[3298] in cryptography@c2.net mail archive
Re: Magaziner hints at easing of Crypto Export Regulations
daemon@ATHENA.MIT.EDU (Jim Gillogly)
Wed Sep 16 12:49:43 1998
Date: Wed, 16 Sep 1998 09:41:47 -0700
From: Jim Gillogly <jim@acm.org>
To: cryptography@c2.net
Russ Nelson writes:
> Jim Gillogly writes:
> > >... Ira Magaziner ...said a further loosening of export restriction
> > > could come within the next few weeks, allowing for freer export of
> > > 128-bit software.
> >
> > ... or some such incremental change.
[He snipped my prediction that it would be a negligible change (which was
correct), and that the press would uncritically accept their claim that
it was a big change. The latter has not happened across the board, and I
apologize to those members of the press who I maligned.]
>
> But Jim, compromise typically involves "you give a little, I'll give a
> little." What have we given up? I don't see anybody saying "Okay,
> we'll accept weak cryptography." All the movement is on the
> government's part. This is good.
We're giving up time. Always time. The USG has been using this
process to gain time all along. Cast your mind back to the beginning
of the exercise, in about late 1992: AT&T was about ready to go public
with their DES-encrypted telephone. The USG did a fast shuffle and
"incentivized" them (their word) to abandon that track. The Clipper
program was the response, and even though it eventually got shot down
in pieces, Clipper and its successors in conjunction with the export
restrictions have effectively prevented us from putting in place a
world-wide secure Internet. The USG has had six years so far to
snoop traffic on wires that would otherwise have gone dark long ago.
While not as important as the AT&T DES phone, PGP was then in its
infancy, and enjoyed some popularity with those of us in the geek and
cypherpunk crowds. It had a good chance of being effectively the
default and ubiquitous strong international email system. Its
deployment was delayed enough by the Zimmermann investigation and the
related events that other competitors have had a chance to gain
considerable vogue, so that we now have choices among a number of
strong but incompatible mail standards, architectures and programs, as
well as a host of snake-oil products that the USG undoubtedly dearly
loves to see in place.
Consider also where the industry could have been by now. At the time
US companies were pre-eminent in the encryption and security business,
and could have pretty much dictated the security shape of the Net by
now. Instead we have a situation where foreign companies can and do say
in their advertisements "Buy our product and you can use it both in the
US and with your business partners abroad." US companies can't do
that... at least not with strong crypto. I have nothing against non-US
programmers -- they're every bit as competent as US ones. But the USG
should not be in the business of locking US companies out of the chance
to establish world-wide security standards. Security is coming to the
Net, whether US companies provide it or not. When the export regs are
eventually dropped, there will be so much fragmentation in the worldwide
security profile that it won't matter -- the bad guys of the world
will be able to snoop the interfaces between all the incompatible
systems.
I don't regard goverments and government snooping as inherently evil --
but with these policies they're playing into the hands of every
company's competitors and enemies.
Enough ranting. I could go on. Trust me.
--
Jim Gillogly
25 Halimath S.R. 1998, 16:26
12.19.5.9.8, 5 Lamat 1 Chen, Eighth Lord of Night
