October 21st, 2002, 08:44 AM
Entire piece on Wired.
Daniel Bernstein seems intent on striking the deathblow to U.S. government regulations on cryptography.
The latest chapter in his decade-long battle began to unfold on Friday, when lawyers representing both the Department of Commerce
, a University of Illinois associate professor of mathematics, statistics and computer science, prepared to ask federal district court judge Marilyn Hall Patel to grant a summary judgment. At stake: the last remnants of a system that once prevented U.S. citizens from releasing software code that creates secure, electronic communications.
Bernstein is trying to eradicate the last of the export laws that previously kept Americans from distributing any work related to cryptography.
It's a bit confusing to some in the cryptography arena who feel that the current laws allow anyone to distribute their programs without fear of reprimand. Bruce Schneier, security expert and author of Applied Cryptography, said the future battle over encryption won't be trying to free software code, but rather preventing corporations from using it to limit rights.
"We always thought about cryptography as being a tool to protect the little guy versus the big guy," said Schneier. "It never occurred to us that the Digital Millennium Copyright Act would get passed."
Even with the looming fight
over the DMCA, many are still uncomfortable with the court battle Bernstein continues to wage.
"When you empower people to do things, we empower them to do bad things," said Mike Godwin, staff council at the Center for Democracy and Technology
. "It's a hard problem: What do you allow people to do in a free society? This is the hard part of democracy. You have to end up trusting people."
Thoughts and opinions?
\"When I give food to the poor, they call me a saint. When I ask why the poor have no food, they call me a communist.\" -- Dom Helder Camara
October 23rd, 2002, 12:46 AM
"When you empower people to do things, we empower them to do bad things," said Mike Godwin, staff council at the Center for Democracy and Technology . "It's a hard problem: What do you allow people to do in a free society? This is the hard part of democracy. You have to end up trusting people."
LOL..... Sounds like Mr Godwin (what an unfortunate surname) has a hard time trusting people. Perhaps he's in the wrong line of work?
October 23rd, 2002, 02:19 AM
Seems to me that even before the 'relaxing' of export laws in the US concerning 256-bit encryption, the Ruskies had 512-bit going. Maybe my old memory is confused on this time line but i don't believe so. Anyone remember differently? BTW, seems i read about someone had locked up a file of some kind and the only (commercial) people who had the ability to crack it for them was out of Moscow.... not the one in Idaho, either. methinks this battle against the commoners being able to communicate securely has been going on ever since the king started whacking off the heads of any peasant who could read and write, since it was a threat to the security of the kingdom
October 23rd, 2002, 07:50 AM
Yes, I'd noticed this as well. It seems to me that there is a rather arrogant assumption in the US that it is the only country in the world that makes decent encryption algorithms & the software/hardware to go with it.
Europe will be delighted if the US rejects this, as it will allow most of Europe free reign to sell to various export markets.
The reason that this is being opposed is because of the use that terrorists can make of this - much was made of a PC that was seized which had very weak (40 bit) encryption on it, and yielded a lot of information about al-Quidea.
I'm not convinced that is a valid argument any more, as the 'cat is out of the bag' now.
October 23rd, 2002, 03:27 PM
Reminds me of the story of how PGP was exported to Europe.
Because of the restrictions the PGO source code could not be sent over on a digital medium, but that didn't stop Phil Zimmerman, the godfather of the PGP initiative. Instead of breaking the law and smuggle the software out of the country, they found a workaround: What they did was write the whole source code into a book which was sent to a student in northern Europe. As long as the restriced algorithm was in book form, export wasnt illegal! The student wrote the whole source into his text-editor, compiled it and... Voila, PGP was successfully exported outside the US.
My opinion to Mahakaal's article that these algorithms are too valuable to the public to be restriced. When it comes to internet commerce and B2B strong algorithms are needed to provide safety of use. In many situations you need to transport your information across the net while knowing that these data are completely safe. Of course you could send a man on a plane with a briefcase handcuffed to his wrist, but that does not suit the needs of the regular Joe. Sometime in the near future we will have a worldwide system for secure transport of information, and that system is dependent on strong algorithms.
October 25th, 2002, 06:15 AM
Good point, Proactive, take for instance a current AO thread where IIT has evaluated the Carnivore system; what's to keep some "daddy warbucks' from installing his own version of Carnivore on a couple of hops upstream of his competitor (not difficult to determine) and scans all the incoming/outgoing for keywords (high bid, low bid, technical specs, sales, customer list, R&D......) from his competition. No big deal to accomplish, all he has to do is install the snoop prog in a couple of servers and he's got his competition caged. Now, if competition isn't regularly encrypting all outgoing, and their contacts aren't regularly encrypting all the incoming, whadaya think old "daddy warbucks" would pay a good IT to take care of this little project for him? And, like the IIT study said; "Questions of constitutionality of carnivore-type intercepts and trustworthiness of law enforcement agents were outside the scope of this evaluation..." Now, if there have been serious spies bought from the ranks of our own federal security agencies, how much easier would it be to get someone with "access" to pass the messages to "daddy warbucks"? Just wonderin', just wonderin' ...