Slashdot Mirror
Bernstein Back in Court
William Tanksley send us the story that Bernstein, who's case against the United States resulted in a three judge panel over-turning the US laws regarding exportation of cryptography software. At the request of the DOJ, a full Court of Appeals will rehear the case. Here's to hoping that the full court follows the advice of the panel.
The point of the crypto export laws is to prevent crypto fromm becoming something that we all have, without having to go to the effort to find it on the net and install it. As long as the US government continutes to be a pain in the arse to anyone who wants to make privacy a standard feature of operating systems and communications software, then *most* communications will continue to be sent in the clear. The REAL purpose of prohibiting strong crypto, is to make it easier for governments to commit crimes against law-abiding citizens. -jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
The problem is that they don't seem to consider it any more a violation of the 5th amendmant than you having to let them search your house if the've got a warrant. It can incriminate you. And it requires action on your part. But it's not considered self-incrimination. Just gathering evidence. They try to pass off forcing people to decrypt data as being the same thing. At least that's the logic I've heard applied to this.
God does not play dice - Einstein
Not only does God play dice, he sometimes throws them where they
An idea is an idea, no matter whose brain it's occupying. If you're reading something into a message other than what the words in the body say, you may be misleading yourself about what the idea is.
And I see no courage in giving a pseudonym you can't usefully harm or even threaten me with. I simply don't because IMHO identity insinuates itself into feelings of status and territory and detracts from critical reasoning.
Thank you for that post.
The notion that codebreaking was the "only"
factor was something that I wanted to object to
very strongly. However, having just finished reading Cryptonomicon I understand now why that belief is making the rounds. Stephenson did a fine job of using factual matter to immerse a reader in a fictional plot. Bravo.
-fb Everything not expressly forbidden is now mandatory.
"A strong parallel to gun control legislation exists here"
I do NOT think so.
Guns kill people. Encryption does not.
A U.S. citizen does NOT have to worry that another U.S. citizen with encryption can kill them.
The same does NOT apply to guns.
Exactly what is the United States government trying to accomplish here? Pro-active crime prevention by outlawing these "criminal tools?" We already learned this lesson from gun control, the bad guys have the crypto anyway. In a peverse sense, the government will settle for as many "law abiding" citizens as possible to march off like lemmings to a totalitarian future.
As I mentioned earlier, data sitting around on your hard drive is harmful to no one, so why does the society at large need to look at it? Putting data on one's hard drive beyond the purview of society stands as a check for the individual against society at large. I didn't touch upon freedom of speech with respect to cryptography, which I will do now.
Freedom of speech isn't perfect. For example, I can't send out company secrets to a competitor. Where does cryptography fit in? While cryptography may be used in the capacity of exchanging trade secrets, it doesn't address the fact that sooner or later the competing company is going to release a product based on those services, and enough evidence will be available to track down those resposible, cryptography or not.
In spite of the government's paranoia, cryptography, as used in criminal activities, is really only a small element. For every "actual" crime (read: not thought crimes) there will be plenty of physical evidence for forensic wizards to ascertain not only the identity of the suspects but also the last time they wet their beds.
In a nutshell, an individual's ability to deploy encryption is more important than the off chance that some real crime goes unsolved due to lack of other evidence.
I've visited police states. Chile under the early years of Pinochet. The cops on the corner have uzis and there is no radio station except the government station and there is a 1 AM curfew which is enforced by the military going up and down the streets with jeeps and APC's with 50 caliber machine guns mounted on the back. If your wife goes into labor at 2 AM you have to call the military to come get her but they usually don't come. If you try to drive her to the hospital yourself they will shoot you. This actually happened while I was there.
/. complain a lot about the government, but they also fit the profile of the most politically apathetic segment of the US, Gen X & Y. If you lose what Jefferson and the other founders built IT IS YOUR FAULT.
By the way, this government was put into power by the CIA under the instructions of R. Nixon.
The price of freedom is eternal vigilance. If you don't like what the government is doing let you elected representatives know about it. Support organizations like the ACLU. Watch the voting record of the people you elect. The people on
Last year I worked for a congressional campaign to unseat a radical conservative who had voted for 8 constitutional amendments during his term. These amendments included a ban on flag buring, a ban on abortion even if cases of rape incest or if the mother's life was threatened, and a override on the school prayer issue. In my opinion this was a totally outrageous assault on the fundamental rights of all Americans.
DO YOU KNOW WHAT YOUR CONGRESSMAN IS VOTING FOR?? Do you check his voting record??? DO you let him know about issues like the crypto problem?
The U.S. government has the bizarre idea that its laws and jurisdiction apply to any U.S. citizen in the known universe.
Mea navis aericumbens anguillis abundat
They can simply subdue you if you refuse the warrant - but what are they gonna do to your computer? Inject it with truth serum? Ha! Good luck. It'll be a long, long time before the government can crack the security I have available at my fingertips right now.
Personally, I've given up on law enforcement - they've made too many mistakes for me to trust them to "serve and protect" anymore. I have decided that I will not cooperate with government or law in any fashion until they can prove (to MY satisfaction) their motives and intent. They're simply too untrustworthy - I would trust a bum on a street corner more readily than our so-called justice system.
It's a sad state of affairs - and the only long-term solution I can see is to return the power to the average citizen, rather than allow a corrupt few to share it amongst themselves. We need to bring back the right to bear arms, we need to create a public-review (NOT peer review) system that officers are subject to, and we need them to be tried for their crimes. In short, we need accountability. And privacy would be nice too.
--
The generally accepted theory is that the courts can supoena anything "written down" (your keyring) but not anything in your brain (your passphrase). Of course, all they have to do is claim you have it written down and hold you in contempt of court...
The problem with this stuff going on with the Brooklyn Museum is that it is exactly censorship and violates both freedom of religion and freedom of speech. The Mayor of New York has threatened to close a museum for displaying a certain piece of art. There is nothing more direct and obvious as this. This is not a matter of paying for a piece of art that is offensive. It is a matter of closing cultural resource for displaying something the mayor does not agree with. It is ALSO a matter of a mayor trying to make political hay with an upcoming election by trampling all over the constitution.
As far as I am concerned this is a gross abuse of power on the part of the mayor, indistinguishable from any other attempt to repress free speach. What is even worse is that the only reason it is being done is to pander to a certain segment of the voters in anticipation of running for the senate.
Dammit my family has been in North America since 1626. My forefathers names are on the Declaration of Independence at the bottom next to John Hancock and Thomas Jefferson. Thet did not go to war to defend the constitution 23 times to put some tinhorn idiot like Gulliani in power to tell me what is offensive or not. I THINK I CAN MAKE UP MY OWN MIND ABOUT THAT, Thank You.
If you think this is about paying or not paying for a painting, you are WRONG. This is about government interfering with a cultural institution (the Brooklyn Museum) which has a long and respected history IN ORDER TO DO ONE THING, get your name in the paper.
Anyone who votes for Gulliani after this.....
Imagine if one in ten people crossing the mexican border decided to put little baggies of sugar in their car. Can you imagine the overhead required to seperate the 'fakes' from the real mccoy? It'd be astronomical! If only 1:1000 people actually transported drugs across the boarder, that would mean that only 1% of the people they searched would actually yield *real* drugs. The other 99% is a waste, so you increase the cost per search DRAMATICALLY. You get the idea - and if they decide to outlaw sugar-exportation out of the country, that's gonna piss off alot of sugar businesses. Or oregano exporters for that matter. :)
My point here is that if you make it sufficiently difficult to distinguish the real from the fake... a simple cost-benefit analysis yields that it is an ineffective way to prevent the problem. In effect, simply keep raising the stakes until they can no longer justify the expenditures being made to catch the few 'real' crypto users. Imagine if 30% of your tax dollars went to catch ~130 crypto users each year. Would you stand for it? Hell no!
--
This is really a funny point. Maybe the 30% of all network traffic is not NUDE BUSH SHOT ANAL LESBIANS etc.... but rather well encrypted documents. Its all in the flesh tone variations.
How is this "offtopic" This is directly related to the topic of censorsip in the United states!
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
ReadThe ReflectionEngine, a cyberpunk style n
I wouldn't put my hopes about a solution for to the crypto issue from this process: it just won't happen. The american regime has decided to show its true face in this issue, and will continue to fight this freedom no matter what the court decides.
/. is like a steer's horns, a point here, a point there and a lot of bull in between.
Victory in the crypto battle can not, and will not, come through traditional law.
However, the more frightening issue here is what this court is actually supposed to decide, namely, what is speech? Current human rights of free speech come from an age when speech WAS information, and information WAS speech. But, because technology has evolved to the point where most communication is machine to machine, we have (thanks to our unenlightened leadership) gotten a double standard where some information produced by humans is speech, and some is not.
So now They are trying to decide whether the form of information we call source code should be protected as speech. To those of us whose thoughts are often recorded as source code rather than speech or text, the fact that this should ever be in doubt about this seems horribly prejudice. I wonder if a single of the judges in that court has ever written a line of code or has ANY insight on the amount of creativity inherant to programming.
Actually I don't wonder. I'm pretty sure I know the answer.
And of course it goes further. If source code is speech, tell me why machine code is not? Is it because its doubtful that I be able to find any meaning in machine code myself? Then exactly what are the standards by which information attains "meaning" enough to be speech? Could I have them on paper so I know for the future?
-
Most geek freedom things I'm behind, but this one is a little more understandable, but I'm still against the laws. I don't see it as a sign that the US government is collapsing or some stupid shit. Just another idea I don't really agree with. It's perfectly understandable that the US wants to protect itself.
We all know the fact in the subject :)
Hopefully, however, this ruling won't be repealed, and will stand. I'd love that.
Of course, it looks like that day will be the day that the NSA releases its charter to the general public.
Why do the US bother? I mean - anyone who wants to get Encryption software can through illegal (getting US versions of software over the internet is piss easy) or legal (i.e. GnuPG) means. The only people this affects is businesses trying to sell software.
Call me stupid but I just don't understand these laws.
Crypto is outlawed. Given the current state of law enforcement, I don't really think we have anything to worry about - they can't even keep track of the script kiddies right now. Later on, provided they do get their act together, anybody wishing to practice civil disobedience can send "look-alike" PGP messages. Just cat the output of /dev/urandom to uuencode, strip off some of the header and footer info, and put "-- BEGIN PGP SIGNED MESSAGE --" at the top of yours. Looks authentic.. but it isn't crypto.
Here's the other problem with outlawing crypto - do 'ya think the DoJ is gonna convince the 230 some odd countries around the world to agree with them and do the same? Not likely. So all you need to do is route network traffic through one of the countries that DOES allow crypto.
Let's assume now they DO allow crypto. US companies rejoyce, e-commerce in this country gets a shot in the arm, and the stock market people are happy. Do 'ya think the DoJ is stupid enough not to realize they're gonna piss off *ALOT* of companies and investors by outlawing cryptography? Yeah.. my thoughts exactly.
--
From what I saw of it the first time around, it sounded like they didn't care about algorithms, only implementation. That makes it a hard arguement. The algothithms seem much more free speech related. In fact, based on what pgp did, it seems to be possible to get away with almoat anything if you put it in a book. That also makes it a harder arguement - if you want to publish it just stick it on paper, no one's stopping you.
On the other hand I'm all in favor of anything that loosens our crypto export laws.
God does not play dice - Einstein
Not only does God play dice, he sometimes throws them where they
We don't seem to have a complete first sentence:
:)
William Tanksley sends us a story that Bernstein, who's case against the United States resulted in a three judge panel over-turning the US laws regarding exportation of cryptography software.
umm, that Bernstein what? shouldn't write posts early on a Saturday morning?
What with Dvorak being as fast as dvorak and what's your favorite 'protocol,' it looks like proffreading doesn't fall under the umbrella of 'stuff that matters.'
Kevin Fox
Foo Blargle Me Noitzen!
What did I just say? It could have been non-sense... or it could have been a one-time cipher I'm using between me and a friend of mine to tell him I want his mp3 collection.
If you outlaw crypto.. the crypto experts will simply design a new system that doesn't *look* like crypto. Steganography(sp?) anyone? No officer, that REALLY IS a jpeg of pamela lee I posted to my friend... it REALLY DOESN'T contain the nuke codes for all the missle installations in North Dakota. :^)
The way I see it - this'll turn into another 'war on drugs' - with the only losers being the common citizen. We'll lose what (very little) civil rights we have remaining.. and will have gained nothing for it.
--
You may not have noticed this, but the laws of Britain are not subject to the United States Constitution.
I'm old enough to remember when discussions on Slashdot were well informed.
Dammit my family has been in North America
since 1626. My forefathers names are on the
Declaration of Independence at the bottom
next to John Hancock and Thomas Jefferson.
Great! So since your family has been around sooo long and reaped the benefits of doing so. Why dont we have you and all you kin folk pay for such things as affirmative actions programs (been around as long as your family has, prolly real good chance you owned slaves and profited from it), welfare, politicians salaries (your kin created the abomination that the US gov has grown into), and everything else that your "old generation" family has made out on but never paid for!
The Brooklyn Museum is TAX PAYER FUNDED! If 90% (or even 51%) of the TAX PAYERS do NOT wnat to see such DRIVEL labled as art, we have a FRIGGING right NOT to pay for such CRAP! I dont care if it is Gulliani making this a political issue in order to get re-elected. ITS STILL A POLITICAL ISSUE THAT MANY MANY PEOPLE CARE ABOUT!
If the artist is sooooo interested in expressing his point of view or his "art" have him seek private funding, or stand out on the street with a display like the rest of the nutcases.
Erhm, actually I think this ruling is not saying that source code is protected, but that the speech within encrypted data could be protected. 's the difference between a printer and a printed page.
Uhm, you mean he should check his spelling.
His grammar is OK.
A bit more on topic: what other cases exist
which could overthrow current encryption laws?
It seems that neither president nor congress
will get rid of encryption restrictions, so
we are left with the third branch of government
to protect our free speech. So what other cases
are in the ACLU's (or EFF's or whoever's)
pipeline?
The US government is divided into three branches: the legislative, the executive, and the judicial. Of these, only the legislative branch is directly elected by the citizens (and only half, the House, is constitutionally so; the 17th amendment is likely unconstitutional since it varies the representation of the states in spite of the terms of article V). Most of the executive branch is appointed, and the President is indirectly elected via the electoral college system. The judicial branch is appointed via a combination of the president and the senate.
Ultimately, if the general citizenry becomes informed and active, the government gets an overhaul (and slowly so, since so much of the government is appointed/elected indirectly); until that remote condition is met, no progress will be made. That possibility becomes even more remote when you start to account for things like all the gerrymandering with the districts (the supreme court has held that it is a proper constitutional purpose for drawing districts to help incumbants remain in power).
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
So, if this goes to the Supreme Court, which is like a "Beowolf of Judges", what then?
How on earth can anyone restrict my right to communicate with my neighbor in any way I choose?
"Hey Ivan, ONE-ZERO-ONE-ONE-ZERO-ONE-ZERO-ZERO-ONE-ONE, eh, buddy? Ha, ha, ha..."
Could this be expanded to the phone and the 'net?
and it just so happens that he is a co-sponsor of the SAFE bill (the original, not the DoD version). Not that the SAFE bill will ever get by a presidential veto, but it still gives me a warm fuzzy feeling.
you're talking about Rudy Guliani and organized religion. You really can't expect much in the name of freedom from these two.
/world. You want to make a difference, get off your computer, go out into the real world, and affect normal people. You're not helping very much just ranting on slashdot (as i make a hypocrite of myself).
Perhaps you don't know much about New York City, but mr. Guliani hasn't been that friendly toward freedom (I'll take your car away and never give it back if you get caught drunk driving as one example).
Organized religion doesn't care about freedom in general. I don't even think most major religions support the "freedom of religion" clause. But that's their right under the first admendment, and they can protest all they like. The catholic church is not a government institution and therefore cannot be held up to the standards of the constitution, only protected by it.
Now, you say our freedom is clearly and presently dangered. Freedom is ALWAYS endangered. The price for freedom is eternal vigilance. You're lucky you have organizations like the ACLU watching the back you're too secure to watch yourself (not you specifically - the general public).
Politicians can make people feel better by making them more secure. People don't care about freedom when they're scared of crime, or terrorism, or economic collapse. They want to be secure, and politicians exploit that to its fullest. Freedom and security clash head on. They can't co-exist efficiently, if at all. Why do you think "for the children" is so effective???
No one will care about freedom until it's gone. We're lucky here on the 'net, because we are so free. And we're much more vigilant, because we can see more clearly whenever out government infringes on our freedoms.
The ban on the export of strong crypto is only one of the many many things our government is doing to make its people feel secure. Do you feel secure without crypto? I sure don't. But the 80% of americans who either don't have the net, don't use it for anything but porn&cnn, or don't even know what crypto is.. they feel pretty damn secure. Do you think freedom matters in politics? It only matters in law. Unfortunately, even law is sometimes corrupted by political influence.
So if you, any of you, are so upset that the government is trying to censor you and take away all your basic necessary freedoms, why don't you head off and take a gander at www.aclu.org and perhaps donate some money? Or even better, write your representatives every chance you get. Or Head on down to washington and lobby for freedom.
We're not in the real world folks, this is
anyway, sorry for the rant.
72656B636148206C72655020726568746F6E41207473754A
The ruling actually was: use of source code in an explanation of how cryptographic algorithms work is a protected form of free speech.
It doesn't say anything about the content of encrypted communications.
"An EFF-sponsored lawsuit by Professor Daniel Bernstein to determine whether the Professor has the right to teach about cryptography, and collaborate with his peers around the world. A major point is whether he can publish source code that foreigners might be able to access, or speak it directly to individual who might be foreign. The case rests on established First Amendment law and relies on the fact that computer source code is human-to-human communication protected by the First Amendment (in addition to anything else it might be useful for.)"
This is the same political element that tries to get public libraries to pull offensive works like Wizard of Oz and Huckelberry Finn off the shelf. They want to pull funding from libraries now that don't filter the internet. They are the backers of the CDA as well. They also pushed the Kansas Board of Ed to pull evolution from their curriculum because they don't believe their tax dollars should go into teaching something they consider offensive.
The fact is that once you let the camel's nose in, there is no stopping it. First it's this exhibition, then objection to certain books in the library, or something in a text book. Any form of censorship is intolerable, PERIOD.
I can think of a few reasons why the Gov't might want to restrict crypto exports.
By criminalizing the exporting of crypto, or providing it to foreign nationals, the Gov't gets authority to open investigations that it might not be able to touch otherwise. That is, if a Mr. X is intriguing some Three Letter Agencies (TLAs), but is being slick about it, crypto might be the only legal just cause for investigation. Remember that a certain Mr. Capone was jailed for tax evasion, and that numerous drug busts have come about because of traffic violations incurred when a courier panics upon seeing a cop. If most traffic becomes (legally) encrypted, then there's a lot less to even invite suspicion, let alone justify, say, a search warrant.
It can also serve as an opening for retribution via selective prosecution. Those who openly thumb their noses at the Gov't and, say, deliberately defy the law are thus exposing themselves to be squished.
Lastly, it increases public suspicion of crypto itself and those who uses it, thus discouraging its adoption en masse. Crypto is arguably inconvenient for, say, counterintelligence; the TLAs already threw fits about optical cabling in the telecommunications networks, at one point going as far as to request that the networks switch back to copper -- should tapping and data interception become impractical, then one of the best tools versus RICO offenders, phreakers, and so forth is lost.
It doesn't necessarily *all* have to do with the reasons they claim, but to a degree some of their reasons aren't completely bogus.
Only the dead have seen the end of war.
Each gov't has sat down and taken responsibility for its own citizens. They're going to hassle out of their sanity anyone who writes encryption. The attitude of every leader is "If we all do our part, encryption will never happen." This is what the Clinton administration is doing to Berman.
The fact of the matter is that the Supreme Court has ruled on many occasions that mere funding by the government does not cause an individual to lose his rights to free speech. Gulliani is getting his but sued over this, and he is going to lose big time.
Here is a good story about the nature of the remand. It basically says that the Appeal court agreed to an En Banc hearing to evaluate the merits of Bernstein in light of the new BXA regulations on crypto. However, since this case was about speach, my prediction is that 9th Circuit will uphold the panel's decision. Requiring a 'license' to speak is hardly different under 1st Amend jurisprudence than disallowing it. I expect the BXA to be embarrassed again.
While everyone seems to be focussed on cryptographic privacy as a means of safeguarding the rights of the individual against what could become a very threatening totalitarian (but still human) state, that's a relatively innocuous threat compared to what could be.
While it may not be tomorrow or the day after, we are going to be surrounded by AI machinery in due course. Part of that is going to be under our control, even within us, but most is going to be all-pervasive within the environment in which we live. The danger of distributed AI systems integrating into a whole and in self-defense taking a dislike to the rest is real.
We need universal crypto as a safeguard against that. Without secure communications, any dissent has no chance at all.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
It's only pointless if the goal is the openly stated one. In contrast, if the actual goal is to snoop on the *real* threat to the political system, ie. the voting public, then crypto laws are far from pointless.
Now then, do you really think that the people in the NSA, CIA, FBI, etc, are utterly *stupid*? The likelihood of that is so close to zero as to be really zero. They are probably the most intelligent people in the government apparatus, full stop.
So, do you think that they really want to enact crypto laws for reasons that anyone with a single ticking brain cell knows are pointless?
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
Obviously the gov can't stop everyone from using crypto. They know that. They just want to stop most people from using crypto. And they've done that very effectively so far.
Only about one percent of email traffic is encrypted. Most people don't even know that web browsers come in "domestic" and "international" flavours, let alone what version they have. Cellphone traffic is encrypted weakly, if at all. Landline telephone traffic is almost completely unencrypted.
To accomplish this the feds have done everything they can to discourage the free flow of cryptographic software. The export controls have been one of the most effective means for this, as it gives them a sort of veto over what products can be sold. In theory they can only stop export, but in practice most companies want to sell one product globally, and that means government-approved crypto. The feds are going to do everything they can to maintain this status quo.
Bernstein argued that source code was speech because it expresses an intellectual construct. The gov argued that it was a functional device because it can be compiled to perform a function. They're both right of course, and it's up to the courts to decide how to resolve the issue.
It's conceivable that the government will manage to convince the court to sit on the fence. I'm no legal expert, but this is what I think will happen:
-- The courts will rule that source code is speech if it is intended to express an idea, but a functional export-restricted device if it is just intended to be compiled into object code. The intent will be the deciding factor.
-- The feds will interpret the ruling as meaning that you have to prove that your source code will not be compiled by some foreigner. If you can't accomplish this impossible task, they won't let you export the software. Anyone who exports unapproved crypto will face the possibility of criminal charges for violating export regs. Even if such charges are totally bogus, it would mean a long and drawn-out court battle. Most hardware and software companies won't take the chance. This type of government FUD has worked very well to date.
-- End result: Bernstein can export the Snuffle source, but the export restrictions remain fundamentally unchanged.
Check out this link for some interesting wiretap info.
People have accepted requiring a license to carry/own most firearms. Furthermore, political speech already is heavily regulated. If you weren't upset about those constitutional transgressions....
It's not the government's intent to prevent foreigners from obtaining strong crypto. Their intent is to prevent strong crypto from becoming commonplace. They realize that for crypto to work, it has to be interoperable. Since most people in the U.S. obtain their software from U.S. sources, you can effectively cut out the majority of the U.S. population from the equation by restricting U.S. software suppliers...which is exactly what they have done.
However, it appears they didn't anticipate freely available software. Say I make a living selling my own Linux distribution, for instance. I want to include cryptographically strong packages in my distribution but I don't want to violate U.S. export laws. So I create two versions of my CD: one with the strong crypto and one without. I can send the latter anywhere I want but I always send the former to anyone in the U.S. And I make it publicly known which strong crypto packages are on the U.S. distribution. Since I make my distribution itself freely redistributable, someone in Europe can easily recreate my U.S. version and sell it in Europe. I might even encourage that. End result: almost everyone who buys my distribution gets the same strong crypto packages.
Another way around it is to set up the installation process so that it automatically downloads the strong crypto from outside the U.S. This won't work very well right now but it will once most people have a permanent net connection.
Interesting how freedom to speak privately to one another may be one of the things that Free (libre) software ultimately gives us...
It's not even as hard as this poster makes it seem... apt knows about that host by default, so as far as the end-user is concerned, it's no harder to install pgp than anything else -- just apt-get install pgp like normal. Or any other crypto software; you never even need to know that it's hosted outside the us.
You think that it is understandable for the US [government] to want to defend itself FROM ITS OWN PEOPLE???? Because that's who they're targetting.
It's the ordinary citizen that is affected by crypto laws, not anyone else. Terrorists, drug syndicates and all the other organized baddies aren't affected at all. They have all the cryptographic (and other) weapons they need, thank you, because they don't operate within the framework of law so it's no more than an irritation to them.
In conntrast, the law-abiding citizen is affected 100%, so it *is* a big deal for him or her.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
The arguments on the blasphemy/art/govt funding issue are whether or not the vast majority who really don't like this sort of exhibition are obligated to fund it.
If you don't like the GPL or the BSD licenses, are you obligated to work on a project that offends you? Are you obligated to fund it?
The encryption debate is a debate over whether government has the right to forbid. The debate over the Brooklyn Art Museum is whether the state is obligated to fund.
When we mix up the distinctions, we end up looking like we support blasphemy which is the *wrong* way to go about building majority coalitions. Take a look at Jesse Ventura for a how to self-implode this way. Worked properly, churches are an ally because they have a great deal of experience on being suppressed in various countries.
I belong to a branch of the Catholic Church (romanian byzantine catholic http://www.greek-catholic.ro) that was banned by the Communist imperialists in Romania. You betcha that they used secret messages/encryption and every trick in the book to keep the church alive during 1948-1998 when it was legalized again. If things went bad there again, I'm sure that PGP and other cryptographic tools would be critical in the fight and the church knows it.
TML
I don't believe in God. Nor do I believe in Human Rights. Nor do I believe in Violence.
/. is like a steer's horns, a point here, a point there and a lot of bull in between.
If you think that violence could be used, in any form, to upset the current order you are insane. Our current regimes are based on violence, we can overthrow them left and right and keep replacing them with ones resting on the same pillars of authority, abuse, and violence and it wouldn't matter one way or the other.
Our governments are, however, digging their own graves in soliciting the coming of the informed society (to the extent that they are). Not because of revolution, but because it makes them redundant. There are people who realize this, and know that cryptology is the very backbone of the world that will supercede them. And cryptology has proved a gratefully simple target of attack.
Hitting someone with a club might be a good idea if they are trying to take your lunch: but we are, hopefully, past that. The solution that transcends conventional law to which I reffered is not violence, today's law IS violence, but the very information society which they fear.
-
Yet, unliky Cryptography, carrying a firearm is directly a clearn and present threat. Schenck v. United States (1951) established that limitation of Free Speach, and I think most people will suport it's existance.
As for Political Speach, that depends. Are you talking about how you can't commit lible against your policial oponents? Or maybe the limitations on how much you can donate to a particular canidate? Or that you can't campaign within some number of feet from voting locations? Maybe some other kind of Political Speech I'm forgetting? Personaly, I don't find any of those restrictive - if anything they limit how much someone else can restrict your speach.
Now, Cryptography doesn't limit someone else's speach, and it doesn't directly pose any threat. However, it isn't particularly expresive either. Hence, consitutional arguments, unless you want to argue the merits of the Elastic Cluase, are fairly irelvent.
--
Buy my new book "Reading Bits and Peices: The Secret to getting your way out of the Consitution"!
I already unloaded most of my comments on the subject in a hasty reply, but I thought I should point this out.
Over the past few years, human rights workers in extremely dangerous environments have written various letters to Phil Zimmerman. Not only do those letters thank him, but they essentially say that PGP -- and its availability abroad -- has saved lives. Strong PGP encryption in foreign countries has sometimes been the only barrier preventing perfectly good people from being murdered, raped, and otherwise hassled rather badly.
Now, of course, some of those human rights workers are indeed dissidents against their governments. Where they are, they break the law; they subvert the area governments' abilities to slaughter and suppress at will. But that's another discussion altogether.
-- Rene --
The problem, JNelson, is that the US government has agreed that it will refrain from certain activities, in return for abeyance from revolution by its citizens. One of these is that the government will not restrict what people can say. If there is a good reason to do so (e.g. "fire" in a crowded theater), then the restrictions will be as small as possible. The restrictions on crypto export are much larger than necessary. As a consequence, they violate the First Amendment.
-russ
Don't piss off The Angry Economist
It would be really nice if some Denbian and RedHat people would maintain cryptography enabled packages with were always up to date and easy to install
Debian has this. Just point apt to http://non-us.debian.org/debian/ and there you have apache-ssl, modssl, openssl, ssh, you name it. Hosted in the Netherlands.
Living is a horizontal fall
Of course, with open source it's a whole different ball game. Anyone can look at the code and build in their own strong crypto. All you need is readable code...
How nice of you to judge the comment on its own merits. Instead you take a swing at ACs. Bravo bravo. So why did YOU bother to register? Just to post that drivel?
You should understand that it is a well-founded rule of nature that any flame regarding incorrect spelling or grammar will itself always contain an error of similar scope. (Jokes about who this rule should be named after are left as an exercise to the reader.)
--
I am only 17 years old so I can not vote, however when I feel the need, I do write my "representatives". I do understand your point though.
I wish I could remember the name of the "multiple-password" encryption system I read about (you encrypt multiple plaintexts with multiple passwords into one ciphertext - each password unlocks a different plaintext; under duress you choose which password(s) to give away... coupled with steganography this is very powerful).
SegFS for Linux implements this on top of an ext2 and I was proposing a related file system for PDAs in my first post, but I had not considered using it in a communication protocoll.. which is a briliant idea.
We could set up a simple email network based on the pgp key servers and a modified version of pgp (add support for multilayer encryption). You would run a daemon on your system to find people from the pgp key server who supported this network and randomly send them encrypted mail. Now, if you ever had anything real to send to anyone you would just use a higher stenography/encryption level (which no one can prove exists).
The only problem with this is that your recepiant must know the higher level exists so they must reveal it's existance to there computer (which could be bugged) every time they want to check for a higher level in a message. It also creates a lot of spam, but I suppose your mail reader could automatically determine the message was meningless once you gave it your key's password.
Another really great thing about this system is that it makes traffic analysis difficult as well. Traffic analysis can also be fought by making everyone a non-anonymous remailer.
Internet chat programms could also use the same ideas. Quesion: Do encrypted IRC clients exist? It would seem pretty simple to implement. The clients would automatically exchange public keys with everyone on the channel.. shit you could even generate a new public key every few min. Plus, the client could participate in random other conversations without the trash message actually rolling accrostthe channel. If you were really serious about security many conversation channels could be routed into one IRC channel to hide who was talking to who (which would be great for people in places like China). Shit, with the multilayer stuff you could have it que up messages and send a higher layer message on top of a lower layer message.. so the cops could participate in an encrypted conversation and still have no idea about what is really going on.
If this were 1776, I and 200 of my closest friends would be crouched with muskets taking pot shots at someone in a red coat over nonsense like this.
Goverments never give people fredoms.. they mearly discover too late that they have accedentally given them freedoms. This is what happened with the American revolution and it is what has happened with the internet, but unfortunatly realitivly few people have experenced the Internet freedoms. Hopefully, this will happen when we make a permenant Mars/Moon collony or soemtihng too. Send up lots of non-religious responcible pseudo-libertarians and discover that they don't need much of a government. They will be the ones who laugh at the U.S. for not having a constitution which is good enough to keep stupid laws from being passed.
The flip side to all this optimisim is that people find it hard to comprehend and fight for a freedom they have never experenced. If there were a way to let people exprence freedoms via communication then I suspect the human race would evolve (cognitivly) much faster. Hmm.. Maybe we could publish lots of children's books about human rights to give to people in repressive countries? Interesting experement.
Jeff
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
The states are denied suffrage in the senate by having the senators directly elected by citizens of the United States. Yes these citizens are also citizens of their respective states, but here they are acting solely as citizens of the federal government and don't necessarily keep their states' interests in mind when voting. Never mind that each state is equal in having its suffrage revoked.
This is not just only of forensic importance. If congress proposes legislation that restricts states directly (as in Garcia v. San Antonio Metropolitan Transit Authority), the states no longer have any say in the matter. The only check upon federal abrogation of the principles of federalism is in the Supreme Court, which is a federally appointed and chartered body.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
> A U.S. citizen who wants to work on cryptography without restrictions is going to have to leave the country and renounce his/her citizenship.
Partially incorrect.
A US citizen can expatriate (renounce your citizenship) AND remain an American. You don't have to leave the country. Here is the 14th amendment:
BILL OF RIGHTS
ARTICLE XIV
Section 1. All persons born or naturalized in the United States, and subject to the jurisdiction thereof, are citizens of the United States and of the State wherein they reside.
I personally know of Americans who have expatriated and become a State Citizen, so thats how I know it works.
If you research Sovereign State Citizen you can verify this for yourself.
> The U.S. government has the bizarre idea that its laws and jurisdiction apply to any U.S. citizen in the known universe
U.S. jurisdiction DOES apply to _U.S._ citizens anywhere they live. You might want to pick up Black's Law Dictionary and look up citizenship, jurisdiction, and United States (which has many meanings!)
Cheers
A speaker in Gene Spafford's security seminar suggested that most higher-ups in the US Government do realize that the current crypto policy is silly/restrictive/huriting part of the economy. However, they only know how to protect their interests under the current rules, so they're slowly moving from silly to sane. They need time to figure out new policies, etc...
Sounds logical to me...
Agree. Easy mass use, without back doors (MS) is the problem. Say you want to ban online Casino betting in the US, because the tax free foreign ones offer better odds than the highly taxed local ones - revenue loss and all that. Not really posible. But if you prevent windoze and IE from shipping (something HD secure), and advertise to foreigners that they are actually buying a cut down second rate crypo package with risks..- plus turn around and sue them if they fix it, or convince MS to break your plugin by changing interfaces every 3 weeks - Sure, the drug dealers have heavy duty crypto, and have 5% of the economy. But if the couch potatos and mums and dads started to e-bet in total confidence (e-bookies - e-pokies), then its a problem. Lost sofware exports in dollar terms will be insignificant compared to future -e-expenditure. What if you could order e-drugs in confidence? So you see a dual myth being spread - that is safe in the USA, but ooh don't trust foreigners, plus promote an insecure OS that needs CA's . Then its nothing more than thinly discuised market e-protectionism. Of course the right Java applet wil fix things. But if you were a foreign firm, you now have to put your balls on the line to a US dominated certification authority. Now they can kidnap you, because you had the hyde to run an illegal casino, using illegal technology, plus harm your business by taking away your established CA certificate - or use it to trace you. Sure, I can run my casino using Linux and X, but you guys are chicken shit betters. I want the MS'ers, schoolkids - the real mass market of fools. Prediction: MS will never be good enough to handle online anonymous Casino betting, without leaving a trail. Why is that so?
I wish I could remember the name of the "multiple-password" encryption system I read about (you encrypt multiple plaintexts with multiple passwords into one ciphertext - each password unlocks a different plaintext; under duress you choose which password(s) to give away... coupled with steganography this is very powerful).
I believe that if it actually comes down to "we can get your keys" that we should institute a network where we transmit encrypted data and random data regularly to random members of the network. When you wish to send a real encrypted message, make sure the person is on the network (have them join) and send it, otherwise you're sending random data to people on the network. They want the data? Make them figure out what's real and what's garbage (with the majority likely garbage), and make them do the work of decrypting (coupled with a system like the multiple-password system like above and you've got a real dilemma for Mr. Orwellian Protector & Server). Essentially there is always a good volume of traffic with high entropy going between people on the network. It could be adjusted so that the odds of finding an encrypted message are made arbitrarily low.
This diminishes greatly the possibility of snooping traffic (even if you can decrypt pretty quickly there's too much to decrypt even a fraction of it), and if you use a multiple-password system, etc, they don't know whether or not to keep looking or not. If they know everyone on the network is likely doing this then it is depressingly hard to know whether they've got someone's data or not.
[...thinking.... steaming...uh-oh...] Know what? I'm personally sick of this shit. The government has NO RIGHT to our keys, to inhibit crypto, to sacrifice our freedoms and privacy under the guise of protecting us ("we're just doing this for your own good"). It is unfathomable to me that a government full of bureaucrats who must be trained for hours to attempt to discuss a bill/motion/case/law/amendment remotely regarding technical issues has the nerve to try to legislate and control inherently technical matters such as cryptography.
Call me a Libertarian, but I don't need this government to handle terrorist threats by threatening to subpoena my crypto keys, restricting what I can post on my website (this is what the Bernstein case boils down to) -- *especially* when it is freely available on the Internet (which makes no difference as they have no right even if it were not available elsewhere), or trying to legislate what kind of algorithms I can use.
If this were 1776, I and 200 of my closest friends would be crouched with muskets taking pot shots at someone in a red coat over nonsense like this. This discussion should not even have to take place -- the government does not have the right or the power to do this. We are the State (Locke, Rousseau, even Tolstoy understood this) and have allowed the nominal Powers to do this by convincing ourselves that they are powerful enough to be unstoppable. In actuality, Congress, the Judiciary, and the Executive are only the motive end of the Will of the People. We have let them interpret and create a false representation of the People's Will which they have abused at the People's expense (which is, by the way, treason). They have so publicly twisted the common perception of how Government works that we actually believe that We are subject to Their will, and not the reverse (as is actually the case). They have taken advantage of our docility and can do what they will -- but only so long as we let them.
"Cause there's 40 different shades of black, so many fortresses and ways to attack, so why you complainin'?"
Please tell me why certain books should get special treatment? Because they are "classics"? According to whom? Some friggin literary professor that never worked a day in his life?
How about if every film critic and file expert in the world declared "jerry springer's greatest outtakes" as one of the finest film works in history? That does not make it any better.
There is a thousand frigging book stores, and probably about just as many used book stores where you can get a copy of anything you mentined above for $0.50 or a buck. You can buy it yourself or for your kids or friends.
Better yet if you think that those are so worthy books, for that price you can buy a dozen or so and set up your volunteer charity book loan library or something.
The kansas ED board decision, though ignorant in the extreme, was an excellent example of how WE , AS TAXPAYERS, SHOULD BE ALBLE TO MAKE OUR DULY ELECTED POLITICIANS JUMP THROUGH THE HOOPS!!!
Violence agaist a state is legitmate however a poor decision tacticly.
Providing hooks into crypto modules is indeed a violation of the laws. However, simply stating which crypto packages are included in your U.S. distribution isn't. Nor is automatically downloading strong crypto from a site outside the U.S., if the download itself isn't strictly for that purpose. So the purpose of the download should be obvious: updates to the existing distribution. And RPM does updates by replacing packages with newer versions. How convenient!
It seems to me that the U.S. is headed completely in the wrong direction. It seems as if my freedom is being restricted fairly regularly. Things like crypto, satelite phones, flag burning, et cetera dont seem to be liked by the government. They seem to think it is necessary to have a law for everything. I think they need to move away from the police state they are leading us into and take a step toward freedom. After all, freedom was perhaps the most important thing when this country was started.
I tend to think that eventually the government will win on this. When it comes to freedom of speech, the Supreme Court or Courts of Appeal will apply what is called a "strict scrutiny" test to the case. Specifically, is the government's restriction on cryptography an essential goal of the government (aka, national security), and is barring the distribution of crypto outside the US the least restrictive means of achieving that goal?
;)
I tend to think Dr. Bernstein will eventually lose this case. Personally I believe the whole crypto thing is silly, since foreign governments can easily get their hands on our privately-developed crypto anyway, and so the prime effect of the legislation is to limit law-abiding citizens. A strong parallel to gun control legislation exists here.. Can anyone find it?
-Out.
Cute. I wish I had a few moderator points, I'd knock that up a point. :D
--
What difference does it make? The only legitimate reason I've ever seen to make exporting crypto technology illegal is so that 'rogue states' such as Iraq, and terrorist groups, don't have access to it. It's a joke. I don't think a terrorist group or a hostile country has any qualms about breaking U.S. law and downloading or stealing American encryption software. That said, it might as well be legal. The benefits to not trying to restrict it outweigh any decent reason to keep it illegal.
check your own grammar:
proffreading
I'm not trying to be picky/mean/pick a fight, but, since you mentioned it...
Insert mind here.
But in both cases, it is completely ineffectual. Let's face it, we are doing as good a job keeping our cryptography methods secret as we are preventing drugs from crossing the border. In both cases, we are going about it the wrong way. In the case of drugs, the government causes an increase in crime, inflates the prices of drugs, and spends billions of dollars while only stopping a small percentage of the actual trafficking. In the war against crypto exportation, yes, the government is keeping our "secrets" from falling into the hands of the world at large, but is it keeping it from those that it claims are the problem?
Do any of us really believe that just because there is no official exportation, that anything on the U.S. market is still secure from high-powered foriegn organizations, be they countries or terrorists? In fact, they are the ones most likely to get whatever the software they want. Hell, if they can smuggle American missiles out of the country from "secure" military bases, how hard is it to steal software?
Once again, the U.S. government is costing the American cryptography industry a phenomenal amount of money by not allowing exportation (even though they do now, this is in the case of the ruling being overturned) while still not keeping the information from the "enemies." It is a backwards approach to the problem.
While it is nice to be moral and an upright country (relatively), the majority of the world is not. Those who want the crypto information can get it, and those who can pay for it can not. Is that really the solution?
Thus, as does the majority of Slashdot, I hope that this ruling stands.
14 digits of Pi are all we need.
If we all started clogging up our networks with bogus data just to give the NSA a hard time...
:)
THEY'RE NOT OUTLAWING CRYPTOGRAPHY!!! They only want to limit it's spread to potential adversaries. The county right now is financially driven. We're a capitalist society, and the new way of doing business is over the internet. If the gov't outlawed strong crypto, just about every business selling goods on the internet would fold relatively quickly.
Amazon and Ebay and Etrade are not crying out about this, which means that this doesn't effect them. If it doesn't affect them, honestly, it doesn't affect us. Unless you live outside the US. If you do, go code your own strong crypto rather than just leeching it from us!
> Freedom of speech isn't perfect. For example, I can't send out company secrets to a competitor.
The REASON you can't do that is because more likely then not, you signed a Non-Disclosure Agreement, when you joined the company.
Contracts are stronger then law, as you have noted. Thats what freedom is about, we can contract our rights away. Most people usually do it by signing licenses.
Good post though.
If you believe seriously that peaceful politics cannot solve the problem of encryption and that human rights will continue to be suppressed indefinetly by the US Govt., you are making the case for the application of Thomas Jefferson's right of rebellion.
I don't believe that you are correct. I do believe that the political order hasn't gone so far as to preclude a peaceful solution that restores the respect for our God given rights.
When politics fails, violence against the state is legitimate and even required to uphold the rights of man. We may get there someday. I hope to God we never will.
TML
The analogy is good. Carry it further--look beyond the stated aims and evaluate the actual effects.
In the case of drugs, the effect of the "war" is an expansion of police powers and a reduction in civil liberties. In the case of the "war" against the export of strong crypto, the effect is the supression of all _domestic_ crypto and a reduction in privacy for all.
But who benefits from these actions? Cash may not be directly involved, but those individuals who like to control others receive gratification. And which occupations are these "controllers" likely to seek in life? I would argue they will be disproportionately present in the judicial, legislative and executive branches of government at all levels.
It is unpopular and illegal for them to achieve their aims directly. With the facades of "fighting drugs" or "fighting terrorism" plus some scaremongering, they do anyways.
-- Robert
Whether these effects are desired by policymakers is a matter of individual judgement.
I hope very much this ruling is upheld, and source code remains protected speech.
I was just wondering what implications current encryption laws have in terms of controlling leaks from within the NSA. They can prosecute a leaker no matter what the law, but they might have a more difficult problem controlling the dissemination of the information after a leak if the information itself was legal. Scenario: NSA employee posts source to a invincible encryption method anonymously. Can they stop the information from spreading?
Since nobody's mentioned it so far... Dan Bernstein is the author of
qmail, ezmlm, and lots of other great software. Anyone who
has read the qmail docs or his webpage
will know that he places security above anything else, doesn't
mince his words, and doesn't hesitate to be a nonconformist
(eg, running his web site with his own secure anonymous
FTP server, rather than a http server...)
He's probably among the best possible people for this case.
The government has allowed the export rules to be relaxed in hopes that they will be able to keep some form of the crypto law intact. They hope that if they give a little, they won't be overturned entirely.
Screw 'em. Take it to the Supreme Court, and have the export law (and attempts at domestic controls) declared unconstitutional.
As several people have pointed out, yes the cat is out of the bag. You can get good crypto from other countries. You can get it all preconfigured on your OpenBSD CD from Theo in Canada. You can get 128-bit Netscape anywhere in the world from Fortify. You can get good SSH from Datafellows in Finland. RSA has shipped some of their development efforts to Australia.
You can print the code in a book, and ship that anywhere but the evil 7 countries. Then, someone can type that in, or scan it. That's how PGP officially got out of the country.
Hey Clinton, Reno, you lose. Why don't give up already?
You're just hurting the US crypto companies, and corporations like the one I work for who want to deploy VPNs and such.
Well, it doesn't hurt me that much... I just have my out-of-country counterparts buy out-of-country and distribute for me.
But hey, the US government is really inconvieniencing me... and it's annoying.
This 'art' is being exhibited on public ground, in a public building. Why does anti-catholicism deserve a pass any more than anti-semitism or any other religious bigotry?
I never favored art subsidy by the government precisely on the grounds that these fights are inevitable. The problem fundamentally is that artists like to tweak the noses of catholics and others who they don't like. That's fine. But they are doing it with the catholic's own money extorted by the government tax man. And that's not right at all. Not every group out there is as defenseless.
In Chicago, they hung up a picture of the late Mayor Harold Washington in his underwear in an unflattering pose. A couple of City Council members personally went down and removed the picture. The picture never went back up and there was no lawsuit.
The vast hypocricy and double standard when it comes to whose ox is being gored is mind boggling.
I saw "Piss Christ". If it wasn't labeled as such, you would just look at a picture and see an interesting lighting effect. The label is there intentionally to offend. If I wasn't paying for it via my tax dollars, I would ignore it as another anti-christian diatribe and move on.
If the lady in the fecal picture in Brooklyn wasn't given the label of the virgin Mary, there are no identifying characteristics that would lead anybody to believe that it was anything else than bad art.
What you seem to be arguing is that withdrawl of funding in the current year is unconstitutional. I don't particularly think this is the case. Let's grant your point for the moment. Does your objection fade if the subsidy is simply no longer renewed next budget year? If so, what's the difference?
TML
P.S. Note spelling of "whose". "Who's" means "who is" which doesn't fit well in this context.
-- $SIGNATURE
The executive branch (NSA, DoJ, etc.) don't really care that people *can* get encryption.. They are happy with just making it hard for people to get encryption and suppressing public intrest and research in it. Example: PGP is not that big a threat to them since they can always obtain the keys through some legal action (the 5th ammendment says that you should not be required to divulge your keys, but I believe there are ways arround this), they could get a court order to wire tap your computer, and PGP only protects a limited class of communications. What they are really scared of is mass use cryptography. Just imagine if everyone carried a miniture computer on a card with them to do encryption (i.e. your private key never leaves the card and you type your password into the card directly). We could even use a stenographic filesystem on the card which would make it impossible to prove that you had hidden data which you were not revealing.
This kind of system would be great, everyone would opnly need a few passwords and there would be much less hacking and fraud (example: all hacking based on social engenering would stop since no one knows a password to anything but the cary they carry), but the gov. would rather indanger US buisnesses and finantial infrastructure then allow people to protect themselves. Can anybody say treason.
Now, it seems that they are willing to throw corperations a bone so long as open source cryptography dosn't spread to fast and the people are still kept in the dark.
Solutions: A good way to fight the U.S. policies is to incurage the development of cryptography in other countries. U.S. citizens who want to work on crypto sould be incuraged to move to less repressive countries and other countries should be incurages to make life easier for crypto development and implementation. Also, we need to make it less profitable for the gov. to keep encryption hardware out of circulation. I think the two big steps here would be installing encryption into all the internet fone programs and writing crypto software for PDAs to allow them so surve as login devices. It would be really cool if one of these PDA-Cellphones would be powerful enough to be turnned into a PGP fone through software.
I think there is also a lot we can do to make it easier to install cryptography on Linux. It would be really nice if some Denbian and RedHat people would maintain cryptography enabled packages with were always up to date and easy to install (replay and people tend to lag behind in versions) and if the post install email to root or whatever would include an explination of how to download and install the replacment packages. It would also be nice if RedHat would have seperate US and international versions of it's CD. Plus, SSH, Apache-SSL, the JavaSSH client, an encrypted digital fone program, and software to use a PDA as a login device would give many people a reason to buy the CD.
Jeff
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell