Slashdot Mirror
Bernstein Back in Court
William Tanksley send us the story that Bernstein, who's case against the United States resulted in a three judge panel over-turning the US laws regarding exportation of cryptography software. At the request of the DOJ, a full Court of Appeals will rehear the case. Here's to hoping that the full court follows the advice of the panel.
I've visited police states. Chile under the early years of Pinochet. The cops on the corner have uzis and there is no radio station except the government station and there is a 1 AM curfew which is enforced by the military going up and down the streets with jeeps and APC's with 50 caliber machine guns mounted on the back. If your wife goes into labor at 2 AM you have to call the military to come get her but they usually don't come. If you try to drive her to the hospital yourself they will shoot you. This actually happened while I was there.
/. complain a lot about the government, but they also fit the profile of the most politically apathetic segment of the US, Gen X & Y. If you lose what Jefferson and the other founders built IT IS YOUR FAULT.
By the way, this government was put into power by the CIA under the instructions of R. Nixon.
The price of freedom is eternal vigilance. If you don't like what the government is doing let you elected representatives know about it. Support organizations like the ACLU. Watch the voting record of the people you elect. The people on
Last year I worked for a congressional campaign to unseat a radical conservative who had voted for 8 constitutional amendments during his term. These amendments included a ban on flag buring, a ban on abortion even if cases of rape incest or if the mother's life was threatened, and a override on the school prayer issue. In my opinion this was a totally outrageous assault on the fundamental rights of all Americans.
DO YOU KNOW WHAT YOUR CONGRESSMAN IS VOTING FOR?? Do you check his voting record??? DO you let him know about issues like the crypto problem?
Foo Blargle Me Noitzen!
What did I just say? It could have been non-sense... or it could have been a one-time cipher I'm using between me and a friend of mine to tell him I want his mp3 collection.
If you outlaw crypto.. the crypto experts will simply design a new system that doesn't *look* like crypto. Steganography(sp?) anyone? No officer, that REALLY IS a jpeg of pamela lee I posted to my friend... it REALLY DOESN'T contain the nuke codes for all the missle installations in North Dakota. :^)
The way I see it - this'll turn into another 'war on drugs' - with the only losers being the common citizen. We'll lose what (very little) civil rights we have remaining.. and will have gained nothing for it.
--
But in both cases, it is completely ineffectual. Let's face it, we are doing as good a job keeping our cryptography methods secret as we are preventing drugs from crossing the border. In both cases, we are going about it the wrong way. In the case of drugs, the government causes an increase in crime, inflates the prices of drugs, and spends billions of dollars while only stopping a small percentage of the actual trafficking. In the war against crypto exportation, yes, the government is keeping our "secrets" from falling into the hands of the world at large, but is it keeping it from those that it claims are the problem?
Do any of us really believe that just because there is no official exportation, that anything on the U.S. market is still secure from high-powered foriegn organizations, be they countries or terrorists? In fact, they are the ones most likely to get whatever the software they want. Hell, if they can smuggle American missiles out of the country from "secure" military bases, how hard is it to steal software?
Once again, the U.S. government is costing the American cryptography industry a phenomenal amount of money by not allowing exportation (even though they do now, this is in the case of the ruling being overturned) while still not keeping the information from the "enemies." It is a backwards approach to the problem.
While it is nice to be moral and an upright country (relatively), the majority of the world is not. Those who want the crypto information can get it, and those who can pay for it can not. Is that really the solution?
Thus, as does the majority of Slashdot, I hope that this ruling stands.
14 digits of Pi are all we need.
Since nobody's mentioned it so far... Dan Bernstein is the author of
qmail, ezmlm, and lots of other great software. Anyone who
has read the qmail docs or his webpage
will know that he places security above anything else, doesn't
mince his words, and doesn't hesitate to be a nonconformist
(eg, running his web site with his own secure anonymous
FTP server, rather than a http server...)
He's probably among the best possible people for this case.
The executive branch (NSA, DoJ, etc.) don't really care that people *can* get encryption.. They are happy with just making it hard for people to get encryption and suppressing public intrest and research in it. Example: PGP is not that big a threat to them since they can always obtain the keys through some legal action (the 5th ammendment says that you should not be required to divulge your keys, but I believe there are ways arround this), they could get a court order to wire tap your computer, and PGP only protects a limited class of communications. What they are really scared of is mass use cryptography. Just imagine if everyone carried a miniture computer on a card with them to do encryption (i.e. your private key never leaves the card and you type your password into the card directly). We could even use a stenographic filesystem on the card which would make it impossible to prove that you had hidden data which you were not revealing.
This kind of system would be great, everyone would opnly need a few passwords and there would be much less hacking and fraud (example: all hacking based on social engenering would stop since no one knows a password to anything but the cary they carry), but the gov. would rather indanger US buisnesses and finantial infrastructure then allow people to protect themselves. Can anybody say treason.
Now, it seems that they are willing to throw corperations a bone so long as open source cryptography dosn't spread to fast and the people are still kept in the dark.
Solutions: A good way to fight the U.S. policies is to incurage the development of cryptography in other countries. U.S. citizens who want to work on crypto sould be incuraged to move to less repressive countries and other countries should be incurages to make life easier for crypto development and implementation. Also, we need to make it less profitable for the gov. to keep encryption hardware out of circulation. I think the two big steps here would be installing encryption into all the internet fone programs and writing crypto software for PDAs to allow them so surve as login devices. It would be really cool if one of these PDA-Cellphones would be powerful enough to be turnned into a PGP fone through software.
I think there is also a lot we can do to make it easier to install cryptography on Linux. It would be really nice if some Denbian and RedHat people would maintain cryptography enabled packages with were always up to date and easy to install (replay and people tend to lag behind in versions) and if the post install email to root or whatever would include an explination of how to download and install the replacment packages. It would also be nice if RedHat would have seperate US and international versions of it's CD. Plus, SSH, Apache-SSL, the JavaSSH client, an encrypted digital fone program, and software to use a PDA as a login device would give many people a reason to buy the CD.
Jeff
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell