[2714] in cryptography@c2.net mail archive
Re: Secure Office
daemon@ATHENA.MIT.EDU (Frank O'Dwyer)
Sat May 16 13:35:17 1998
From: "Frank O'Dwyer" <fod@brd.ie>
To: "Marc Horowitz" <marc@cygnus.com>
Cc: <cryptography@c2.net>
Date: Sun, 17 May 1998 14:28:13 +0100
>This rhetorical point is getting old. The government doesn't *care*
>about DES implementations and crypto libraries. They are under no
>illusion about the availability of crypto outside the US. However,
>they understand that the US currently controls the commercial software
>market. What really scares them, what keeps them up at night, is that
>somday, Windows will ship with strong, nonescrowed crypto, which is on
>by default and always there. Because the stupid criminals aren't
>using PGP, but if crypto really were ubquitous, they would be using
>crypto, probably by accident. And that would make the government's
>job (both the legitimate and illegitimate parts) harder.
Marc's right, of course. The whole thing acts as a brake against
development. Certainly here in Europe, after you've considered
all the export issues in all the jurisdictions, and all the patent
issues, and the regulatory issues, and some kludge to make
it work with IE4 and Netscape, there's not much time to cut
the code (if you can even remember what the original project
was).
But I do love this talk about "Stupid Criminals", now a de facto
standard buzzphrase among those who want to regulate crypto
in some way. Law enforcement is having trouble catching stupid
criminals, so they want to make extra things illegal?
I think that if the cops can't catch stupid criminals, they should
consider an alternative career.
Cheers,
Frank.
>
>Microsoft, for those who haven't noticed, is in the US. But the
>government can't exactly say that libraries are ok, but OS's and
>applications are not; their position is inconsistent enough as it is.
>So they restrict everything (except books-on-dead-trees, because the
>courts would nail them instantly on that, and they know it).
>
>The government has been quite successful in limiting the spread of the
>*use* of crypto. If you think this is false, then you don't
>understand what they are trying to do.
>
>It's not that people outside the USA can't implement crypto. They
>can, and quite well. What they cannot do is get lots of people to use
>it. Eric, if you can compete effectively with Microsoft, I heartily
>encourage you to do so, and please don't stop at just making the
>crypto better.
>
>Another point of trivia: the PGP keyservers have fewer than 200,000
>keys on them. This is a lot, but it's a tiny fraction (1%?) of global
>internet users.
>
> Marc
>
