It is somewhat amusing to think of the US engaging in 'cyber warfare'. But the serious part is not so funny. By disrupting the communication channels of the enemy, you leave them more vulnerable to conventional weapons. It might be better to screw up their phone system (for example) than to nuke them. But what if screwing up their phone system prevented a town from telling the rest of the world they were under attack and needed reinforcements?
It's very similar to the situation with non-lethal military weapons. Things like that sticky gunk they spray on people. It is very funny to watch, but if you think about it you start to wonder what happens to the people that get stuck. How hard it is to shoot someone who can't move?
Disrupting electricity is another example. You could argue that disrupting their electricity is better than lethal force. But if you need electricity to detect and defend against attacks, it suddenly becomes a more important issue. Disrupting their electricity could cause as many fatalities as traditional weapons.
Non-lethal weapons can be every bit as scary as guns and nukes.
I do not think the article dismisses CatB as socialistic rhetoric. The main point I got out of it was that CatB describes Open Source as a new phenomenon, whereas it really is another form of scientific community.
I thought the article was well-written and accurate. One especially valid point is that the failures of open source do not get any attention. For every Apache there are probably dozens of aborted projects that never worked out. This is not necessarily a problem, because the people that worked on the failures learned something and had fun coding. But it does give us a skewed view of how effective the open source methodology is (because the successes are far more visible than the failures). In the commercial world, the "failures" usually end up being released at some point, so we see the whole gamut of results. -YoJ
Cryptography first began to be a major force in its own right during the Second World War. Since then it has moved from the realm of secret mathematicians working for military leaders to the mainstream. My mother (who just figured out how to turn on the computer by herself last week) recently ordered a hard-to-find book online, using the cryptographic capabilities of Netscape. Cryptography is also now an established field of mathematics, with several journals in many different countries.
We can only expect these trends to continue. While most criminals probably still rely on clandestine meetings for secrecy, we must expect that as strong cryptography becomes widely available the criminal element will exploit it. Why is this a problem? Because it makes it much harder to prosecute crimes. Convicting people who have broken the law requires evidence. With strong cryptography widely available, it would be much harder to gather evidence.
How different would the Microsoft anti-trust trial have been without any of the internal Microsoft documents? If strong cryptography were routinely used for everything, the Microsoft trial would have been a completely different affair.
The government realizes that cryptography is inevitable. They are just trying to slow down its adoption any way they can. It is going to take a long time for the judiciary system to cope with the age of encryption. We all want to live in a secure world. The NSA and related agencies are trying to achieve this by delaying widespread adoption of strong cryptography. This is not a bad thing, unless it infringes on the rights of the individual.
There's the catch. At the deepest level, cryptography is mathematics. And mathematics is ideas. The basic idea behind the Rivest-Shamir-Adleman algorithm (RSA) can be explained in a paragraph or two. There is no way for the government to control ideas like these, short of becoming an Orwellian nightmare. So the government has chosen to attempt to control the implementation of these ideas.
Source code lies somewhere in the broad spectrum of idea and implementation. It seems obvious that object code is an implementation, and pseudo-code expresses an idea. But what about actual source code? Suppose you download the latest ThingGummy.src.tgz package, compile it and then execute it to get the latest features of ThingGummy 2.0. You are not particularly interested in the idea of ThingGummy, but in the implementation. But maybe the new feature is something you have been thinking about adding to your own code, so you get the source and figure out how they added the new feature. Then the source code is being used to transmit an idea.
I think that source code itself is a representation of an idea. I find pseudo-C code easier to understand than pure English pseudo-code. But packaging all the source code (not just the interesting parts) and a Makefile together into one package seems more like an implementation to me. If I were to publish a strong-cryptography algorithm from the US on the Web, I would only publish the source code dealing with the actual encryption/decryption. I believe that would fall under the First Amendment. It really would not be any different than publishing pseudo-code in a mathematics journal.
I do not necessarily trust the NSA. I just don't think a world with widely available strong cryptography would necessarily be the best of all possible worlds. As it is now, the security-conscious are not denied access to strong cryptography. And the government is not trying to restrict the flow of ideas about cryptography, only implementations. That's good enough for me.
Slashdot Mirror
It is somewhat amusing to think of the US engaging in 'cyber warfare'. But the serious part is not so funny. By disrupting the communication channels of the enemy, you leave them more vulnerable to conventional weapons. It might be better to screw up their phone system (for example) than to nuke them. But what if screwing up their phone system prevented a town from telling the rest of the world they were under attack and needed reinforcements?
It's very similar to the situation with non-lethal military weapons. Things like that sticky gunk they spray on people. It is very funny to watch, but if you think about it you start to wonder what happens to the people that get stuck. How hard it is to shoot someone who can't move?
Disrupting electricity is another example. You could argue that disrupting their electricity is better than lethal force. But if you need electricity to detect and defend against attacks, it suddenly becomes a more important issue. Disrupting their electricity could cause as many fatalities as traditional weapons.
Non-lethal weapons can be every bit as scary as guns and nukes.
I do not think the article dismisses CatB as socialistic rhetoric. The main point I got out of it was that CatB describes Open Source as a new phenomenon, whereas it really is another form of scientific community.
I thought the article was well-written and accurate. One especially valid point is that the failures of open source do not get any attention. For every Apache there are probably dozens of aborted projects that never worked out. This is not necessarily a problem, because the people that worked on the failures learned something and had fun coding. But it does give us a skewed view of how effective the open source methodology is (because the successes are far more visible than the failures). In the commercial world, the "failures" usually end up being released at some point, so we see the whole gamut of results. -YoJ
Cryptography first began to be a major force in its own right during the Second World War. Since then it has moved from the realm of secret mathematicians working for military leaders to the mainstream. My mother (who just figured out how to turn on the computer by herself last week) recently ordered a hard-to-find book online, using the cryptographic capabilities of Netscape. Cryptography is also now an established field of mathematics, with several journals in many different countries.
We can only expect these trends to continue. While most criminals probably still rely on clandestine meetings for secrecy, we must expect that as strong cryptography becomes widely available the criminal element will exploit it. Why is this a problem? Because it makes it much harder to prosecute crimes. Convicting people who have broken the law requires evidence. With strong cryptography widely available, it would be much harder to gather evidence.
How different would the Microsoft anti-trust trial have been without any of the internal Microsoft documents? If strong cryptography were routinely used for everything, the Microsoft trial would have been a completely different affair.
The government realizes that cryptography is inevitable. They are just trying to slow down its adoption any way they can. It is going to take a long time for the judiciary system to cope with the age of encryption. We all want to live in a secure world. The NSA and related agencies are trying to achieve this by delaying widespread adoption of strong cryptography. This is not a bad thing, unless it infringes on the rights of the individual.
There's the catch. At the deepest level, cryptography is mathematics. And mathematics is ideas. The basic idea behind the Rivest-Shamir-Adleman algorithm (RSA) can be explained in a paragraph or two. There is no way for the government to control ideas like these, short of becoming an Orwellian nightmare. So the government has chosen to attempt to control the implementation of these ideas.
Source code lies somewhere in the broad spectrum of idea and implementation. It seems obvious that object code is an implementation, and pseudo-code expresses an idea. But what about actual source code? Suppose you download the latest ThingGummy.src.tgz package, compile it and then execute it to get the latest features of ThingGummy 2.0. You are not particularly interested in the idea of ThingGummy, but in the implementation. But maybe the new feature is something you have been thinking about adding to your own code, so you get the source and figure out how they added the new feature. Then the source code is being used to transmit an idea.
I think that source code itself is a representation of an idea. I find pseudo-C code easier to understand than pure English pseudo-code. But packaging all the source code (not just the interesting parts) and a Makefile together into one package seems more like an implementation to me. If I were to publish a strong-cryptography algorithm from the US on the Web, I would only publish the source code dealing with the actual encryption/decryption. I believe that would fall under the First Amendment. It really would not be any different than publishing pseudo-code in a mathematics journal.
I do not necessarily trust the NSA. I just don't think a world with widely available strong cryptography would necessarily be the best of all possible worlds. As it is now, the security-conscious are not denied access to strong cryptography. And the government is not trying to restrict the flow of ideas about cryptography, only implementations. That's good enough for me.
-Nathan