Slashdot Mirror
SAFE rewritten to be more law-enforcement friendly
Alex Bischoff writes "According to this article, SAFE (the Security and Freedom through Encryption act) has been rewritten to be more law enforcement friendly. 'The House Armed Services Committee voted 47-6 Wednesday to replace an industry-endorsed encryption bill with substitute legislation drafted by law enforcement advocates.' " And for once, it looked like the US Gov't was going to get a /clue/ about crypto.
Disclaimer: I did read the article.
While it is true that this bill does not contain any regulation of domestic encryption, it does contain certain ominous particulars. The most obvious of these is the clause which places the whim of the president above any law or court.
Don't assume that it will be found unconstitutional. When the issue of 'national defense' is raised, we have done far worse. Remember the atrocities committed during world war II, towards the general asian populace? Once this has been established, the framework will have been laid for much more extensive legislation. This is exactly analogous to the anti-gun movement, the pro-welfare movement, etc.
The first step in erasing freedom lies in restricting a basic right in such a way that no one will complain. No one needs field artillery or heavy machine guns. Later, this becomes 'cop killer' bullets and assault rifles; note that neither of these terms existed before they became illegal. In crypto, it will become 'strong' domestic crypto, or possibly 'military-grade' crypto. Why would anyone need that if they weren't using it for something illegal?
Later, someone will be caught dealing drugs or *gasp* helping illegal immigrants into the country, and it will be discovered that they used encryption to hide their nefarious activities. The brady bill of domestic encrytion will be passed, and everyone who stands against it will be a child molester just like everyone who opposes handgun control is a psychopath today.
After all, my mom doesn't understand either subject and votes the way the minister tells her to on sunday. Millions of other people do the same. The number one concern Curt Weldon and JC Watts have is getting re-elected, and the masses will be happy to do it as long as it makes them feel safe, regardless of how accurate that feeling is. In a democracy it is very dangerous to be a minority.
BTW back to the president's newest empowerment: if it passes, and he chooses to make all cryptography illegal to keep saddam from blowing us up or something, we won't be able to revoke it. Ever. Unless he decides to change his mind.
... and there is no doubt, that one day he will be
where the eye of his telescope has already been
I'm sure the LEAs behind this re-write would force us all to accept brainwave tranceiver implants if they could figure out how to do it. As far as they're concerned, your average law-abiding citizen is just a mark to be hustled.
Congress, on the other hand, are just lazy, uninformed, spoiled, sub-par human beings who don't give a hoot in hell about the laws they pass as long as they are returned to their gravy train every few years. Most of them never bother to read the bills they vote on, even though they all fight for the chance to give a little "Give me this law, or give me death!" speech every time the C-SPAN cameras' little red lights flicker. They don't care if the laws they pass actually accomplish anything useful, as long as there will be another checkmark next to their name in the "Tough on crime" column in some lame "Voter Guide for The Braindead" in 00. Anti-crypto laws have just about as much effect on criminals' use of crypto as gun control has on their use of guns. The law-abiding are the only ones who obey these stupid laws.
Judging by the conduct of the folks from Washington, they think the laws they pass are for suckers. Kinda' makes me wanna' puke. Sorry for the rant, but I'm fed up.
slashdot broke my sig
Five committees have passed versions of this bill. The Rules Committee decides which one to send to the entire House, and they are friendly(er) towards the bill. It almost certainly won't be the fascist inspired version from the Armed Services committee.
--
Infuriate left and right
You think that they don't know that if you use strong encryption that they can't read your email? Of course they know that. But they don't care that you don't want them to read your email. They want to be able to read it, screw you. And they realize that few enough people care today that they can go ahead and abridge rights now, and then people will never have them later to miss... they can seize the right now, before people realize they have it. And they know that if most people never become accustomed to it, they won't ever want it or miss it.
If you never saw a computer, never used email, and nobody else did, then you wouldn't miss it. If someone took it away from you now, you'd be pretty angry. I know I would. And it is the same way with all sorts of rights -- if people learn that they have a right, they will fight to keep it, however if they never think they have a right they won't really care.
Why do you think it's so hard to take away guns from people here in the US? Because it's our right to have guns. Law abiding citizens have the right, given to us by our government, to own firearms. I don't know if that was a good idea, and that isn't the point of the argument. The point is that when the government makes movements to abridge that right, people get angry. Because they have learned to exercise the right.
-- Erich
Slashdot reader since 1997
In short, they make it illegal for US companies to create top-notch secure software. I guess that if the job really requires the security, our only legal option would be to import software from Europe.
This isn't crippling the world's ability to do crypto. It's just insuring that the US won't be able to cash in on it.
Methinks that the NSA came up to Washington one day and strongly encrypted some legislators' minds. In some cases, the point is that it inhibits rights. That aside, my problem is that it won't work to do the job it is supposed to do. It will just move the suppliers overseas, and let them legally export the tech to us.
--The basis of all love is respect
From the article: "It [the new bill] says any White House export decision cannot be challenged in court"
This is a democratic government? This all sounds highly dictatorial to me.
Yes, indeed, they do. Win 98 includes Internet Explorer (remember, it's a part of the OS...repeat that enough times and you might believe it). Internet Explorer is an HTTPS client, and thus has SSL encryption. Now, are there two strengths of Win98/IE, one for domestic and one for foreign?
And so what if they did ship Win98 with the full 128-bit crypto? The government seems to have little control over Microsoft anyhow. Would the DOJ come by and issue a cease-and-desist?
Win98 ships with IE. IE ships with cryptography. The state department defines cryptography as a munition. Win98 comes with munitions.
Or, in short, Win98 bombs.
--The basis of all love is respect
Every time crypto export regs come up for discussion, people say that the regs are nonsensical, that the theory is that the rest of the world is too stupid to develop strong crypto. This is incorrect on both counts.
Let me state at the outset that I support an elimination of the crypto export regs as I do not believe that they are effective. They have not prevented strong crypto from reaching the rest of the world, and esp. not the black hats, who are after all the sole legitimate target of this sort of thing anyway.
The idea that crypto is a munition is correct. It is a tool which is used to defend oneself (in this case, one's data) from an enemy. It can be used by one's enemies to defend their data from your perusal. Lest you think that this is a minor argument, recall that we won WWII mainly through the strength of our cryptology work; without it the Germans and Japanese would have controlled the globe (I discount the Italians for the simple reason that they would have in time been absorbed by the Germans).
The logic of denying one's enemy weapons is not that he cannot develop them for himself; it is rather that there is no point in developing them for him. Anyone can make an atomic weapon; it's not that hard to do. But we don't allow them to be sold. This keeps the barrier to entry higher than it would otherwise be. Ditto for cryptology. Anyone with a semi-decent grasp of programming and a book on cryptology can come up with a workable encryption program. But why should the US do the work for him?
There are legitimate concerns about cryptology. It makes intelligence gathering much more difficult, forcing it to rely on fallible human agents much more than on intercepted transmissions. Our national status is at present due in large part to the efficiency of our intelligence apparatus. Without it, we are much weakened (although not entirely; we also have an excellent military and a top-notch economy).
Unfortunately, the cat is out of the bag in regards to cryptology. With modern software only one person need duplicate functionality for the entire world to use it. Our export restrictions on cryptology now do more harm than good (and they do do good, by making it more difficult for encryption to be used); they have hurt the international competitiveness of our industry. Hence they must be revoked.
Crying that they're holding back technology means nothing; it's like a chemical firm complaining that chemical weapons restrictions are holding it back. It is futile and wastes precious political capital.
As regards encryption with the borders of the US, it is quite rightly allowed. This is a nation which deems rights more important than security. Hence the First, Second, Fifth and other Amendments. This is why we are innocent until proven guilty. This is why the right to encrypt one's data is preserved. IMHO, we should add a new amendment to the Constitution guaranteeing that right.
However, an internal right does no mean that it means anything when crossing international borders. A right to say what one wishes here does not nec. mean that one can carry that tape out of this country or into another. Otherwise espionage would be legal. Restricting export is not a free speech issue. It's a bad idea for other, equally important, reasons.
The problem with the various provisions of the amendment is that they take us right back to where we started. A centralized body with no incentive to allow free exchange of ideas decides whether US citizens can export any given piece of encryption software.
Clearly they're not doing this to prevent strong encryption from exiting the US, since it exists in quite usable forms elsewhere. They're doing it to advance an agenda that links privacy with illegality.
It's worth remembering that even representative governments are not reliable defenders of civil liberties....
NSA: Sir, will you please look into this light.
Representative: What is this some kind of eye tes...
(flashy light thing)
NSA: Now sir, remember you work for us, you do everything we tell you. You are being placed inside Congress as a representative, so act the part. But remember you must always report back to us. Now sit straight BOY.
I honestly think we'd be in a worse position. Today, we have a body of law that is being challenged with some success in the judiciary branch. I don't know if the evolution of this would repeal crypto-export restrictions, but a new legislation would render a lot of this work null and void. You would have to litigate the new law all over again, and maybe not have the same success.
Additionally all the other arguments about presidential control would still apply.
What scares me even more is bullet #5. What sectors would be subject to license free treatment of encryption products above the threshold, consistent with US policy? Can you imagine the abuse and administration needed to establish this objective. First, you would have to have a committee to classify and recommend sectors. Is Be an OS, multimedia product, internet browser, etc. Is it all of the above. A new corporate legal war emerges to determine product's class and industry sector. Until now, we left this to the marketing departments and trade journals. It would now be an issue of law.
Furthermore, think of the political lobbies necessary to get sector or product exemption. It could be prohibitive for all but large companies to lobby for an exemption. This is just for the legal methods. Imagine the abuse possible for illegal methods... bribery of officials, back corner deals to escrow keys with the NSA.
As mentioned previously, it would also be a first step toward controls for domestic encryption controls.
Notes from the article:
"Proliferation of encryption technology would harm our ability to gather vital intelligence, jeopardize our early threat warning and attack assessment, risk our ability to maintain an information-based advantage over our enemies, and place our nation's most secure systems at risk," said Representative Curt Weldon (R-Pennsylvania), who introduced the amendment.
Bullcrap. Our enemies already have encryption that's probably good enough to hide what they're doing, if they want to use it. And if they haven't got it yet, they can order the books from Amazon.com and code it in themselves! Do all US Reprehensibles think the enemies of the US are stupid?
The version approved by the House Armed Services Committee would grant the president complete authority to deny any expert controls that he considers "contrary to the national security interests of the United States."
So the Prez will have dictatorial control over that aspect of our lives. Sieg heil!
Weldon's bill contains no domestic restrictions on encryption, but the measure is hardly what tech firms had hoped for.
Hmmm.. guess they haven't figured out a way around that pesky 1st Amendment yet, or they'd ban domestic encryption too....
It says any White House export decision cannot be challenged in court -- an attempt to block lawsuits like one brought by a math professor that won a recent victory in the Ninth Circuit Court of Appeals.
THIS is what burns me up. Either is is blatently unconstitutional, or we need to shoot the buggers and start from scratch. NO law or decision should be immune from challenge in court -- that's what the bloody courts are for in the first place!
I'll say it again... it's time for us to head for the moon and live there.
The NSA (and this is their long spiny fingers in action) is made up of either morally devoid or completely brainwashed people ("Must not give freedom, freedom leads to chaos, must not give" etc), but they are no doubt intelligent. They know they cannot stop crypto, they know that terrorists and foreign governments mostly have, or could have, unbreakable crypto today.
But, just like Microsoft who can't stop Linux, they know that if they use everything in their power to make it as clumsy and complicated for Crypto to be widely used, they can keep it out the hands of the every day man (their real favorite targets) for as long as possible.
And its working, until people either smarten up or the courts do, Crypto will never reach widespread use.
I think that the Open Source community should try and come up with a really heavyweight encryption algorithm outside the US.
GNUpg is already out there. It looks to be as strong, and more versitile than PGP.
Abject stupidity is the only explaination of US crypto policy. They might as well ban the export of sand to the middle east.
The only people they are hurting in the name of US national security is the citizens of the US.
Whether this particular restriction is constitutional is a harder problem, as it would seem to foreclose all avenues of relief for violation of a constitutional right. It's not a foregone conclusion, however.
If they can stop 1 terrorist by infringing on everyone's rights, then they think it is worth it.
Ten minuts of actual research on the internet would show them that anyone in the world (except perhaps China) can freely download the latest in crypto technology from a number of countries.
The only explaination I can find is that they honestly believe that non-Americans are too stupid to develop strong encryption. Sombody's stupid, but it's not non-Americans.
You are absolutely right that, for any saavy internet user, the US export restrictions are a joke -- just surf over to a non-US site and grab any crypto you want.
What the US restrictions are effective in doing, however, is to cripple the development of cheap, commercial, embedded crypto. No US company want to develop a domestic-only product, that will qualify as munitions per export regulations. So they don't bother.
So, are the export restrictions effectiving in preventing all use of crypto? No. Are they effectiving in keeping the Bad Guys from using crpto? No. But, they are highly effective in preventing the widespread use of crypto. They are highly effective in preventing the use of strong crypto in part of the underlying communications infractructure.
I will leave it as an exercise to the reader to determine for themselves if we have this situation because the spooks at the NSA are so darn clever, or because the politicians in Congress are so darn stupid.
Of course, and here is where it gets sad, there's another problem:
It's not the "government" that doesn't want us to have any rights, it's the majority of the American population. You think there's any way in this universe that the First Amendment would pass if it were being proposed as law today? "What Communist drivel!" would be the likely response to it.
I'm fully aware that for various reasons the FBI's probably got a file on me (due to my connection with organizations that are "subversive" or perceivable-as-such, and possibly my ex-boyfriend who has ties to the IRA and probably has an even-more-interesting file on HIM lying around in some corner of the FBI).
I'm also fully aware that I held a job in a secured area of a bank, a job that required me to be bonded, with no problem.
I'm not paranoid about the "government" or "law enforcement." Not yet. I AM "paranoid" about the grassroots conspiracy in this country to take away our rights. It's much more of a threat to the not-so-average American, which probably includes most if not all
"Somebody exploded a letter-bomb today
It's just unbelievable to me that they really think they can do anything about strong encryption in other countries with these dumbass laws. Either they are, as you say, idiots or they have a different agenda in mind.
The only thing that these laws seem to accomplish is to prevent U.S. companies from putting strong encryption into their mainstream products in order to (a) avoid managing two versions and (b) avoid the legal liability of accidental exports of the products.
Therefore, I think this law is aimed at us, the regular citizens of the United States, rather then foreign countries. While there are undoubtedly "useful idiots" helping in this effort, I'm afraid it is optimistic to conclude that idiocy is the core problem. The real problem is people who don't want to be inconvenienced in reading our "private" correspondence.
Geeky modern art T-shirts
Strong encryption will be built in to many products, they just won't be made or sold by American companies. This is a great opportunity for lesser known companies to get themselves into the market based on providing strong crypto.
American companies know this, and so would like to compete in that market. Unfortunatly, the Clinton administration just doesn't get it. Strong crypto WILL happen and WILL become ubiquitous. All it's going to take is the ineviatble stories of corperations loosing millions because of weak communications security. The only question is will U.S. manufacturers be locked out of the market.
As for law enforcement, even if they do know what to concentrate on, they could never enter it into evidence. With one time pad, there are many keys which will produce a coherent message, but you'll never prove which message was the one sent. Smart terrorists will know that as well, and dumb ones can be caught without breaking crypto.
What this article means: the original SAFE bill was a big step forward in allowing exports of U.S. crypto. This new version of the bill contains amendments made by the House Armed Services Committee. This particular version of SAFE doesn't include many of the pro-encryption points made in the first version. The House Rules Committee gets to decide which version of the bill goes to vote before the full House - the original, the crippled Armed Services Committee version, or some other version.
What this article doesn't mean: the entire House have totally reversed themselves on what they will support and are now strongly anti-crypto. The President will assume full control of crypto exports and this control can't be challenged in court. These things should not be read out of this article.
My opinion: It may be the case that SAFE will be watered down somewhat when it reaches the floor of the full House. Depending on the political realities of getting legislation through the House, some amount of compromise is probably unavoidable. The original SAFE bill was a big step forward though, and I don't think that momentum can be totally erased or even slowed for long. There are too many legitimate uses for encryption, and U.S. companies are only going to lose more money in the international market if they can't compete with strong crypto. The government may not want to encourage individual use of cryptography (and may even want to discourage it, depending on your level of paranoia) but there will be enough money in the business uses of encryption that export controls will have to be relaxed.
Disclaimer: I work for a large nameless company which would be very happy to export strong crypto. No more mainaining two product lines!
Your right to not believe: Americans United for Separation of Church and