Interesting People mailing list archives
Software you can buy but can't sell
From: David Farber <farber () central cis upenn edu>
Date: Mon, 8 Nov 1993 06:46:53 -0500
Posted-Date: Sun, 7 Nov 1993 22:14:29 -0500 From: <jxm () engin umich edu> Date: Sun, 7 Nov 93 22:12:45 -0500 To: farber () central cis upenn edu Subject: Software you can buy but can't sell Hi there, Here's something I spotted on the Clarinet Newswire feed. It's one of the usual stories about the Internet becoming available to everyone, and about the export of encryption software. What bothers me is not so much that detail, but rather the jingoistic attitude which starts somewhere around the comment that American-made software is "better" than anybody else's. This attitude continues, and culminates in the notion that anything Saddam Hussein could buy elsewhere is not the "rock-solid American computer code that people are used to"!! Huh? Are these UPI guys for real?? What people, where? Does everyone else in the world use subtly inferior algorithms, or do they just not check their return codes as well as we do? John Murray, HCILab University of Michigan --------------- Computer Comment - United Press International (Copyright 1993) True story: When Operation Desert Storm was raging, U.S. forces had a very difficult time knocking out Sadaam Hussein's computerized military command and control operations. It wasn't that Iraq's dictator had hired the world's best technical wizards to work for him. It was because the technical minds which were already in Iraq recognized the fact that standard Internet Protocol routers were designed well. Knock one out and another takes over, invisibly. The computer network keeps running. This was off-the-shelf technology -- technology for the people, the kind of stuff that made millions for Henry Ford and Thomas Edison. The kind of stuff that made America great. And the fact that technology such as this is available to anyone who wants it may, indeed, be where the federal government got this paranoia about exporting technology. The problem today isn't with IP routers. It's with software encryption. There are a lot of good reasons to encrypt something you're sending over a computer network. With good encryption, proprietary business information stays away from prying eyes. Financial dealings remain secret and personal letters you're posting to a loved one on a net far away stay personal. They don't wind up posted on someone's bulletin board with your name circled. In mid-October, the House Subcommittee on Economic Policy, Trade and Environment began a round of hearings on legislation to reauthorize the Export Administration Act, which sets export control policy for the United States. It's this legislation that stops American software publishers from legally doing what they do better than anyone else in the world -- write code that is better than anything that can be obtained abroad. In this case, the software in question is used for data encryption. During those hearings, former National Security Agency employee Steve Walker of Trusted Information Systems testified that the policy of the U.S. government in this matter is just futile. Encryption technology exists in the United States because code writers want security for their data. They just can't export their products to other countries because the government treats this as cryptographic technology, the old ``secret code'' stuff of spy stories from long ago. Of course, if you wanted to use some of that already extant American encryption software abroad, all you'd really have to do is walk into Egghead, buy something like Borland's SuperKey, walk outside, go to the airport, get on a plane with it, and fly away. And in fact, that's what a lot of people do. Let's say that you worked for Sadaam Hussein, and he wanted a copy of SuperKey. You could take the diskettes you bought at a discount software house, dial into the Internet, and post the software to an Iraq-friendly country in a couple of minutes. You wouldn't even have to get on a plane. There is indeed a real military use for cryptographic software. If Sadaam Hussein wanted to use any of several public key encryption routines already floating around on the Internet, he could have virtually assured that the NSA would have to work hard to get the information he was sending across computer networks. It's not impossible to get that information -- just expensive. It takes a lot of computer resources and time to crack a public key encryption code. If Sadaam Hussein were reading this column, he should probably know that he can buy software off the shelf in 21 foreign countries that will let him encrypt his data. The Software Publishers Association has identified 264 products for sale outside of the United States that do just that. It's not the rock- solid American computer code that people are used to, and some of the programs will work better than others, but then, caveat emptor, Sadaam.
Current thread:
- Software you can buy but can't sell David Farber (Nov 08)