Interesting People mailing list archives
IP: Nice reporting on Wassenaar in Keith Dawson's TBTF
From: Dave Farber <farber () cis upenn edu>
Date: Fri, 25 Dec 1998 05:11:17 -0500
Sender: rberger () ibd com Date: Fri, 25 Dec 1998 01:43:26 -0800 From: "Robert J. Berger" <rberger () ibd com> Don't know if you already get this, but its one of the clearest synopsis of the international communities reaction to the US statements on the results of Wassenaar and Crypto controls. Also followed with a bit on Net Monitoring in South Africa. Excerpted From: TBTF for 12/23/98: The eye, altering T a s t y B i t s f r o m t h e T e c h n o l o g y F r o n t Your Host: Keith Dawson This issue: < http://tbtf.com/archive/12-23-98.html > ..Wassenaar: US exports crypto-export controls 33 nations agree in principle to limit exports, but all is not unity US high-tech companies have long complained that the lack of crypto- export restrictions in other countries hampers their ability to com- pete abroad. The relief they have sought was relaxing US strictures, not tightening those of other nations. But US crypto ambassador David Aaron has been working behind the scenes to convince other countries to do just that. On 3 December Aaron held a press confer- ence to claim victory in these efforts [1]. The 33 signatory nations to the Wassenaar Arrangement [2] have agreed to new rules. (Note: turn off graphics before visiting [2]: it loads 33 gratuitous GIF im- ages of waving flags with mouseovers for a total footprint of 353K.) In summary, the new rules state: - All crypto products of up to 56 bits can be freely exported. - Mass-market crypto software and hardware of up to 64 bits can be freely exported. - The export of products that use encryption to protect intel- lectual property, such as DVDs, has been relaxed. - Export of all other crypto still requires a license. - No alteration was made in the ambiguous area of whether Wass- enaar covers intangible exports (such as via the Internet). The Wassenaar provisions are not themselves binding on signatory nations; each nation must enact its own laws to implement the rules. Some accounts of Wassenaar have interpreted the new rules to allow the free export of any public-domain crypto of any strength, inclu- ding Open Source products such as SSLEAY. My reading of the agree- ment itself [3] is that such products are exportable only if they meet the other requirements outlined above; in other words it would not be legal to export PGP. A Norwegian poster to the Cryptography list asked his ministry of foreign affairs for a clarification on exactly where Open Source software falls, and was told that it is compliant with what Wass- enaar calls "public domain" software. In a speech on 7 December [4], US Commerce Department official William Reinsch said: > ...participating states agreed to extend controls to mass- > market encryption exports above 64 bits, thus closing a > significant loophole. A posting to Cryptography quoted a newspaper article in which the Finnish prime minister gave his views on the new Wassenaar rules. He noted that "the United States is in a very powerful position" but said that Finland will not alter its liberal principles in encryp- tion politics. Denmark is reported to be in a political uproar because the Danish official who signed the Wassenaar accord did not have proper par- liamentary standing to do so -- and the new rules run counter to current Danish crypto policy. The upshot could be a formal renun- ciation of the accord by Denmark, which would render it invalid everywhere. Two little-known Internet governance boards, the Internet Architec- ture Board and the Internet Engineering Steering Group, have re- leased a memo slamming Wassenaar [5]. In its antitrust defense Microsoft argues that the government has no business interfering with a company's choices in product develop- ment. But the US government's National Security Agency has long taken an active role in product development, according to this CNN story [6] -- working with Microsoft as well as a host of other com- panies to limit available crypto technology. What's behind the US push to restrict crypto strength domestically and world-wide? Most observers of the crypto-political scene dismiss the official explan- ation that crypto must be limited to thwart criminals and terror- ists. The bad guys have, after all, had access on the open Internet to strong-crypto source code since 1991. This quote from Ross Anderson, with a preface by Peter Gutmann, makes plain the assumption, widely held in cypherpunk circles, that it all starts with Echelon [7]. > This is probably the best one-sentence summary of export > controls I've seen. It predates the recent Wassenaar an- > nouncement by about half a day, but is even more appropri- > ate in the aftermath: > "The real aim of current policy is to ensure the continued > effectiveness of US information warfare assets against in- > dividuals, businesses, and governments in Europe and else- > where." -- Ross Anderson In other words, those who want strong crypto restrained are, first and foremost, protecting the UKUSA franchise in filtering and moni- toring worldwide communications in real time. [1] http://www.news.com/News/Item/Textonly/0,25,29526,00.html?tbtf [2] http://www.wassenaar.org/ [3] http://www.fitug.de/news/wa/ [4] http://jya.com/war120798-2.htm [5] http://www.news.com/News/Item/Textonly/0,25,30228,00.html?tbtf [6] http://cnn.com/TECH/computing/9807/27/security.idg/index.html [7] http://tbtf.com/archive/03-09-98.html#s05 ____________ ..A survey of international crypto law On the Web and on paper Bert-Jaap Koops <e.j.koops () kub nl> has updated his Crypto Law Survey [8] with news from Wassenaar and updates on the laws of 15 coun- tries. And now Koops's PhD thesis, titled The Crypto Controversy, has been published by Kluver Law International [9]. So far the book has not appeared on Amazon.com, but you can order it directly from KLI [10] for $87 US. [8] http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm [9] http://cwis.kub.nl/~frw/people/koops/thesis/thesis.htm [10] http://www.wkap.nl/book.htm/90-411-1143-3 ____________ ..Reflections on cyberwar A cri de coeur, a call to care Phil Agre doesn't usually wax emotional about issues of technology and culture; his 16 December piece on cyberwar [11] is an exception. Agre attended a conference at which several honest and sincere rep- resentatives of the US defense establishment presented a seemingly new military doctrine for the online world. They proclaimed that there is, as of now, no boundary line between military and non-mil- itary facilities. Agre writes: > In the world of the Internet, it would seem, ...we are now in... > permanent, total, omnipresent, pervasive war. Cold War plus > plus: all war, all the time. They said this. Please read Agre's closely argued, anguished musings about these developments [11], and see if you don't wax emotional too. A word on one of Agre's asides: in writing about the styles of reaction against such military thinking, Agre characterizes one group of old-line Netizens in words that strike close to home: > You may recall that, as recently as a couple of years ago, > proponents of the cyberspace ideology filled the Internet > with manifestos against the Communications Decency Act and > many other bad actions on the part of the government. Where > have those people gone? Some of them remain in business, of > course, including many of the sensible ones, but they no > longer come close to defining the Internet's culture. I don't know whether or not Agre considers me one of the sensible ones. But I am certainly still in business, doing my level best to perpetuate those aspects of the roots of Internet culture most worthy of emulation -- trying to alter an occasional reader's view- point -- for the eye, altering, alters all. [11] http://www.egroups.com/list/noframes/rre/983.html ____________ ..South Africa considers intercepting and monitoring telecomms Discussion paper proposes CALEA-like cost transfer After reading about India's proposal to enable monitoring of Net traffic, Ant Brooks <ant () hivemind net> sent word of a similar pro- posal [12] (360K) circulating in South Africa. The discussion paper from the South African Law Commission proposes requiring telecomms and service providers (read: ISPs) to ensure, at their own expense, that all communications can be intercepted and monitored. Brooks writes: > These suggestions (although disturbing enough) are nowhere > near as drastic as the measures being proposed in India, but > because South Africa is the most connected country on the > continent, I suspect that this is just the tip of the Afri- > can iceberg on the issue... > As I type, I'm sitting in the auditorium attending the Af- > rican Internet Group conference in Cotonou in Benin, West > Africa. It is apparent that the governments of many African > countries have not even begun to consider these issues, and > given the high level of control that some of our governments > exercise on other telecommunications services, I have some > concerns about the future of Internet freedom in Africa. > Hopefully, current processes of educating government about > the Internet and Internet governance underway here will min- > imise any nasty legislation. [12] http://jya.com/za-esnoop.htm ____________ -- Robert J. Berger - Internet Bandwidth Development 14510 Big Basin Way #253 Saratoga, CA 95070 Voice: 408-882-4755 Fax: 408-490-2868 Email: rberger () ibd com http://www.ibd.com "Software expands to fill the space available. If it didn't, it wouldn't be designed properly." - NATHAN MYHRVOLD explains Microsoft's design philosophy
Current thread:
- IP: Nice reporting on Wassenaar in Keith Dawson's TBTF Dave Farber (Dec 25)