts. If one wanted, they could do like that guy in new york did and spring $300 for roundtrip airfare to FL, buy a gun and come back to Massachusetts with it. But just because I can do that doesn't mean its legal or right.
We don't export nuclear missiles to other nations. Oracle isn't allowed to sell their database software to enemy countries. SGI IBM and Sun can't export their computers to enemy countries. They all manage to get this technology anyways. Does this make it right? No. But should we make it easier and say its okay? I don't think so.
I'm sure the LEAs behind this re-write would force us all to accept brainwave tranceiver implants if they could figure out how to do it. As far as they're concerned, your average law-abiding citizen is just a mark to be hustled.
Congress, on the other hand, are just lazy, uninformed, spoiled, sub-par human beings who don't give a hoot in hell about the laws they pass as long as they are returned to their gravy train every few years. Most of them never bother to read the bills they vote on, even though they all fight for the chance to give a little "Give me this law, or give me death!" speech every time the C-SPAN cameras' little red lights flicker. They don't care if the laws they pass actually accomplish anything useful, as long as there will be another checkmark next to their name in the "Tough on crime" column in some lame "Voter Guide for The Braindead" in 00. Anti-crypto laws have just about as much effect on criminals' use of crypto as gun control has on their use of guns. The law-abiding are the only ones who obey these stupid laws.
Judging by the conduct of the folks from Washington, they think the laws they pass are for suckers. Kinda' makes me wanna' puke. Sorry for the rant, but I'm fed up.
slashdot broke my sig
That I create a new super-strong, criminal, whatever crypto software in the US and say that I made it in Mexico, or Canada, or Japan, or any otehr country out of the reach of Big Brother. How would they go about proving I wrote it here? The burden of proof is on them, remember.
-- Terry
> if it *substitutes* the industrey endorsed bill,
/. piece -- daveo
> then why would it be more favoreable as hemos
> suggessts?
More favorable to law enforcement agencies, not the industry.
*sigh*
This sort of legislative bait-and-switch is not all that uncommon, you know. People get fired up about a certain piece of legislation, then at the last minute it gets replaced with another completely different piece of legislation under the same name. Of course, then the new bill gets voted in mainly because of the momentum the original had gained.
> do your part to keep the
I'm keeping my piece in a shoebox under my desk.
---
DNA just wants to be free...
I worked in political campaigns for 4 years... promoing bills that I felt were right. Now, the problem with that is, after working on a bill that passed, we found out that the president/house/senate had added, removed, or in some way butchered the bill so it no longer did what it was supposed to, or it did something bad. Line item veto takes care of getting rid of the real point, and just keeping the pork.
Come on... Like the guys in Finland don't have all of the commonly available encryption packages. It isn't that hard to get them over the internet and out of the country. What's the point in writing more legislation that says "No exporting Encryption" when all you need is a US based shell to get all of the encryption software you want?
Idiots.
Five committees have passed versions of this bill. The Rules Committee decides which one to send to the entire House, and they are friendly(er) towards the bill. It almost certainly won't be the fascist inspired version from the Armed Services committee.
--
Infuriate left and right
This is just my little blab on government linguistics, but this just another example of how what a government service is called one thing, it usually means another, like the "Defense Department" or Nixon's "cointelpro". This "SAFE (the Security and Freedom through Encryption act" is just another example of how the title of one bill does the exact opposite of what it proposes to do, in order to decieve the public into believing that maybe progressive change is occuring.
-Ben
bensmith@biz1.net
You think that they don't know that if you use strong encryption that they can't read your email? Of course they know that. But they don't care that you don't want them to read your email. They want to be able to read it, screw you. And they realize that few enough people care today that they can go ahead and abridge rights now, and then people will never have them later to miss... they can seize the right now, before people realize they have it. And they know that if most people never become accustomed to it, they won't ever want it or miss it.
If you never saw a computer, never used email, and nobody else did, then you wouldn't miss it. If someone took it away from you now, you'd be pretty angry. I know I would. And it is the same way with all sorts of rights -- if people learn that they have a right, they will fight to keep it, however if they never think they have a right they won't really care.
Why do you think it's so hard to take away guns from people here in the US? Because it's our right to have guns. Law abiding citizens have the right, given to us by our government, to own firearms. I don't know if that was a good idea, and that isn't the point of the argument. The point is that when the government makes movements to abridge that right, people get angry. Because they have learned to exercise the right.
-- Erich
Slashdot reader since 1997
Canadian encryption policy is similar to the US. We can use what we please, but we have fallen in line wrt the Wassenaar agreement (Read US policy) in the relm of exporting.m l
I believe Wassenaaur states: (along with you can't export cool stuff like cryogenic systems for rocket fuel...)
Anything open source export is fine. (horsey outa da barn!)
56bits (piddley) fine
greater than 56 bits-- must apply on an individidual basis.
http://e-com.ic.gc.ca/english/fastfacts/43d7.ht
For entertainment check out the analysis of the submissions to the feds' policy paper. Of all the groups and individuals *nobody* wanted anything but market/no-restricitons except the police which wanted prefered restrictions and access to your keys. And we still get Wassenaar!
http://e-com.ic.gc.ca/english/crypto/631d6.html
Of note is that there were submissions from law enforcement agencies, but no submissions from security agencies. They have other avenues...
Cheers,
Bobzibub.
Well, would you want to use MS Crypto if they did??? ;)
In short, they make it illegal for US companies to create top-notch secure software. I guess that if the job really requires the security, our only legal option would be to import software from Europe.
This isn't crippling the world's ability to do crypto. It's just insuring that the US won't be able to cash in on it.
Methinks that the NSA came up to Washington one day and strongly encrypted some legislators' minds. In some cases, the point is that it inhibits rights. That aside, my problem is that it won't work to do the job it is supposed to do. It will just move the suppliers overseas, and let them legally export the tech to us.
--The basis of all love is respect
Now, is anyone interested in my One-time-pad encryption system? $40 per disk set. Guaranteed no two disk sets the same!
I hope you are not relying on a computer's pseudo-random number generator to produce your one time pad. If you are, then the encryption is only as secure as the pseudo-random algorithm you used (very bad). Also, your essential key length would only be as long as the random seed. I can try all random seeds quite quickly for all common random algorithms.
--brent nelson
From the article: "It [the new bill] says any White House export decision cannot be challenged in court"
This is a democratic government? This all sounds highly dictatorial to me.
Thank you for pointing out something I forgot.
someone Mod my comment out of existance, plz.
from the press release
Provisions of the committee approved Weldon-Sisisky-Andrews amendment would:
- Reaffirm authority of the President to control export of encryption production products for national security purposes.
- Establish statutory framework for export control of high performance encryption products.
- Require the President to establish a performance threshold for encryption. Encryption products
- that fall below the threshold would be permitted for export without a license. Encryption products above the threshold would require an export license for export.
- Require a one-time technical review for all encryption products proposed for export.
- Allow the President to establish certain sectors that would be subject to license free treatment of encryption products above the threshold, consistent with current U.S. policy.
- Require the President to review the adequacy of the performance threshold every six months.
- Establish an advisory board to review and advise the President on the foreign availability of encryption products.
I don't like these provisions either, but everyone here should admit that this should be better than the current state of affairs. My problem is that it appears that the decisions will be solely made by the president. We all know how the president feels about issues of "national security." This means that things basically won't change until someone intelligent coms into office, which will happen eventually. Also it does not define who issues export liscenses, which might mean that they would be impossible to get if the wrong people are in power#define F(x) int main(){printf(#x,10,#x);}
F(#define F(x) int main(){printf(#x,10,#x);}%cF(%s))
Okay. We should start thinking about what we can do to make this bill ineffective right now. I have a few ideas, but one in particular seems easy to do and feasible.
The problem for Linux isn't that crypto development work can't be done in the US -- although that is a problem. The real issue is that distributions in the US can't include strong crypto. (And the kernel can't either.)
So how do we get around this? Easy! Change your makefile to depend on a file which doesn't exist. To resolve the dependency, have wget pull the file from a web site. For distributions, this would fix the problem for people with great network connections. For others? Well, maybe somethign else can be worked out.
For the kernel, distributions will still have a problem, but there could be a small program called secure_kernel which downloads the relevent code and recompiles and installs the kernel.
And, of course, applications can link into a library for which the source is downloaded and installed at install time.
This
Yes, indeed, they do. Win 98 includes Internet Explorer (remember, it's a part of the OS...repeat that enough times and you might believe it). Internet Explorer is an HTTPS client, and thus has SSL encryption. Now, are there two strengths of Win98/IE, one for domestic and one for foreign?
And so what if they did ship Win98 with the full 128-bit crypto? The government seems to have little control over Microsoft anyhow. Would the DOJ come by and issue a cease-and-desist?
Win98 ships with IE. IE ships with cryptography. The state department defines cryptography as a munition. Win98 comes with munitions.
Or, in short, Win98 bombs.
--The basis of all love is respect
This is a message I sent to Congressman Weldon (a representative quoted in the article) and to my Congresswoman, Sue Kelly. It could make a difference if a lot of people did the same.
w +ByqDFc17wCeKJT6
Kyle
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Congressman Weldon and Congresswoman Kelly:
I don't know why people have a hard time getting this through their
skulls, you included. Let me make it plain:
Foreign countries already _have_ strong encryption technology.
Restricting export only causes inconvenience and financial loss for
providers of encryption within the United States.
Witness RSA Data Security's creation of a partner business in
Australia which will allow them to finally compete in the
international market for an encryption protocol that the three MIT
scientists created in the late 70's. Witness the hoops free software
developers have to jump through to get encryption code out of the
United States: printing it out on paper and then scanning it in
overseas.
Other countries already have access to all the major encryption
protocols: RSA and Diffie-Hellman/El-gamal on the public-key side,
IDEA, Blowfish, 3DES, RC5/6, et al. on the symmetric key side. This
is a _fact_: you cannot contest this. In fact, not only do they have
access to such algorithms, they have polished applications allowing
them to apply it! The following websites detail just two of many
such applications and libraries that are outside the control of the
United States and are available to anyone, anywhere in the world:
GnuPG, a free software replacement for PGP
http://www.d.shuttle.de/isil/gnupg/ (Germany)
OpenSSL, a free software library for the secure socket layer,
supporting encryption keys of arbitrary lengths
http://www.openssl.org/ (Switzerland)
Therefore, it is illogical to restrict the export of encryption
technologies from the United States with arguments based on
law-enforcement, because _everyone_ -- criminals and non-criminals
alike -- already has full access to the strongest available
encryption.
Since I refuse to believe that any of our elected representatives are
actually stupid, it remains that you must have _some_ reasonable
motive for retaining these inane, damaging, and futile controls. What
that is, no one else can figure out; but we, the people of the United
States, would certainly like to hear it. I would appreciate your
sharing this with the rest of the committee because I cannot honestly
believe they would support these controls if they actually knew the
information contained herein.
This email, by the way, is signed by my GnuPG private key. You can
verify its authenticity with my public key, which can be found on my
homepage.
Yours truly,
Kyle R. Rose
Registered NY State voter
- --
Kyle R. Rose "They can try to bind our arms,
Laboratory for Computer Science But they cannot chain our minds
MIT NE43-309, 617-253-5883 or hearts..."
http://web.mit.edu/krr/www/ Stratovarius
krose@theory.lcs.mit.edu Forever Free
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.9.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE3l0qp66jzSko6g9wRApD0AJ928fzYTNSaZG+/wUc
zp5Mfmmy/4uAbN+v6dcJwsM=
=He4J
-----END PGP SIGNATURE-----
--
Kyle R. Rose, MIT LCS
[ home ]
Every time crypto export regs come up for discussion, people say that the regs are nonsensical, that the theory is that the rest of the world is too stupid to develop strong crypto. This is incorrect on both counts.
Let me state at the outset that I support an elimination of the crypto export regs as I do not believe that they are effective. They have not prevented strong crypto from reaching the rest of the world, and esp. not the black hats, who are after all the sole legitimate target of this sort of thing anyway.
The idea that crypto is a munition is correct. It is a tool which is used to defend oneself (in this case, one's data) from an enemy. It can be used by one's enemies to defend their data from your perusal. Lest you think that this is a minor argument, recall that we won WWII mainly through the strength of our cryptology work; without it the Germans and Japanese would have controlled the globe (I discount the Italians for the simple reason that they would have in time been absorbed by the Germans).
The logic of denying one's enemy weapons is not that he cannot develop them for himself; it is rather that there is no point in developing them for him. Anyone can make an atomic weapon; it's not that hard to do. But we don't allow them to be sold. This keeps the barrier to entry higher than it would otherwise be. Ditto for cryptology. Anyone with a semi-decent grasp of programming and a book on cryptology can come up with a workable encryption program. But why should the US do the work for him?
There are legitimate concerns about cryptology. It makes intelligence gathering much more difficult, forcing it to rely on fallible human agents much more than on intercepted transmissions. Our national status is at present due in large part to the efficiency of our intelligence apparatus. Without it, we are much weakened (although not entirely; we also have an excellent military and a top-notch economy).
Unfortunately, the cat is out of the bag in regards to cryptology. With modern software only one person need duplicate functionality for the entire world to use it. Our export restrictions on cryptology now do more harm than good (and they do do good, by making it more difficult for encryption to be used); they have hurt the international competitiveness of our industry. Hence they must be revoked.
Crying that they're holding back technology means nothing; it's like a chemical firm complaining that chemical weapons restrictions are holding it back. It is futile and wastes precious political capital.
As regards encryption with the borders of the US, it is quite rightly allowed. This is a nation which deems rights more important than security. Hence the First, Second, Fifth and other Amendments. This is why we are innocent until proven guilty. This is why the right to encrypt one's data is preserved. IMHO, we should add a new amendment to the Constitution guaranteeing that right.
However, an internal right does no mean that it means anything when crossing international borders. A right to say what one wishes here does not nec. mean that one can carry that tape out of this country or into another. Otherwise espionage would be legal. Restricting export is not a free speech issue. It's a bad idea for other, equally important, reasons.
actually you could use the thermal noise thru a resistor, a sound sample of white noise (filtered sufficiently to remove all the repeatable patterns) from your radio or any other random source. there are limitless cheap random number noise sources.
This means that on the latest crypto-list, the French have progressed from "YELLOW/RED" (1998) to "GREEN/YELLOW" (1999). (Warning: Page is 272 Kb)
Note also all the other European countries who have gone from "GREEN" to "GREEN/YELLOW" by supporting the Wassenaar agreement.
--- Premature complacency is the evil of all roots
"to maintain an information-based advantage over our enemies"
In the "anti-terrorist" legislation, the American public was defined as an enemy of the government. So which "enemies" is the government talking about? Just something to think about.
--- "So THAT's what an invisible barrier looks like!" - Time Bandits
The problem with the various provisions of the amendment is that they take us right back to where we started. A centralized body with no incentive to allow free exchange of ideas decides whether US citizens can export any given piece of encryption software.
Clearly they're not doing this to prevent strong encryption from exiting the US, since it exists in quite usable forms elsewhere. They're doing it to advance an agenda that links privacy with illegality.
It's worth remembering that even representative governments are not reliable defenders of civil liberties....
NSA: Sir, will you please look into this light.
Representative: What is this some kind of eye tes...
(flashy light thing)
NSA: Now sir, remember you work for us, you do everything we tell you. You are being placed inside Congress as a representative, so act the part. But remember you must always report back to us. Now sit straight BOY.
I, personally, would always choose freedom over order here's why:
1. The government isn't protecting you. They just clean up the mess when the crazy part's over.
2. When the government crashes, the underground will still be completely intact.
3. The human race started free. We are the only species on the planet to surrender our freewill to legaslative control. This is not necessarily because we're smart. That's just what we've been taught.
I say, let the government get more and more and more oppressive. Bend it back and forth, see what breaks off. Let's go to the end of the road and see what's there. I'm not scared, just paying attention.
--- "So THAT's what an invisible barrier looks like!" - Time Bandits
Won't work. Canada respects the US's Crypto export laws, so it's still the same. Except that your violating canadian law instead of US :-)
Not exactly. Canada respects the U.S. export restrictions... on software that was imported from the U.S. Any strong encryption we get from stateside we get on the condition we don't export it anywhere they wouldn't. Anything developed here in Canada, or elsewhere outside the U.S., does not fall under U.S. export restrictions and can be exported legally.
-- Bryan Feir
No, they are just under the impression that they have a clue. Any semi-competent international-terrorist/drug-lord/whatever will realize they can get their strong encryption abroad. The only group of people that these restrictions effect are those that follow the law... I don't understand why they can't see how utterly pointless these restrictions are!
Do the majority of US citizens actually support the regulation of strong encryption? Does the gov't really represent the people?
--Rob
err...the strength in PGP is *not* comparable to RC5. RC5's shorter keylength is more secure than a PGP encrypted with the same or slightly greater keylength i.e. 64bit RC5 is as strong as 1024bit PGP (check any crypto site for more explanations). Note that RC6 (successor and more stronger than RC5) 64bit takes 7 minutes to crack (read the /. stroy on the cracking machine a few days ago). RC6-128bit or RC5-128 bit or greater are supposedly less vulnerable to cracking. 64bit is dead. Any PGP keylength 4096bits is also dead.
personally, when I read that,
I got REALLY scared...and still am.
As my AP Goverment teacher pointed
out to us back in high school, the only
way bad US laws really get taken down
is when someone makes a fuss about them,
challenges them in court, and the
Supreme Court eventually rules them
unconstitutional. That power right there
is the only thing which has managed to
keep the corruption of congress from going
wild. So now they just pass a bill which
states "you can't challenge this in court!",
and as soon as Pres. Billy signs it,
no one can ever challenge it at all,
no matter what is done?
Just tack that on to every bill they pass,
and the Judicial branch becomes completely
irrelevant in the system of checks and balances.
The courts were the last refuge US citizens really have for fighting their government...everyone knows "writing your congressman(woman)" NEVER works.
I'm really scared that someday I'll be arrested,
and never be able to challenge the law, because the courts aren't allowed to challenge it.
-A scared US citizen, looking towards Canada.
or europe. or, better yet, Antartica.
Read up on so called "executive orders" (sorry, I don't have the URL handy). It turns out (via FDR's "War and Emergency Powers Act") that we have been under a "state of emergency" since 1934. It was never repealed.
The president can basically do ANYTHING HE WANTS and congress has sixty days to overturn each order. They never have.
Billy Boy issued more executive orders in his first term than all the other presidents combined.
If he can't get what he wants through congress he simply issues a "royal proclamation" and boom, it has the same force as law.
Now THAT'S SCARY!
Well, why don't we just have ourselves a dictatorship, eh? That would bypass pesky old congress. I trust a one person gov't even less that congress!
--Rob
I'm not a an anti-government nut,
but I think it's kind of obvious that the
"enemies" the bill refers to are not international terrorists, child pornographers, or whatever...the "enemies" are the average American public.
I don't think the US government is smart enough to engage in a conspiracy, in the words of Bill Maher, "conspiracy? they can't even deliver the mail!". But I do think that they are as smart as the bullies on the school playground...they know who they should fear. Criminals, intellectuals, etc...they aren't a threat, as far as numbers go. But the general american public, the masses, the "sheeple" (love that phrase), must be kept in line. If _they_ get out of line, the government is in trouble.
look act the facts:
- Export control in the US doesn't affect the outside world at all...numerous postings have made this clear.
- Export control does limit US companies from making exportable, strong encryption products.
Many therefore won't bother making them at all.
- Therefore, "export controls" limit the presence of crypto _within_ the US, without explicitly saying so. No real effect on non-US citizens, but internally, they can now monitor the sheeple, who won't really use encryption unless it's pressed under their maws.
For the note, I'm NOT an elitist.
Put me in a large crowd, whip us up to a frenzy
against something or other, and we'll all
mindlessly move that way without individual
thought. The archetype of Star Trek's Borg is but a reflect of the darker side of our minds, wherein we lose individual thought amongst a crowd...the most dangerous thing in the world is a _group_ of angry, cornered prey, especially humans.
Fear the people.
This is a recurring pattern. Brave ideas about a reasonable crypto regime, them a major jellyback act as congress caves in.
Back in the J. Edgar Hoover days, when the FBI's budget was threatened, certain incriminating photos and other information would be brought to the attention of those involved.
Suddenly the FBI's budget would be off the agenda.
Anyone got a better theory about what happens with the crypto laws?
The article makes it pretty clear the aim of restricting crypto export is to make it easier to spy on people. The US has a long record of spying on friend and foe alike and using the information to protect its interests, especially commercial interests.
The fact that the export regulations make it considerably more difficult and inconvenient to get strong crypto WITHIN the US and presumably makes it easier to spy on US citizens - in the hypothetical scanario that they wanted to do that - is just a bonus.
So what? Availability is nice, but law enforcement folks don't care whether it's available, they care whether it's used. It's clear that availability isn't enough to promote use. It needs to be ubiquitous and effortless, and that means building it into popular software systems.
If Microsoft, Netscape, and AOL all built strong encryption into their mail software, everyone would be using it. That's what law enforcement is afraid of, and the current legislation is effective at preventing it. They're not stupid; they're getting exactly what they need.
The jurisdiction of the courts has _always_ been under the control of Congress. Read the constituion a little closer and you will see this. In fact, this is hardly the first time nor even the most controversial use of such power. Following the U.S. Civil War the Congress removed from the jurisdiction of the federal courts all cases arising from the reconstruction acts.
The only exception to this rule are cases which have _original_ jurisdiction with the U.S. Supreme Court. These are cases of admiralty law and suits between the states themselves IIRC. Last year was rather noteworthy because the court heard one of the first such cases in something like 50 years (New York and New Jersey were fighting over which state Ellis Island is in...NJ won.)
Yes, I have to agree with that. A very scummy move on the part of the American Government(TM)... now if possible, I'd love to develop a very heavy duty encryption scheme out of the United States. Just one question on American legality definitions, though: Free software under the GPL can be (and usually is) developed by many people around the world, in many different countries. Does the US have any right to stop the spread of encryption algorithms developed under a GPL and by people in other countries as well as the US?
"Do not meddle in the affairs of wizards, for you are crunchy and good with ketchup."
Since JFK Jr. and family were reported missing and the popular news media have been *cough* *cough* 'reporting' on it, I've been waiting to hear through my favorite other sources (e.g. /.) that the 1st Amendment to the U.S. Constitution has been repealed. (For non-U.S.A.: 1st Amendment is freedoms of religion, speech, press, assembly, and petition) I guess this and the other Wired headlines for today indicate how close they (congress) dare, since most of America is watching the sea-burial.
:)
So is this convenience, conspiracy, or coincidence?
Oh, yeah. M-x spook.
Notes from the article:
"Proliferation of encryption technology would harm our ability to gather vital intelligence, jeopardize our early threat warning and attack assessment, risk our ability to maintain an information-based advantage over our enemies, and place our nation's most secure systems at risk," said Representative Curt Weldon (R-Pennsylvania), who introduced the amendment.
Bullcrap. Our enemies already have encryption that's probably good enough to hide what they're doing, if they want to use it. And if they haven't got it yet, they can order the books from Amazon.com and code it in themselves! Do all US Reprehensibles think the enemies of the US are stupid?
The version approved by the House Armed Services Committee would grant the president complete authority to deny any expert controls that he considers "contrary to the national security interests of the United States."
So the Prez will have dictatorial control over that aspect of our lives. Sieg heil!
Weldon's bill contains no domestic restrictions on encryption, but the measure is hardly what tech firms had hoped for.
Hmmm.. guess they haven't figured out a way around that pesky 1st Amendment yet, or they'd ban domestic encryption too....
It says any White House export decision cannot be challenged in court -- an attempt to block lawsuits like one brought by a math professor that won a recent victory in the Ninth Circuit Court of Appeals.
THIS is what burns me up. Either is is blatently unconstitutional, or we need to shoot the buggers and start from scratch. NO law or decision should be immune from challenge in court -- that's what the bloody courts are for in the first place!
I'll say it again... it's time for us to head for the moon and live there.
The NSA (and this is their long spiny fingers in action) is made up of either morally devoid or completely brainwashed people ("Must not give freedom, freedom leads to chaos, must not give" etc), but they are no doubt intelligent. They know they cannot stop crypto, they know that terrorists and foreign governments mostly have, or could have, unbreakable crypto today.
But, just like Microsoft who can't stop Linux, they know that if they use everything in their power to make it as clumsy and complicated for Crypto to be widely used, they can keep it out the hands of the every day man (their real favorite targets) for as long as possible.
And its working, until people either smarten up or the courts do, Crypto will never reach widespread use.
"It says any White House export decision cannot be challenged in court.."
IANAL, but isn't this clause blatantly unconstitutional?
Posted by Lord Kano-The Gangst:
This is about allowing the police to have an open window into all of our daily dealings. When broadband internet access is available to all do you think that the average idiot is going to know how to control the shares on his windows 9x, or 2k box? Hell no. Your local LEOs will be able to get a list of IPs from your ISP(just by asking), and browse HD's. Some of you may think "If there's nothing illegal then there's nothing to worry about."
I disagree, what if you're dating the cop's ex-wife? What if she left him for you? What if a cop has some other reason to want payback (like you beat him up in HS or whatever)? One picture of a naked kid gets "found" on your computer and you're getting butt-raped in a cold dark cell and the guards don't care because they think that you're a child molester.
This isn't about "early warning" systems. It's about big brother wanting to see everything that we do. I'm again going to borrow from Phil Zimmerman, this would be akin to the police trying to outlaw the use of envelopes on international mail. They want us to use postcards so that each piece of mail can be easily read in transit.
Screw that. I've seen cops lie in court, I've seen cops falsify reports, I've seen cops beat the tar out of an unarmed 15 year old kid. F*CK LEOs, I don't trust them, especially if they don't trust me.
LK
Does anyone know about Canada's crypto export laws? Are they similar to the US's? Because exporting crypto software to Canada is legal, right?
I think that the Open Source community should try and come up with a really heavyweight encryption algorithm outside the US.
GNUpg is already out there. It looks to be as strong, and more versitile than PGP.
Abject stupidity is the only explaination of US crypto policy. They might as well ban the export of sand to the middle east.
The only people they are hurting in the name of US national security is the citizens of the US.
The line item veto has not been found unconstitutional, since it's really just a procedural motion (all appropriations bills are automatically broken up into lots of little bills that each stand individually). Congress is permitted to define its own procedures on matters such as these.
This, however, is not an appropriations bill and therefore the line item veto doesn't apply.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
Here we go again, executive orders. People, executive orders are good! It allows the president to create any law he deems fit and bypass that pesky, slow, and inefficant congress (check's and ballances my ass). How else would the president be able to grant FEMA the power to take control of land, people, and goods if they decide to. Congress, with their "Constition" whining would have fought that one. That's why I'm glad the FEMA executive order prevents congress from acting on FEMA's decision for 90 days.
Our congress is two preoccupied with those outdated amendments written by a bunch of dead white guys when the government was something to be feared, not completly trusted like today. Why back then, the govrenment actually fired on civilians! who opposed them or their rules! Without provocation! Can you imagine that?
I feel executive orders are a necessary part of todays government, I cannot for the life of me imagine why the press doesn't cover them more. I mean, here is the president getting work done, and never do I see the results of it on TV. I guess the media just figures the general public is too stupid to see the benifits of having the executive office in full control of the country. Paranoid wierdos.
Finkployd
"Oh no, I'm hording food! come get me, feds"
Take a look at Stronghold. They are hiring people outside the US and have been for months. It's just a matter of time that all the Crypto companies split out from the US and go buy a small island somewhere and export all they want.
Does anyone out there in Slashdot land work for a company that's been sued for exporting crypto? Who sued you? How'd they find out? Where was the server that send out the file?
Aside: Anyone here email their national offical recently? It's cool! You can say what you want to the people that you've chosen to form your gov't for you, and you get a nice form email back! It's worth ten minutes of time.
--
"The Truth is one, but the wise call it by many names." -- The Upanishads
Whether this particular restriction is constitutional is a harder problem, as it would seem to foreclose all avenues of relief for violation of a constitutional right. It's not a foregone conclusion, however.
I think you are confused.. basically the law would prohibit the DENIAL of export permission to be challenged. You could still challenge the law itself on Constitutional grounds.
It did follow normal procedure:
It was introduced to the House on 25 February 1999, and reported to a total of four committees: Commerce, Judiciary, International Relations, and Armed Services. Those four committees each considered the bill, held hearings, and listened to both Industry and Law Enforcement opinion of the bill.
Before -any- amendments, it garnered 257 cosponsors -- 257 Representatives who say it's a good bill they support. Remember: 218 have to vote Yea for it to pass, and it has 257 behind it.
On April 27th, the Judiciary committee reported it to the House, saying "Good bill, as is"
The Commerce committee also liked it, and suggested a couple of small amendments -- still a very pro-encryption bill
The International Relations committee added a couple of more things to it, but left it mostly intact.
Most interesting is reading the finding of the committees: None of them particularly agreed with Law Enforcement. International Relations even went as far as stating that the Administration policy that Law Enforcement supports doesn't meet Law Enforcement's stated goals -- and no attempt is being made by the Administration to tighten the restrictions currently in place.
The 106th Congress bill query page will allow you to search for h.r.850 and read the reports for yourself (I can't figure out how to link directly, sorry).
Now the fourth committee has marked up the bill -- but not reported it yet -- and has apparently supported Law Enforcement over Industry.
The House as a whole hasn't even officially seen the Armed Services Committee's amendments, although they've seen the other three committees. It's a little early to say the bill is deal.
I will note that the first committee to report (Judiciary) refused to consider one section of the bill because of jurisdictional grounds.
So at this point, assuming the Armed Services Committee reports it as reported, there will be four versions of the bill -- three very similar, and pro-Industry, and one very different, and pro-Law Enforcement. This is what the Rules Committee will have to sort out.
Then, it will go to the full House, then to the Senate, and finally to the President.
I wouldn't say it's dead yet. It might not be mortally wounded. But we should let our congresscritters know that we favor the original version.
This is only stage one folks....
Once they have a Bill saying what is xbits allowed they will pass the next one. The next one will say any US-Citz using >xBits to send Any Data(even if they could crack it) to a NON-USA target is a Spy/terrorist/kiddler QED. Wave byebye as you are taken for Re-Grooving.
Tell me I am full of FUD...please!!!
If they can stop 1 terrorist by infringing on everyone's rights, then they think it is worth it.
Ten minuts of actual research on the internet would show them that anyone in the world (except perhaps China) can freely download the latest in crypto technology from a number of countries.
The only explaination I can find is that they honestly believe that non-Americans are too stupid to develop strong encryption. Sombody's stupid, but it's not non-Americans.
The new bill contains NO restrictions on domestic crypto. It only upholds bone-headed restrictions on export.
You are absolutely right that, for any saavy internet user, the US export restrictions are a joke -- just surf over to a non-US site and grab any crypto you want.
What the US restrictions are effective in doing, however, is to cripple the development of cheap, commercial, embedded crypto. No US company want to develop a domestic-only product, that will qualify as munitions per export regulations. So they don't bother.
So, are the export restrictions effectiving in preventing all use of crypto? No. Are they effectiving in keeping the Bad Guys from using crpto? No. But, they are highly effective in preventing the widespread use of crypto. They are highly effective in preventing the use of strong crypto in part of the underlying communications infractructure.
I will leave it as an exercise to the reader to determine for themselves if we have this situation because the spooks at the NSA are so darn clever, or because the politicians in Congress are so darn stupid.
Of course, and here is where it gets sad, there's another problem:
It's not the "government" that doesn't want us to have any rights, it's the majority of the American population. You think there's any way in this universe that the First Amendment would pass if it were being proposed as law today? "What Communist drivel!" would be the likely response to it.
I'm fully aware that for various reasons the FBI's probably got a file on me (due to my connection with organizations that are "subversive" or perceivable-as-such, and possibly my ex-boyfriend who has ties to the IRA and probably has an even-more-interesting file on HIM lying around in some corner of the FBI).
I'm also fully aware that I held a job in a secured area of a bank, a job that required me to be bonded, with no problem.
I'm not paranoid about the "government" or "law enforcement." Not yet. I AM "paranoid" about the grassroots conspiracy in this country to take away our rights. It's much more of a threat to the not-so-average American, which probably includes most if not all
"Somebody exploded a letter-bomb today
It's just unbelievable to me that they really think they can do anything about strong encryption in other countries with these dumbass laws. Either they are, as you say, idiots or they have a different agenda in mind.
The only thing that these laws seem to accomplish is to prevent U.S. companies from putting strong encryption into their mainstream products in order to (a) avoid managing two versions and (b) avoid the legal liability of accidental exports of the products.
Therefore, I think this law is aimed at us, the regular citizens of the United States, rather then foreign countries. While there are undoubtedly "useful idiots" helping in this effort, I'm afraid it is optimistic to conclude that idiocy is the core problem. The real problem is people who don't want to be inconvenienced in reading our "private" correspondence.
Geeky modern art T-shirts
excuse my language, but damn! ... doesn't anybody get it yet? ...
... the whole thing sounds like 'cowboys and indians' ... doesn't anybody get that the world doesn't care ... the whole thing is like a bunch of old men playing chess ... the average man/woman doesn't care ... it's so archaic ... there are no 'enemies' on the net ... there are only handles ... what a bunch of crap ... they can't stop it ... it's too late for that ...
"to maintain an information-based advantage over our enemies"
enemies?
it always amazes me how on the money the movie hackers was "you may stop me, but you can't stop us all"
if knowledge is power, the internet is god - me again
Windows 98 and Internet Explorer, indeed, does ship in two flavors: 128-bit and 40-bit. The 128-bit strong encryption version is only for use in the US and Canada.
sorry couldn't resist :)
But a lot of people get into this "Ohh protect my children from the evils of the world" Like cann't people be bothered to rase there own kids?
I don't actually exist.
I think that encrypted communication becomes truely strong when it becomes ubiquitous. If the government can focus on which comminiques to decrypt, they can focus a massive amount of processing power on the problem, but if they are just as likely to get someones recipe for steamed cabbage as they are to get an admission of crime, they would really have to think about their policy on this stuff.
What makes this kind of legislation important is that while it won't infringe on your ability to get encryption software, it will stop companies from rolling out built in strong encryption, thereby keeping strong encryption from becoming ubiquitous in the consumer and business worlds.
Pax -- Ob
Strong encryption will be built in to many products, they just won't be made or sold by American companies. This is a great opportunity for lesser known companies to get themselves into the market based on providing strong crypto.
American companies know this, and so would like to compete in that market. Unfortunatly, the Clinton administration just doesn't get it. Strong crypto WILL happen and WILL become ubiquitous. All it's going to take is the ineviatble stories of corperations loosing millions because of weak communications security. The only question is will U.S. manufacturers be locked out of the market.
As for law enforcement, even if they do know what to concentrate on, they could never enter it into evidence. With one time pad, there are many keys which will produce a coherent message, but you'll never prove which message was the one sent. Smart terrorists will know that as well, and dumb ones can be caught without breaking crypto.
Is there *any* case law on encryption exportation? Has the ACLU ever found someone willing to be a guinea pig for the current law? It seems like something that would fall to pieces in front of a judge, no matter how wacky the congress made it.
Interesting factoid. Look up the candidates for the gov't AES (Advanced Encryption Standard, replacing the DES standard encryption algo from 75 for non-classified documents, also available license-free to everybody). Check to see how many of the websites are from foreign countries (S. Korea included!) It's about 50% if I remember correctly, or 8/16 applicants.
Returned Peace Corps IT Volunteer
Posted by Lord Kano-The Gangst:
>The new bill contains NO restrictions on domestic crypto. It only upholds bone-headed restrictions on export.
Does MS include Crypto in Win9x? No, partly because they couldn't export it if they did.
Products like this are made for global consumption, they are also made to match the lowest common denominator.
When software for export and software for domestic release are linked. If you regulate one the other will necessarily be effected.
Think beyond the here and now.
LK
He didn't say it would be more favorable...he said it looked like they *WERE* going to get a clue...but it's obvious that now they aren't.
That's not what Hemos suggested. He was lamenting the fact that the American gov't *looked* like it was going to get a clue, but then promply lost it. Notice the past tense. He liked the old legislation and was disappointed by the new one.
Our government leaders have learned well the lesson taught by Orwell. In times of chaos, people always choose order over freedom. Always.
All we need is the terrorist incident of the month, whether it occured in OK City or Littleton to whip the sheeple into a frenzy of lawmaking that has nothing to do with the original crimes. An interview of the Southern Poverty Law Center on TV, and suddenly everyone who wants to talk details is branded a Right-Wing Christian extremist. Works every time.
Coupled with the mentality that the government will protect us from evil corporations, and no telling what will pass. Heck, 90% of the people here thinks it's the government that will protect their rights.
Good luck.
...is to make our voices heard, if we care about this enough to do it. Head over to http://www.cdt.org and read their take on the latest news. Type in your ZIP code, find out if your representative is on any of the important committees. Even if they aren't, CDT provides the phone numbers for the committees so you can call and let them know how you feel. The most important thing in the end will be to let your representative know how important the right to use encryption is to you. Perhaps a well-worded letter can educate them a bit, you never know. But try to get them on the bandwagon to support this bill in its correct form when it eventually gets voted on. Oh, and of course the full text of everything related to this bill is on http://thomas.loc.gov, just look up HR 850.
Products like this are made for global consumption, they are also made to match the lowest common denominator.
It doesn't work quite like that. Several companies I've been at, including Peter Norton Computing, produced domestic and for-export versions of the same software. The only difference was the inclusion (or, in one case, the number of DES bits of) of encryption.
The bill is stupid, but it's not Microsoft that will suffer; it's smaller companies and perhaps database and ecommerce companies. They can't afford off-shore development and production.
What this article means: the original SAFE bill was a big step forward in allowing exports of U.S. crypto. This new version of the bill contains amendments made by the House Armed Services Committee. This particular version of SAFE doesn't include many of the pro-encryption points made in the first version. The House Rules Committee gets to decide which version of the bill goes to vote before the full House - the original, the crippled Armed Services Committee version, or some other version.
What this article doesn't mean: the entire House have totally reversed themselves on what they will support and are now strongly anti-crypto. The President will assume full control of crypto exports and this control can't be challenged in court. These things should not be read out of this article.
My opinion: It may be the case that SAFE will be watered down somewhat when it reaches the floor of the full House. Depending on the political realities of getting legislation through the House, some amount of compromise is probably unavoidable. The original SAFE bill was a big step forward though, and I don't think that momentum can be totally erased or even slowed for long. There are too many legitimate uses for encryption, and U.S. companies are only going to lose more money in the international market if they can't compete with strong crypto. The government may not want to encourage individual use of cryptography (and may even want to discourage it, depending on your level of paranoia) but there will be enough money in the business uses of encryption that export controls will have to be relaxed.
Disclaimer: I work for a large nameless company which would be very happy to export strong crypto. No more mainaining two product lines!
Your right to not believe: Americans United for Separation of Church and