Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Relaxes Crypto Regulations

Posted by Hemos on from the so-relaxed-they're-in-a-coma dept.

Guru Meditation writes "CNN reports in an article that Clinton has decided to relax the export restrictions on crypto products, both hardware and software. " The Washington Post also has some good coverage of this. As part of the deal, the FBI will get funds to create a new "code cracker" unit. The Administration, however, did drop the proposal to require backdoor entrance for the government. The new regulations will allow selling to virtually any country, with a few exceptions for nations deemed a national security threat.

10 of 69 comments (clear)

  1. Why there's no info on free software distribution by Gleef · · Score: 4

    Here is the actual whitehouse briefing. The articles had no info on online or free software distribution, because the press release had no information. Our media has gotten so absurdly lazy, they don't bother to inquire about anything.

    It would be good if someone could find an online copy of the actual Executive Order.

    ----

    --

    ----
    Open mind, insert foot.
  2. Re:Minor nitpick... by substrate · · Score: 4
    For the NSA to get involved in certain actions would be beyond the scope of their charter, it'd be illegal. The purpose of the NSA (pilfered from the NSA web page) is


    The National Security Agency is the Nation's cryptologic
    organization.     It coordinates, directs, and performs highly specialized
    activities to protect U.S. information systems and produce foreign
    intelligence information. A high technology organization, NSA is on the
    frontiers of communications and data processing. It is also one of the
    most important centers of foreign language analysis and research within
    the Government.


    The FBI's charter however is:



    The Mission of the FBI is to uphold the law through the investigation of violations of
    federal criminal law; to protect the United States from foreign intelligence and
    terrorist activities; to provide leadership and law enforcement assistance to federal,
    state, local, and international agencies; and to perform these responsibilities in a
    manner that is responsive to the needs of the public and is faithful to the Constitution
    of the United States.


    The NSA's goal is to provide signal intelligence from foreign sources while the FBI's goal is uphold federal law and protect the US against foreign threats. They can be a consumer of information from the NSA if it relates to protecting us from foreign threats but not for residents breaking federal law.

    If I'm forced to have an orginization trying to spy on my signals I'd rather have the FBI do it, they won't have near the resources of the NSA (the worlds leading employer of mathematicians). To reduce the chances of me being spyed on I avoid breaking any federal laws.
  3. The stated reasons for doing this... by Mawbid · · Score: 3
    are very interesting:
    White House spokeswoman Nanda Chitre said the move, which was announced Thursday, affected software and hardware and was intended to benefit the economy, preserve privacy, serve the national security interest and protect law enforcement capabilities.

    "Serving the national security interest" and "protecting law enforcement capabilities" were apparently not the reasons for restricting export in the first place. We have always been at war with Eurasia.
    --

    --
    Fuck the system? Nah, you might catch something.
  4. Point of clarification by LizardKing · · Score: 3

    One thing that I never understood about the US crypto laws was this:

    Is it OK for a US citizen to *import* strong encryption?

    If the US laws state ony that crypto shouldn't be exported, then the law is becoming a bit of a non-issue. There arc plenty of good encryption algorithms and sopftware coming from outside the US, from places like Israel, etc.

    Perhaps this change of heart is to prevent other countries adopting draconian export licenses which would hinder US software houses. Of course, export laws will never hinder covert organisations who will use the best available crypto code regardless of laws ...

    Chris Wareham

  5. Minor nitpick Re:Minor nitpick... by kuro5hin · · Score: 3
    For the NSA to get involved in certain actions would be beyond the scope of their charter, it'd be illegal.

    The NSA doesn't officially have a charter. Or at least, if it does, you, I, and everyone else are not allowed to see it. The desription on the web page is filtered through some rose-colored glasses. NSA does not, and is not legeally required to, stick solely to foreign SIGINT. They tend to, because otherwise they piss off other US spy agencies, but they will do, and have done, whatever they feel is necessary, including domestic snooping on many occasions.

    In general, though, your conclusions are sensible. The FBI is not nearly as competent, so I'd much rather have them trying to decode my bomb plans, or laundry list, or whatever. :-)

    ----
    We all take pink lemonade for granted.

    --
    There is no K5 cabal.
    I am not the real rusty.
  6. How do I contact my representative??? by Slimbob · · Score: 3

    Slightly offtopic to the article, but relevant:

    One of the great things about electronic communication is that it gives the common man instant lobbying power.

    One of the greatest things Slashdot:YRO could do is to post a tool, or a permanent link to a tool, that lets you quickly and easily determine who represents you. I have occasionally seen posts with links to sites like Project Vote Smart that provide this ability. More frequently I have seen posts where people have formatted excellent letters to send to your congressional representatives that address various issues (UCITA, Microsoft trial, etc.), but I still have to do a lot of rooting around to find out who my current representatives are.

    This process could all be streamlined right here on YRO, if there was some kind of simple tool (enter your ZIP, up pop the email addresses of everyone who represents you).

    There are a lot of intelligent opinions on Slashdot. We need to make them visible in the political arena.

  7. Big fscking deal by coyote-san · · Score: 3
    As I understand the proposed changes,

    Microsoft will find it far easier to export W2K (which includes e&e Kerberos)

    My company *might* be able get an export license for a Kerberized Linux distribution. Or it might not, since my company is still at the "one person in the garage" stage. Red Hat wouldn't have this problem, but if the export license prohibited export of source code they're still dead in the water due to the GPL.

    Debian wouldn't have a snowball's chance in Redmond of being able to carry my (US) Kerberos packages on their pages.

    To me, this proposal is proof that "social engineering" isn't limited to crackers. This proposal will get industry lobbyists off the administration's back, and it gives them the perceived moral high ground on the Sunday morning talk shows. ("We've removed all but token obstacles to American businesses competing in the world market. Only drug running child pornography terrorists will be impacted, and We Don't Want To Help THEM, Do We?!")

    WE know that it also hurts us, but we also know that we're all a bunch of pinko communists. Just look at the "exposes" that appear on a regular basis.

    Finally, as others have pointed out Executive Orders can be rescended, often with no basis in reality. E.g., I'm still showing my passport to board domestic flights because TERRORISTS BLEW UP TWA 800. That theory has been discredited for years, but the EO that grew from it is still in effect. I would not be surprised if this EO blocked passage of SAFE, then in 6 months some crisis is manufactured which justifies slamming the door again. Naturally products with licenses (e.g., W2K) will be grandfathered.

    --
    For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
  8. Not a substantial change by anticypher · · Score: 3

    I think the Clinton administration is just throwing the dog a bone on this one. They have eased up only slightly on large companies with existing export agreements on crypto previously approved for export. In the future, a company will have to go through an export review only once before being allowed to ship crypto inside of another product. There is clearly no mention of freeware or OSS products in these press releases.

    What this bill does not cover includes sales to any foreign government, military, or ISP. Those will still require a case-by-case review. Only products that meet the requirements for law-enforcement intercept will get this one time approval, so key-escrow and door-bell systems will quickly get the green light, others will have to slog through a years long process. They will still criminalize exports to "terrorist" countries, such as Cuba, but allow it to friendly nations like Columbia.

    Nobody gets to see the wording of this new policy until December, so it is hard to tell why Hamre and Reno are smiling at this announcement. I have a feeling there is nothing new here except a minor improvement for big companies in return for a drop-in-the-bucket US$80million for a dedicated cryptanalysis team for the FBI. Its just a PR move.

    For another slightly pessimistic view, go read this San Jose Merc article. Given the track record of the administration, I really don't think they've suddenly given up the fight and want strong crypto everywhere.

    the AC

    --
    Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
  9. Worst case scenario (Part II) by Noryungi · · Score: 3

    Rejoice, crypto friends! Strong encryption is now about to be legalized in the US... Or is it?

    Here is a quote that I like (from the Washington Post):

    Pressed to explain the turnabout, Reno and Hamre said their concerns were assuaged by the administration's pending introduction of legislation called the Cyberspace Electronic Security Act of 1999, which would give the FBI $80 million over the next four years to establish the new code-cracking unit.

    That's really interesting. Up until now, the NSA was not allowed by the law to conduct SIGINT (code-cracking) operations against US citizens. Now, this new law gives the FBI a spanking, brand new unit, specialised in... tada! code-cracking! I think this little outfit will be more like a joint-venture between NSA and FBI. It happened before -- but now it's going to be legit.

    Think about it for a second: who is the ultimate authority in code-cracking? NSA. Who has been playing the little game of crypto for the past 20+ years? NSA. Who has the brain- and CPU power to do some serious code-cracking? NSA. I can't believe, for more than 10 seconds, that this agency is going to just stand there and let the FBI have it its own way, especially since these people have been very cosy for a number of years now. Expect some interesting stories to surface in the near-future... I really expect the NSA to start spying on US citizens. Maybe not on a scale on a par with the "Echelon" project, but certainly a lot more often than what was the case previously.

    Another important question is: WHY NOW? Why accept a law these people have been fighting tooth and nail for the past 5 years?

    Is it because there really isn't any choice and crypto's Pandora box is open? It's possible. The rest of the world has been doing a great job creating strong crypto, despite (or because of) the silly US ban on export.

    Is it because NSA scientists would like to get fat stock options from new Silicon Valley start-ups? That's possible too. Some of these people are incredibly smart, and it must hurt to see so many bad code out there, while they are the cream of the crop, but can't talk because of the security involved. Expect plenty of little, unknown crypto companies to appear overnight if that's the case.

    Is it because the NSA has found a new way to factor prime number? That could also be the case... Imagine 2048 bits crypto cracked in 15 seconds flat and 4096 bits in half an hour, due to to some ultra-secret mathematical breakthrough. Why keep on playing the export control game? Just let crypto go free. NSA can read your e-mail anyway. Oh, and your SSL transactions as well. Of course, it's not going to publicize that fact.

    Yeah, I know. I *am* getting paranoid... =)

    But you have to admit this last scenario makes sense, all of a sudden. It certainly explain the change of heart of this ultra-secretive organization. And the fact that it makes Al "I invented the Internet" Gore looks good doesn't hurt, either.

    Just my $0.02...

    --
    The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
  10. Re:What's the real deal? by ebenson · · Score: 3

    You can find the full text of the bill itself and an analysis here:

    http://www.epic.org/crypto/legislation/cesa/

    It appears that 64 bit encryption will be allowed, and 128 `may be' allowed if it is designed for `end users' and does not require very much tech support, and is not being exported to the 7 `terrorist' countries.

    I also read in a transcipt of a White House briefing that Wassenaar will be modified to reflect this somehow, but it was somewhat vague...

    Something else interesting is this so called 3rd party key repository which people can optionaly deposit thier private keys for `backup' purposes. The Government of course can get access to any key this 3rd party has after getting proper `judicial authorization'. I am sure we will see alot of Government BS to try and convince people to deposit thier keys...

    --He who gives up liberty for security ends up with neither. --Benjamin Franklin

    --
    Ethan