[3301] in cryptography@c2.net mail archive
Re: Magaziner hints at easing of Crypto Export Regulations
daemon@ATHENA.MIT.EDU (Matt Blaze)
Wed Sep 16 16:56:53 1998
To: Russell Nelson <nelson@crynwr.com>
cc: cryptography@c2.net
In-reply-to: Your message of "16 Sep 1998 15:14:53 -0000."
<19980916151453.29308.qmail@desk.crynwr.com>
Date: Wed, 16 Sep 1998 15:29:05 -0400
From: Matt Blaze <mab@crypto.com>
>Jim Gillogly writes:
> > >... Ira Magaziner ...said a further loosening of export restriction
> > > could come within the next few weeks, allowing for freer export of
> > > 128-bit software.
> >
> > ... or some such incremental change.
>
>But Jim, compromise typically involves "you give a little, I'll give a
>little." What have we given up? I don't see anybody saying "Okay,
>we'll accept weak cryptography." All the movement is on the
>government's part. This is good.
>
To a first approximation, we don't *have* anything to give up (on the export
issue, at least). You can't export strong crypto without breaking it
by installing uneconomical, insecure key escrow. Period.
To a second approximation, even though we have nothing tangible to give up,
we've given up quite a bit of valuable, if less tangible, power:
- The existance of a key escrow "industry" gives token public
legitimacy to the notion that the government's key escrow
program is feasible or at least a viable policy avenue to
explore, even though most technically sophisticated
observers understand that this is nonsense.
- By accepting the "cutouts" in the export law granted to financial
institutions and other critical multinational encryption users,
powerful allys who would naturally gravitate to our side of the
issue have been effectively silenced.
- Even by entering into the debate over export and key escrow,
we've lost valuable energy that could have been put into deploying
crypto widely domestically. Even though there are no domestic
crypto restrictions, there are virtually no mainstream domestic
crypto products on the market today actually protecting real
data. (The percentage of encrypted Internet backbone traffic,
perhaps the most likely place we'd expect to see encryption,
given SSL products like netscape, is still virtually zero).
Every day we (the industry) engages in the export debate in order
to be able to ship one strong international product tomorrow
instead of producting a strong domestic version today is a day
that people in the US are denied the use of strong crypto.
In large part *because* of the crypto debate, almost no one is
is investing serious effort into domistic crypto, despite the
lack of *any* laws restricting it's use or sale.
I'd say we've "compromised" quite a bit.
-matt
