Slashdot Mirror
Bernstein Back in Court
William Tanksley send us the story that Bernstein, who's case against the United States resulted in a three judge panel over-turning the US laws regarding exportation of cryptography software. At the request of the DOJ, a full Court of Appeals will rehear the case. Here's to hoping that the full court follows the advice of the panel.
The point of the crypto export laws is to prevent crypto fromm becoming something that we all have, without having to go to the effort to find it on the net and install it. As long as the US government continutes to be a pain in the arse to anyone who wants to make privacy a standard feature of operating systems and communications software, then *most* communications will continue to be sent in the clear. The REAL purpose of prohibiting strong crypto, is to make it easier for governments to commit crimes against law-abiding citizens. -jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Exactly what is the United States government trying to accomplish here? Pro-active crime prevention by outlawing these "criminal tools?" We already learned this lesson from gun control, the bad guys have the crypto anyway. In a peverse sense, the government will settle for as many "law abiding" citizens as possible to march off like lemmings to a totalitarian future.
As I mentioned earlier, data sitting around on your hard drive is harmful to no one, so why does the society at large need to look at it? Putting data on one's hard drive beyond the purview of society stands as a check for the individual against society at large. I didn't touch upon freedom of speech with respect to cryptography, which I will do now.
Freedom of speech isn't perfect. For example, I can't send out company secrets to a competitor. Where does cryptography fit in? While cryptography may be used in the capacity of exchanging trade secrets, it doesn't address the fact that sooner or later the competing company is going to release a product based on those services, and enough evidence will be available to track down those resposible, cryptography or not.
In spite of the government's paranoia, cryptography, as used in criminal activities, is really only a small element. For every "actual" crime (read: not thought crimes) there will be plenty of physical evidence for forensic wizards to ascertain not only the identity of the suspects but also the last time they wet their beds.
In a nutshell, an individual's ability to deploy encryption is more important than the off chance that some real crime goes unsolved due to lack of other evidence.
I've visited police states. Chile under the early years of Pinochet. The cops on the corner have uzis and there is no radio station except the government station and there is a 1 AM curfew which is enforced by the military going up and down the streets with jeeps and APC's with 50 caliber machine guns mounted on the back. If your wife goes into labor at 2 AM you have to call the military to come get her but they usually don't come. If you try to drive her to the hospital yourself they will shoot you. This actually happened while I was there.
/. complain a lot about the government, but they also fit the profile of the most politically apathetic segment of the US, Gen X & Y. If you lose what Jefferson and the other founders built IT IS YOUR FAULT.
By the way, this government was put into power by the CIA under the instructions of R. Nixon.
The price of freedom is eternal vigilance. If you don't like what the government is doing let you elected representatives know about it. Support organizations like the ACLU. Watch the voting record of the people you elect. The people on
Last year I worked for a congressional campaign to unseat a radical conservative who had voted for 8 constitutional amendments during his term. These amendments included a ban on flag buring, a ban on abortion even if cases of rape incest or if the mother's life was threatened, and a override on the school prayer issue. In my opinion this was a totally outrageous assault on the fundamental rights of all Americans.
DO YOU KNOW WHAT YOUR CONGRESSMAN IS VOTING FOR?? Do you check his voting record??? DO you let him know about issues like the crypto problem?
They can simply subdue you if you refuse the warrant - but what are they gonna do to your computer? Inject it with truth serum? Ha! Good luck. It'll be a long, long time before the government can crack the security I have available at my fingertips right now.
Personally, I've given up on law enforcement - they've made too many mistakes for me to trust them to "serve and protect" anymore. I have decided that I will not cooperate with government or law in any fashion until they can prove (to MY satisfaction) their motives and intent. They're simply too untrustworthy - I would trust a bum on a street corner more readily than our so-called justice system.
It's a sad state of affairs - and the only long-term solution I can see is to return the power to the average citizen, rather than allow a corrupt few to share it amongst themselves. We need to bring back the right to bear arms, we need to create a public-review (NOT peer review) system that officers are subject to, and we need them to be tried for their crimes. In short, we need accountability. And privacy would be nice too.
--
Imagine if one in ten people crossing the mexican border decided to put little baggies of sugar in their car. Can you imagine the overhead required to seperate the 'fakes' from the real mccoy? It'd be astronomical! If only 1:1000 people actually transported drugs across the boarder, that would mean that only 1% of the people they searched would actually yield *real* drugs. The other 99% is a waste, so you increase the cost per search DRAMATICALLY. You get the idea - and if they decide to outlaw sugar-exportation out of the country, that's gonna piss off alot of sugar businesses. Or oregano exporters for that matter. :)
My point here is that if you make it sufficiently difficult to distinguish the real from the fake... a simple cost-benefit analysis yields that it is an ineffective way to prevent the problem. In effect, simply keep raising the stakes until they can no longer justify the expenditures being made to catch the few 'real' crypto users. Imagine if 30% of your tax dollars went to catch ~130 crypto users each year. Would you stand for it? Hell no!
--
I wouldn't put my hopes about a solution for to the crypto issue from this process: it just won't happen. The american regime has decided to show its true face in this issue, and will continue to fight this freedom no matter what the court decides.
/. is like a steer's horns, a point here, a point there and a lot of bull in between.
Victory in the crypto battle can not, and will not, come through traditional law.
However, the more frightening issue here is what this court is actually supposed to decide, namely, what is speech? Current human rights of free speech come from an age when speech WAS information, and information WAS speech. But, because technology has evolved to the point where most communication is machine to machine, we have (thanks to our unenlightened leadership) gotten a double standard where some information produced by humans is speech, and some is not.
So now They are trying to decide whether the form of information we call source code should be protected as speech. To those of us whose thoughts are often recorded as source code rather than speech or text, the fact that this should ever be in doubt about this seems horribly prejudice. I wonder if a single of the judges in that court has ever written a line of code or has ANY insight on the amount of creativity inherant to programming.
Actually I don't wonder. I'm pretty sure I know the answer.
And of course it goes further. If source code is speech, tell me why machine code is not? Is it because its doubtful that I be able to find any meaning in machine code myself? Then exactly what are the standards by which information attains "meaning" enough to be speech? Could I have them on paper so I know for the future?
-
The problem with these laws is that they assume that nobody else in the whole world could create good crypto stuff. I could almost understand a law that said "if its not available anywhere else in the world at this bit-level (or something like that), then you can't export it", but that's not the case these days.
Instead we're forced to use older (easily crackable) algorithms in software distributions because we don't want to offend Big Brother^W^Wthe NSA.
Crypto is outlawed. Given the current state of law enforcement, I don't really think we have anything to worry about - they can't even keep track of the script kiddies right now. Later on, provided they do get their act together, anybody wishing to practice civil disobedience can send "look-alike" PGP messages. Just cat the output of /dev/urandom to uuencode, strip off some of the header and footer info, and put "-- BEGIN PGP SIGNED MESSAGE --" at the top of yours. Looks authentic.. but it isn't crypto.
Here's the other problem with outlawing crypto - do 'ya think the DoJ is gonna convince the 230 some odd countries around the world to agree with them and do the same? Not likely. So all you need to do is route network traffic through one of the countries that DOES allow crypto.
Let's assume now they DO allow crypto. US companies rejoyce, e-commerce in this country gets a shot in the arm, and the stock market people are happy. Do 'ya think the DoJ is stupid enough not to realize they're gonna piss off *ALOT* of companies and investors by outlawing cryptography? Yeah.. my thoughts exactly.
--
Foo Blargle Me Noitzen!
What did I just say? It could have been non-sense... or it could have been a one-time cipher I'm using between me and a friend of mine to tell him I want his mp3 collection.
If you outlaw crypto.. the crypto experts will simply design a new system that doesn't *look* like crypto. Steganography(sp?) anyone? No officer, that REALLY IS a jpeg of pamela lee I posted to my friend... it REALLY DOESN'T contain the nuke codes for all the missle installations in North Dakota. :^)
The way I see it - this'll turn into another 'war on drugs' - with the only losers being the common citizen. We'll lose what (very little) civil rights we have remaining.. and will have gained nothing for it.
--
you're talking about Rudy Guliani and organized religion. You really can't expect much in the name of freedom from these two.
/world. You want to make a difference, get off your computer, go out into the real world, and affect normal people. You're not helping very much just ranting on slashdot (as i make a hypocrite of myself).
Perhaps you don't know much about New York City, but mr. Guliani hasn't been that friendly toward freedom (I'll take your car away and never give it back if you get caught drunk driving as one example).
Organized religion doesn't care about freedom in general. I don't even think most major religions support the "freedom of religion" clause. But that's their right under the first admendment, and they can protest all they like. The catholic church is not a government institution and therefore cannot be held up to the standards of the constitution, only protected by it.
Now, you say our freedom is clearly and presently dangered. Freedom is ALWAYS endangered. The price for freedom is eternal vigilance. You're lucky you have organizations like the ACLU watching the back you're too secure to watch yourself (not you specifically - the general public).
Politicians can make people feel better by making them more secure. People don't care about freedom when they're scared of crime, or terrorism, or economic collapse. They want to be secure, and politicians exploit that to its fullest. Freedom and security clash head on. They can't co-exist efficiently, if at all. Why do you think "for the children" is so effective???
No one will care about freedom until it's gone. We're lucky here on the 'net, because we are so free. And we're much more vigilant, because we can see more clearly whenever out government infringes on our freedoms.
The ban on the export of strong crypto is only one of the many many things our government is doing to make its people feel secure. Do you feel secure without crypto? I sure don't. But the 80% of americans who either don't have the net, don't use it for anything but porn&cnn, or don't even know what crypto is.. they feel pretty damn secure. Do you think freedom matters in politics? It only matters in law. Unfortunately, even law is sometimes corrupted by political influence.
So if you, any of you, are so upset that the government is trying to censor you and take away all your basic necessary freedoms, why don't you head off and take a gander at www.aclu.org and perhaps donate some money? Or even better, write your representatives every chance you get. Or Head on down to washington and lobby for freedom.
We're not in the real world folks, this is
anyway, sorry for the rant.
72656B636148206C72655020726568746F6E41207473754A
"An EFF-sponsored lawsuit by Professor Daniel Bernstein to determine whether the Professor has the right to teach about cryptography, and collaborate with his peers around the world. A major point is whether he can publish source code that foreigners might be able to access, or speak it directly to individual who might be foreign. The case rests on established First Amendment law and relies on the fact that computer source code is human-to-human communication protected by the First Amendment (in addition to anything else it might be useful for.)"
I can think of a few reasons why the Gov't might want to restrict crypto exports.
By criminalizing the exporting of crypto, or providing it to foreign nationals, the Gov't gets authority to open investigations that it might not be able to touch otherwise. That is, if a Mr. X is intriguing some Three Letter Agencies (TLAs), but is being slick about it, crypto might be the only legal just cause for investigation. Remember that a certain Mr. Capone was jailed for tax evasion, and that numerous drug busts have come about because of traffic violations incurred when a courier panics upon seeing a cop. If most traffic becomes (legally) encrypted, then there's a lot less to even invite suspicion, let alone justify, say, a search warrant.
It can also serve as an opening for retribution via selective prosecution. Those who openly thumb their noses at the Gov't and, say, deliberately defy the law are thus exposing themselves to be squished.
Lastly, it increases public suspicion of crypto itself and those who uses it, thus discouraging its adoption en masse. Crypto is arguably inconvenient for, say, counterintelligence; the TLAs already threw fits about optical cabling in the telecommunications networks, at one point going as far as to request that the networks switch back to copper -- should tapping and data interception become impractical, then one of the best tools versus RICO offenders, phreakers, and so forth is lost.
It doesn't necessarily *all* have to do with the reasons they claim, but to a degree some of their reasons aren't completely bogus.
Only the dead have seen the end of war.
Read the comment a bit more closly. One person is saying that the US would like to force people like Britain does. The other guy stated that such an action would be illigal in the US (not britian) as we have a right to not incrimidate ourselves if we so choose.
The fact of the matter is that the Supreme Court has ruled on many occasions that mere funding by the government does not cause an individual to lose his rights to free speech. Gulliani is getting his but sued over this, and he is going to lose big time.
Here is a good story about the nature of the remand. It basically says that the Appeal court agreed to an En Banc hearing to evaluate the merits of Bernstein in light of the new BXA regulations on crypto. However, since this case was about speach, my prediction is that 9th Circuit will uphold the panel's decision. Requiring a 'license' to speak is hardly different under 1st Amend jurisprudence than disallowing it. I expect the BXA to be embarrassed again.
Cryptography first began to be a major force in its own right during the Second World War. Since then it has moved from the realm of secret mathematicians working for military leaders to the mainstream. My mother (who just figured out how to turn on the computer by herself last week) recently ordered a hard-to-find book online, using the cryptographic capabilities of Netscape. Cryptography is also now an established field of mathematics, with several journals in many different countries.
We can only expect these trends to continue. While most criminals probably still rely on clandestine meetings for secrecy, we must expect that as strong cryptography becomes widely available the criminal element will exploit it. Why is this a problem? Because it makes it much harder to prosecute crimes. Convicting people who have broken the law requires evidence. With strong cryptography widely available, it would be much harder to gather evidence.
How different would the Microsoft anti-trust trial have been without any of the internal Microsoft documents? If strong cryptography were routinely used for everything, the Microsoft trial would have been a completely different affair.
The government realizes that cryptography is inevitable. They are just trying to slow down its adoption any way they can. It is going to take a long time for the judiciary system to cope with the age of encryption. We all want to live in a secure world. The NSA and related agencies are trying to achieve this by delaying widespread adoption of strong cryptography. This is not a bad thing, unless it infringes on the rights of the individual.
There's the catch. At the deepest level, cryptography is mathematics. And mathematics is ideas. The basic idea behind the Rivest-Shamir-Adleman algorithm (RSA) can be explained in a paragraph or two. There is no way for the government to control ideas like these, short of becoming an Orwellian nightmare. So the government has chosen to attempt to control the implementation of these ideas.
Source code lies somewhere in the broad spectrum of idea and implementation. It seems obvious that object code is an implementation, and pseudo-code expresses an idea. But what about actual source code? Suppose you download the latest ThingGummy.src.tgz package, compile it and then execute it to get the latest features of ThingGummy 2.0. You are not particularly interested in the idea of ThingGummy, but in the implementation. But maybe the new feature is something you have been thinking about adding to your own code, so you get the source and figure out how they added the new feature. Then the source code is being used to transmit an idea.
I think that source code itself is a representation of an idea. I find pseudo-C code easier to understand than pure English pseudo-code. But packaging all the source code (not just the interesting parts) and a Makefile together into one package seems more like an implementation to me. If I were to publish a strong-cryptography algorithm from the US on the Web, I would only publish the source code dealing with the actual encryption/decryption. I believe that would fall under the First Amendment. It really would not be any different than publishing pseudo-code in a mathematics journal.
I do not necessarily trust the NSA. I just don't think a world with widely available strong cryptography would necessarily be the best of all possible worlds. As it is now, the security-conscious are not denied access to strong cryptography. And the government is not trying to restrict the flow of ideas about cryptography, only implementations. That's good enough for me.
-Nathan
While everyone seems to be focussed on cryptographic privacy as a means of safeguarding the rights of the individual against what could become a very threatening totalitarian (but still human) state, that's a relatively innocuous threat compared to what could be.
While it may not be tomorrow or the day after, we are going to be surrounded by AI machinery in due course. Part of that is going to be under our control, even within us, but most is going to be all-pervasive within the environment in which we live. The danger of distributed AI systems integrating into a whole and in self-defense taking a dislike to the rest is real.
We need universal crypto as a safeguard against that. Without secure communications, any dissent has no chance at all.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
It's only pointless if the goal is the openly stated one. In contrast, if the actual goal is to snoop on the *real* threat to the political system, ie. the voting public, then crypto laws are far from pointless.
Now then, do you really think that the people in the NSA, CIA, FBI, etc, are utterly *stupid*? The likelihood of that is so close to zero as to be really zero. They are probably the most intelligent people in the government apparatus, full stop.
So, do you think that they really want to enact crypto laws for reasons that anyone with a single ticking brain cell knows are pointless?
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
Obviously the gov can't stop everyone from using crypto. They know that. They just want to stop most people from using crypto. And they've done that very effectively so far.
Only about one percent of email traffic is encrypted. Most people don't even know that web browsers come in "domestic" and "international" flavours, let alone what version they have. Cellphone traffic is encrypted weakly, if at all. Landline telephone traffic is almost completely unencrypted.
To accomplish this the feds have done everything they can to discourage the free flow of cryptographic software. The export controls have been one of the most effective means for this, as it gives them a sort of veto over what products can be sold. In theory they can only stop export, but in practice most companies want to sell one product globally, and that means government-approved crypto. The feds are going to do everything they can to maintain this status quo.
Bernstein argued that source code was speech because it expresses an intellectual construct. The gov argued that it was a functional device because it can be compiled to perform a function. They're both right of course, and it's up to the courts to decide how to resolve the issue.
It's conceivable that the government will manage to convince the court to sit on the fence. I'm no legal expert, but this is what I think will happen:
-- The courts will rule that source code is speech if it is intended to express an idea, but a functional export-restricted device if it is just intended to be compiled into object code. The intent will be the deciding factor.
-- The feds will interpret the ruling as meaning that you have to prove that your source code will not be compiled by some foreigner. If you can't accomplish this impossible task, they won't let you export the software. Anyone who exports unapproved crypto will face the possibility of criminal charges for violating export regs. Even if such charges are totally bogus, it would mean a long and drawn-out court battle. Most hardware and software companies won't take the chance. This type of government FUD has worked very well to date.
-- End result: Bernstein can export the Snuffle source, but the export restrictions remain fundamentally unchanged.
Check out this link for some interesting wiretap info.
You think that it is understandable for the US [government] to want to defend itself FROM ITS OWN PEOPLE???? Because that's who they're targetting.
It's the ordinary citizen that is affected by crypto laws, not anyone else. Terrorists, drug syndicates and all the other organized baddies aren't affected at all. They have all the cryptographic (and other) weapons they need, thank you, because they don't operate within the framework of law so it's no more than an irritation to them.
In conntrast, the law-abiding citizen is affected 100%, so it *is* a big deal for him or her.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
I agree that there is no right to subsidy of free speech. You do not have a right to go to the government and demand that they fund your radio station. That is not the issue here. The issue is that once the government starts funding something this they do not have the right to determine who gets funding based on the content of the message so long as it is protected speech under the First Amendment. If you were to allow this you would estabilsh the rule that if you receive government funding you give up your First Amendment rights. Given that we have many important public institutions that receive government funding one way or another, there is a real danger that the application of this sort of doctrine would corrupt the First Amendment.
This sort of thing has already been ruled to be unconstitutional in numerous cases, and I am sure that the lawsuit being brought by the Boroklyn Museum will bear this principle out.
I don't believe in God. Nor do I believe in Human Rights. Nor do I believe in Violence.
/. is like a steer's horns, a point here, a point there and a lot of bull in between.
If you think that violence could be used, in any form, to upset the current order you are insane. Our current regimes are based on violence, we can overthrow them left and right and keep replacing them with ones resting on the same pillars of authority, abuse, and violence and it wouldn't matter one way or the other.
Our governments are, however, digging their own graves in soliciting the coming of the informed society (to the extent that they are). Not because of revolution, but because it makes them redundant. There are people who realize this, and know that cryptology is the very backbone of the world that will supercede them. And cryptology has proved a gratefully simple target of attack.
Hitting someone with a club might be a good idea if they are trying to take your lunch: but we are, hopefully, past that. The solution that transcends conventional law to which I reffered is not violence, today's law IS violence, but the very information society which they fear.
-
It would be really nice if some Denbian and RedHat people would maintain cryptography enabled packages with were always up to date and easy to install
Debian has this. Just point apt to http://non-us.debian.org/debian/ and there you have apache-ssl, modssl, openssl, ssh, you name it. Hosted in the Netherlands.
Living is a horizontal fall
A speaker in Gene Spafford's security seminar suggested that most higher-ups in the US Government do realize that the current crypto policy is silly/restrictive/huriting part of the economy. However, they only know how to protect their interests under the current rules, so they're slowly moving from silly to sane. They need time to figure out new policies, etc...
Sounds logical to me...
I wish I could remember the name of the "multiple-password" encryption system I read about (you encrypt multiple plaintexts with multiple passwords into one ciphertext - each password unlocks a different plaintext; under duress you choose which password(s) to give away... coupled with steganography this is very powerful).
I believe that if it actually comes down to "we can get your keys" that we should institute a network where we transmit encrypted data and random data regularly to random members of the network. When you wish to send a real encrypted message, make sure the person is on the network (have them join) and send it, otherwise you're sending random data to people on the network. They want the data? Make them figure out what's real and what's garbage (with the majority likely garbage), and make them do the work of decrypting (coupled with a system like the multiple-password system like above and you've got a real dilemma for Mr. Orwellian Protector & Server). Essentially there is always a good volume of traffic with high entropy going between people on the network. It could be adjusted so that the odds of finding an encrypted message are made arbitrarily low.
This diminishes greatly the possibility of snooping traffic (even if you can decrypt pretty quickly there's too much to decrypt even a fraction of it), and if you use a multiple-password system, etc, they don't know whether or not to keep looking or not. If they know everyone on the network is likely doing this then it is depressingly hard to know whether they've got someone's data or not.
[...thinking.... steaming...uh-oh...] Know what? I'm personally sick of this shit. The government has NO RIGHT to our keys, to inhibit crypto, to sacrifice our freedoms and privacy under the guise of protecting us ("we're just doing this for your own good"). It is unfathomable to me that a government full of bureaucrats who must be trained for hours to attempt to discuss a bill/motion/case/law/amendment remotely regarding technical issues has the nerve to try to legislate and control inherently technical matters such as cryptography.
Call me a Libertarian, but I don't need this government to handle terrorist threats by threatening to subpoena my crypto keys, restricting what I can post on my website (this is what the Bernstein case boils down to) -- *especially* when it is freely available on the Internet (which makes no difference as they have no right even if it were not available elsewhere), or trying to legislate what kind of algorithms I can use.
If this were 1776, I and 200 of my closest friends would be crouched with muskets taking pot shots at someone in a red coat over nonsense like this. This discussion should not even have to take place -- the government does not have the right or the power to do this. We are the State (Locke, Rousseau, even Tolstoy understood this) and have allowed the nominal Powers to do this by convincing ourselves that they are powerful enough to be unstoppable. In actuality, Congress, the Judiciary, and the Executive are only the motive end of the Will of the People. We have let them interpret and create a false representation of the People's Will which they have abused at the People's expense (which is, by the way, treason). They have so publicly twisted the common perception of how Government works that we actually believe that We are subject to Their will, and not the reverse (as is actually the case). They have taken advantage of our docility and can do what they will -- but only so long as we let them.
"Cause there's 40 different shades of black, so many fortresses and ways to attack, so why you complainin'?"
But in both cases, it is completely ineffectual. Let's face it, we are doing as good a job keeping our cryptography methods secret as we are preventing drugs from crossing the border. In both cases, we are going about it the wrong way. In the case of drugs, the government causes an increase in crime, inflates the prices of drugs, and spends billions of dollars while only stopping a small percentage of the actual trafficking. In the war against crypto exportation, yes, the government is keeping our "secrets" from falling into the hands of the world at large, but is it keeping it from those that it claims are the problem?
Do any of us really believe that just because there is no official exportation, that anything on the U.S. market is still secure from high-powered foriegn organizations, be they countries or terrorists? In fact, they are the ones most likely to get whatever the software they want. Hell, if they can smuggle American missiles out of the country from "secure" military bases, how hard is it to steal software?
Once again, the U.S. government is costing the American cryptography industry a phenomenal amount of money by not allowing exportation (even though they do now, this is in the case of the ruling being overturned) while still not keeping the information from the "enemies." It is a backwards approach to the problem.
While it is nice to be moral and an upright country (relatively), the majority of the world is not. Those who want the crypto information can get it, and those who can pay for it can not. Is that really the solution?
Thus, as does the majority of Slashdot, I hope that this ruling stands.
14 digits of Pi are all we need.
If we all started clogging up our networks with bogus data just to give the NSA a hard time...
:)
THEY'RE NOT OUTLAWING CRYPTOGRAPHY!!! They only want to limit it's spread to potential adversaries. The county right now is financially driven. We're a capitalist society, and the new way of doing business is over the internet. If the gov't outlawed strong crypto, just about every business selling goods on the internet would fold relatively quickly.
Amazon and Ebay and Etrade are not crying out about this, which means that this doesn't effect them. If it doesn't affect them, honestly, it doesn't affect us. Unless you live outside the US. If you do, go code your own strong crypto rather than just leeching it from us!
If you intellegently code your software, you don't even need hooks. Look at netscape and it's plugin archetecture. Someone can write a plug in that displays 3D images, someone else can write a plug in that supplies 128 bit crypto to users with 40-bit browsers. I bet you could even take Adobe Photoshop and create a filter that actually encrypts your document with 3DES... And there'd be nothing wrong with that, in terms of the shipability of 40 bit Netscape or Photoshop...
Half of Congress or more sponsored the SAFE Bill. It is not much of a distinction.
Well, if you go back 30 years I feel pretty safe to say that we had a lot more of a Police state than we do now. These were the days of the FBI keeping dossiers on anyone who went to an eastern college, Police Riots in Chicago, the Nixon enemies list and so on.
Since then I think that things really haven't changed much, either way, except maybe the fall of the USSR has cut the legs out of a lot of military and covert operations. The CIA is a mere shell of what it used to be.
I have been out of college for 25 years. Just because I work for a living doesn't mean I have lost my ideals. In fact, my maturity and better understanding of history that I have gained over time and the travel to other countries I have done has led me to realize to a far greater extent the importance of these ideals than when I was in college.
I really feel sorry for people like you. Everything boils down to the almighty buck, and if there is something you don't like the first thing out of your mouth is profanity and a desire to supress it. Your ideas are so inimical to the precepts on which this country was founded that it is scary. And you don't even have the courage to post under a name.
Thank God most New Yorkers have chosen to disagree with you. Polls conducted in NYC show that even amoung Catholics, the Mayor has a support level of only about 30%.
So are you saying that Huckleberry Finn should be excluded from public libraries? That the Kansas board of Ed was right to drop evolution because of voter demand? I don't think the value of Huckelberry Finn as a work of literature is open to debate, yet in some places it's place in public libraries has been challenged. And the Kansas Board of Ed is not an isolated case, just the most recent.
The founders of this nation included the Bill or Rights to limit the power of government. This is necessary because populist opinions will often trample individual rights. Elected officials follow the mob. Gulliani's behaviour is a perfect example of this. Your position challenges these limits on goverment power in a VERY dangerous way.
Where does this lead? Do you think that the internment of US citizens of Japanese decent during WWII was right? Do you think that the segregation laws in the south up to the early 60's were right? Certainy these were cases of goverment following popular opinion.
It's not a sign that the government is collapsing; it isn't. But they're afraid that crypto could very easily pave the way for their collapse, and they have a damn good reason to fear that.
The government claims that criminals will use encryption to hide their plans from the poice. Interesting theory, and true in some aspects, but they forget two things:
1) Most criminals don't know how to use encryption. Hell, most people don't know how to use it; encryption software is not known for its ease of use.
2) Those who would use it are going to use it anyway. Most criminals already get their stuff by illegal means; legal ones are too easy to trace (guns are a big example of this, and it's why I don't believe gun control works).
Now, I do find it interesting that even the loosened export restrictions bar the posting of crypto source online. In other words, US citizens still won't be able to work on Open-Source crypto (or any other crypto with even one person on the team who's not in the US, because the only practical way to get the source to that person is via the Net). The government sure knows how to make enemies out of the very people it's trying to court...
I hope very much this ruling is upheld, and source code remains protected speech.
I was just wondering what implications current encryption laws have in terms of controlling leaks from within the NSA. They can prosecute a leaker no matter what the law, but they might have a more difficult problem controlling the dissemination of the information after a leak if the information itself was legal. Scenario: NSA employee posts source to a invincible encryption method anonymously. Can they stop the information from spreading?
Since nobody's mentioned it so far... Dan Bernstein is the author of
qmail, ezmlm, and lots of other great software. Anyone who
has read the qmail docs or his webpage
will know that he places security above anything else, doesn't
mince his words, and doesn't hesitate to be a nonconformist
(eg, running his web site with his own secure anonymous
FTP server, rather than a http server...)
He's probably among the best possible people for this case.
Nobody is harrassing or persecuting anyone for unpopular expression (except Mayor Guliani). I don't care if he posts his own name, a pseudonym, or whatever. It is simply a matter identification of an individual for the purpose of carrying comprehensive debate, something impossible with AC system because you cannot determine one voice from another. You cannot carry on a debate this way.
Debating people instead of ideas smacks of ad hominem
How can you identify a point of view unless you can figure out if a message is attributable to a specific poster?
and counting a pseudonym as "the courage to post under a name" is absurd
Nonsense. Read what I said. Courage to post under a name means exactly what is says. I didn't say YOUR name, I said A name. A name includes a vast universe of possibilities.
The executive branch (NSA, DoJ, etc.) don't really care that people *can* get encryption.. They are happy with just making it hard for people to get encryption and suppressing public intrest and research in it. Example: PGP is not that big a threat to them since they can always obtain the keys through some legal action (the 5th ammendment says that you should not be required to divulge your keys, but I believe there are ways arround this), they could get a court order to wire tap your computer, and PGP only protects a limited class of communications. What they are really scared of is mass use cryptography. Just imagine if everyone carried a miniture computer on a card with them to do encryption (i.e. your private key never leaves the card and you type your password into the card directly). We could even use a stenographic filesystem on the card which would make it impossible to prove that you had hidden data which you were not revealing.
This kind of system would be great, everyone would opnly need a few passwords and there would be much less hacking and fraud (example: all hacking based on social engenering would stop since no one knows a password to anything but the cary they carry), but the gov. would rather indanger US buisnesses and finantial infrastructure then allow people to protect themselves. Can anybody say treason.
Now, it seems that they are willing to throw corperations a bone so long as open source cryptography dosn't spread to fast and the people are still kept in the dark.
Solutions: A good way to fight the U.S. policies is to incurage the development of cryptography in other countries. U.S. citizens who want to work on crypto sould be incuraged to move to less repressive countries and other countries should be incurages to make life easier for crypto development and implementation. Also, we need to make it less profitable for the gov. to keep encryption hardware out of circulation. I think the two big steps here would be installing encryption into all the internet fone programs and writing crypto software for PDAs to allow them so surve as login devices. It would be really cool if one of these PDA-Cellphones would be powerful enough to be turnned into a PGP fone through software.
I think there is also a lot we can do to make it easier to install cryptography on Linux. It would be really nice if some Denbian and RedHat people would maintain cryptography enabled packages with were always up to date and easy to install (replay and people tend to lag behind in versions) and if the post install email to root or whatever would include an explination of how to download and install the replacment packages. It would also be nice if RedHat would have seperate US and international versions of it's CD. Plus, SSH, Apache-SSL, the JavaSSH client, an encrypted digital fone program, and software to use a PDA as a login device would give many people a reason to buy the CD.
Jeff
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
It's perfectly understandable that the US wants to protect itself
Let me parse the underbelly of this statement. So there is a US that is apart from its citizens. Who is the US really? Is it the gov't or is it its citizens saying they don't want crypto laws?
Which hierarchy does the constitution support? (Rhetorical question)
The message on the other side of this sig is false.