John Gilmore on CSIS' Lewis anti-encryption,

[Dave Farber <dave () farber net>]

------ Forwarded Message
From: Declan McCullagh <declan () well com>
Reply-To: declan () well com
Date: Sat, 21 Sep 2002 08:46:37 -0700
To: politech () politechbot com
Cc: gnu () toad com, JALewis () csis org
Subject: FC: John Gilmore on CSIS' Lewis anti-encryption, privacy efforts

Previous Politech message:

"CSIS' James Lewis replies to Politech on WH cybersecurity report"
http://www.politechbot.com/p-04008.html

-Declan

---

Date: Sat, 21 Sep 2002 00:42:15 -0700
From: John Gilmore <gnu () toad com>
To: declan () well com, gnu () toad com
Cc: JALewis () csis org
Subject: Re: FC: CSIS' James Lewis replies to Politech on WH cybersecurity
report
In-reply-to: <5.1.1.6.0.20020920073027.01a88cb0 () mail well com>

Jim Lewis said:
> Declan: I actually think the National Strategy is very strong, but I
> question the heavy reliance on voluntary action and self-regulation.

Don't forget that Jim Lewis is the guy who headed the Bureau of Export
Administration sub-department that wrote and enforced the
unconstitutional regulations that prevented people from building
good security into their computer and communications products.

Perhaps he has learned just how much cyber security his previous
regime's censorship cost the US (and world society).  It took a
six-year court case, Bernstein v. US, that cost us (private sector
security & privacy activists) millions of dollars of work, to get him
to stop.  So that we in the private sector could merely be LEGALLY
ABLE to build decent security into our products, without being thrown
in prison for our efforts.  The case is still going on, because the
last regulations Jim promulgated before decamping to CSIS are STILL
torturous and unconstitutional.  See http://www.eff.org/bernstein/ and
http://cr.yp.to/export.html.

Hugh Daniel and I personally appealed a particular export decision, in
a room full of Commerce Dept lawyers and him.  Jim had decided that it
was illegal for Hugh to ship software for AUTHENTICATION -- proving
who you are, or that you are authentic -- because somebody, someday,
maybe, could potentially modify that software to hide information.
(Better Authentication is much of what we need to improve cyber
security.)  Jim's decision flew in the face of the explicit
regulations, that for many years had exempted Authentication software
from the controls that he was enforcing.  We argued to them that if
they made totally arbitrary decisions that ignored the printed
regulations, nobody would even bother to submit crypto products to
them -- we might as well ask for foregiveness as permission, if both
are arbitrary.  I think the phrase "Rule of Law" was uttered at least
once.  They ultimately ignored us, and (months later) told us we
couldn't export it anyway.  Hugh and I were trying to make the Domain
Name System secure, an effort that has still never been accomplished,
thanks to the opposition from Jim, and from a few other people with
their own crazy axes to grind.

Building even the half-decent level of computer security we have today
took thousands of other peoples' work too.  Phil Zimmermann's
courageous activism, in the face of Jim's attempt to indict him on
Federal crimes.  Millions spent on lobbying by commercial
firms who merely wanted to ship secure computer products.  The
Netscape crew put strong crypto into their product, navigating the
perilous export bureacracy so that we U.S. customers could actually
get a copy of it, thus bringing us secure web transactions instead of
the bogus security that prevails to this day in telephony (including
cellular) and wireless (including 802.11 WiFi).  Many foreigners, from
Australia to Finland and everywhere in between, contributed working
crypto that has become the backbone of security on the Internet.  All
of this happened DESPITE Mr. Lewis's fervent opposition.

[Of course, the reason Jim Lewis opposed all of this good security is
because his collaborators in the NSA and FBI wanted the physical
capability to wiretap *everyone* illegally.  In the last year even the
secret FISA wiretap court has thrown up its hands, tossed aside its
20+ years of secrecy, and announced, "These guys are totally blowing
the Constitution."  See
http://www.aclu.org/issues/privacy/FISA_feature.html and
http://www.eff.org/Privacy/Surveillance/20020919_eff_FISCR.html ]

I wouldn't put much faith in what Mr. Lewis has to say on the topic of
cyber security.  He knows how to drive us, with the biggest whips
possible, in the exact wrong direction.

    John Gilmore


-------------------------------------
You are subscribed as interesting-people () lists elistx com
Archives at: http://www.interesting-people.org/archives/interesting-people/