[1585] in cryptography@c2.net mail archive
Legislation is useless
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Tue Sep 23 11:47:25 1997
Date: Tue, 23 Sep 1997 11:44:50 -0400 (EDT)
From: "Perry E. Metzger" <perry@piermont.com>
To: cryptography@c2.net
Reply-to: perry@piermont.com
It has been asserted by many people that the old situation vis a vis
crypto law was bad and that trying to pass SAFE was important.
It is true that export controls are a pain in the neck, but frankly at
this point they are utterly worthless to the government. The
availability of non-US developed packages like ELVIS+, SSH, PGP,
SSLeahy, etc., which are in many cases superior to domestic
cryptography, has more or less given reality to what we all said would
happen -- the U.S. is simply exporting all the crypto jobs. If the
laws remain as they are, in another few years they will be utterly
laughable and no one will care any more. There are plenty of smart
foreigners in the crypto business, and the NSA's ability to read all
communications without effort is basically doomed no matter what they
do. It is true that the export regulation DELAYED things, but they no
longer are having much effect. Companies like C2 simply work around
them.
At present, there are no laws restricting the domestic use of
cryptography, a technology U.S. citizens have had as long as there has
been a U.S., and a technology that is utterly critical to the future
of internet security. However, in an effort to eliminate the
pain-in-the-neck export regulations, we opened the door to first rate
fools in Congress, perhaps with behind the scenes pressure (some of
which may have nothing to do with cryptography) to try to ban what has
been the right of every American for over 220 years: to communicate
any way they damn well please regardless of whether or not they are
communicating in the most convenient possible way to those who would
like to eavesdrop on our communications.
At this point, I'd say we should all concentrate on having Congress do
nothing at all and on getting crypto deployed absolutely
everywhere. The only reasonable defense against the current stupidity
is to make sure that to implement GAK will require throwing out every
phone and cable box and computer in the country. Let them try to do it
then.
Perry
