[3579] in cryptography@c2.net mail archive
Re: Movement on Export regulations
daemon@ATHENA.MIT.EDU (Arnold G. Reinhold)
Tue Nov 3 11:55:44 1998
In-Reply-To: <199810310731.XAA13589@servo.qualcomm.com>
Date: Mon, 2 Nov 1998 14:26:22 -0500
To: Phil Karn <karn@qualcomm.com>
From: "Arnold G. Reinhold" <reinhold@world.std.com>
Cc: cryptography@c2.net
At 11:31 PM -0800 10/30/98, Phil Karn wrote:
>>What? Authentication is exempted, explicitly.
>
>I believe authentication is covered only to the extent that all other
>technologies are covered with respect to the "pariah" countries
>(Libya, Iraq, etc).
>
I really don't understand the benefit to US security of banning shipment of
shrinkwrap software containing export grade crypto to these countries. The
ban is futile and counterproductive.
On the one hand, the "pariah" countries have shown themselves adept at
smuggling the most sensitive defense material--nerve gas chemicals, nuclear
weapons equipment, etc. They are certainly capable having embassy staff
obtain a retail copy of a program in a foreign capital or New York (UN
Headquarters), and shipping the box home via diplomatic pouch. Once there,
these countries would have no compunctions about making as many copies as
needed for official purposes.
On the other hand, each of these countries is extremely concerned about
maintaining internal control. They have elaborate state security
organizations that attempt to monitor everything. The last thing they want
is for their citizens to have access to crypto, even 40-bit versions.
Breaking large quantities of messages in such codes takes time and
resources.
Some commentators see the rise of the personal computer as a factor in the
breakup of the Soviet Union. By keeping personal computer technology out of
the hands of the people in the "pariah" countries, we risk delaying
political change with no real possibility of denying the technology's use
to those governments. We are doing Fidel, Saddam, and Muammar a favor.
Arnold Reinhold
