Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Crypto export politics - trade, control, mindshare or simply irrelevant?

By new500 in News
Tue Jun 06, 2000 at 05:12:03 PM EST
Tags: Security (all tags)
Security

The US might considerably loosen strong crypto export (Wired News) following their initial protestations (Heise.de coverage) concerning similar EU plans unveiled, legislation for which may be decided upon June 13 - next week - following an interim delay.

The actual motivation for these developments can be unclear. I don't think we can expect governments to be transparent in their discussions, as the issues are multiple and the influences and concerns deep seated. What follows is my connected thought and the questions these developments raise for me . .


Strong crypto is in quite wide circulation. One might (theoretically) just download PGP6 via a US proxy, for example. Sun Micro sourced their crypto algorithms in Europe to circumvent US munitions policies. Specifically from Elvis+ Co., a Russian company.

AFAIK what the EU is talking about is not bothering to monitor what or where you export, unless its to Iraq or a shortlist of nation states considered volatile or a threat.

This provokes a thought - under NATO and the cold war, technologies were developed and deployed to maintain ideological hegemonies as equally their stated purpose : security.

Now, if you allow that the uptake of commercial software and its use is a function of marketing and adspend, and its implementation associated with FUD with regards trade security and flows (should a UK company be forced to default to weak keys to transact online with a US company e.g.?), are we experiencing technolgies as the de facto tool in grabbing commercial and international mindshare? (As with the central capitalist tenet "let capital and ideas flow and capitalism will flow with them")

Some existing and implicit arguments are posturing. "See our strong keys and weep - you'll never crack them. We (US / EU economies) are on top, follow our moves".

But equally it is hard to explicitly trust a government (NSA or GCHQ) involvement in the export qualification process.

Some Novell keys have been estimated to be weakened on export, or deliberate backdoors. So no doubt the successors of Bletchley might request or insist upon the same.

From what I can find out, the EU is suggesting governments "get out of the loop" as much as is possible. Only no sales to Mr. Saddam.

But where in all this is clarity for the users, the sysadmins, the officers of companies responsible to users and trade counterparties?

How often do users get the chance to view and analyse commercial source, and how much trust can be placed in either EU or US bodies if they do say they will step aside?

If you've been forced to use crippled products, what were your experiences?

And finally, since much lobbying has been done by commercial interest groups claiming freer crypto will aid export sales, will you change your buying habits? Personally? Company wide?

As a postscript and to wrap up some looser ideas from earlier (and maybe promote an optional simultaneous thread) I'd like to add this :

SMCC Inc can't export munitions so buys them from the Russians (a furtive exchange is rumoured to have taken place in the Intourist Hotel Moscow where I once stayed) - a elegant and even symbolic circumvention. Without doubt technologies have been spurred on by Cold War fears (howsoever founded, funded, or kept still under wraps).

But now, in the absense of Red Terror, the only part of the world which seems as remote and poorly understood as maybe was the USSR, is the Islamic nations, in particular maybe the Arab states, or in total roughly half us human beings. Since the word "algorithm" derives from a Persian man called al-Khwarism, is anyone aware of developments in crypto use in the Muslim world, particularly the Arab states?

Might a US - EU bilaterality of interest with crypto be prepared to lock out a culture even further distant from those of the Soviet Union? And who would break the export rules, or circumvent them to trade with a post - Saddam Iraq, or more liberal Iran?

[ Following comment and much welcomed advice from two more experienced users, this story has been re composed. ]

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o loosen strong crypto export
o (Wired News)
o initial protestations
o (Heise.de coverage)
o Also by new500


Display: Sort:
Crypto export politics - trade, control, mindshare or simply irrelevant? | 14 comments (14 topical, editorial, 0 hidden)
Hrm, very nicely done, this one is ... (none / 0) (#1)
by SgtPepper on Tue Jun 06, 2000 at 02:00:22 PM EST

SgtPepper voted 1 on this story.

Hrm, very nicely done, this one is much better, perchance next time do this from the start? I vote for this one because it is better, not because the other one was bad. Also, the idea that math can be locked in and not exported is just ludicrous, if one person can do it, any body can do it. Cryptography should be an international exercise. The keys should be considered National Security however.

as far as concerns about government... (none / 0) (#2)
by captain larry on Tue Jun 06, 2000 at 02:29:07 PM EST

captain larry voted 1 on this story.

as far as concerns about government tampering with export crypto, this is where open source has a chance to shine. maybe we can finally get s/wan into the standard linux kernel and ssl into sendmail and apache (etc).
-- Computers are useless. They can only give you answers. - Pablo Picasso

This is much better than the other,... (none / 0) (#3)
by Rasputin on Tue Jun 06, 2000 at 02:48:34 PM EST

Rasputin voted 1 on this story.

This is much better than the other, but I guess now we have to ask Rusty to make the first attempt go away ;)
Even if you win the rat race, you're still a rat.

Re: This is much better than the other,... (none / 0) (#9)
by new500 on Tue Jun 06, 2000 at 05:45:22 PM EST

Yeah, good thing it did go away. That one'll take some living down - excuses elsewhere :^)


== Idle Random Thoughts. Usual disclaimers apply. ==
[ Parent ]
Much better than the earlier story ... (none / 0) (#5)
by El Volio on Tue Jun 06, 2000 at 02:54:39 PM EST

El Volio voted 1 on this story.

Much better than the earlier story on this same topic.

Excellent writeup. ... (none / 0) (#6)
by maynard on Tue Jun 06, 2000 at 03:12:32 PM EST

maynard voted 1 on this story.

Excellent writeup.

Read The Proxies, a short crime thriller.

Is it just me, or is the logic flow... (none / 0) (#4)
by genehack on Tue Jun 06, 2000 at 03:27:08 PM EST

genehack voted -1 on this story.

Is it just me, or is the logic flow in the write-up extremely difficult to follow?

Re: Is it just me, or is the logic flow... (none / 0) (#7)
by Pseudonymous Coward on Tue Jun 06, 2000 at 05:36:38 PM EST

Hi, John!

It's not just you. I noted (and voted) this problem in a previous version of this article which I found in the submission queue this morning. This write-up is actually much improved from that version which seemed to have been babelfished between three languages before landing in English.

You're not at all alone in your confusion.

(that indirection guy)

[ Parent ]

Re: Is it just me, or is the logic flow... (none / 0) (#10)
by new500 on Tue Jun 06, 2000 at 05:52:37 PM EST

Sorry guys. Excuses in no particluar order : newbie ; hangover ; couldn't get a spare moment 'till late today (hence new version).

Thanks to SgtPepper and Magenta for their constructive critisicm earlier. 'tho what spurred the re hash was in no small part your comment I might not be english speaking! :)

my accent's become indecipherable too. years of working with guys and gals non 1st language english tuned mine pidgeon non? :) Aw heck, am I forgiven? I tried . . . . .


== Idle Random Thoughts. Usual disclaimers apply. ==
[ Parent ]
Re: Is it just me, or is the logic flow... (none / 0) (#11)
by Pseudonymous Coward on Tue Jun 06, 2000 at 06:25:53 PM EST

No need for apologies; I think both John's and my (original and subsequent) comments were offered in a constructive spirit if not necessarily in the gentlest way. You've obviously got something to say, and I'd like to see it presented in the best possible light -- both for my/the readers' sanity as well as for the quality of k5 in general.

At least you've submitted an article! That's more than I've managed to do so far (since everything I've intended as k5 submission is at most half-written).

Keep 'em coming and I'll keep reading.

[ Parent ]

Re: Is it just me, or is the logic flow... (none / 0) (#12)
by new500 on Tue Jun 06, 2000 at 06:45:14 PM EST

"Keep 'em coming and I'll keep reading."

Sounds like a good arrangement.

Hey, if someone posts a link to this on slashdot for a story . . .[stop that thought - Conscience]

anyways looking forward to some comment from those who didn't vote earlier :)


== Idle Random Thoughts. Usual disclaimers apply. ==
[ Parent ]
Associated links and reference (4.00 / 1) (#8)
by new500 on Tue Jun 06, 2000 at 05:37:05 PM EST

Here are some links I think are relevant or useful. Unfortunately I didn't have the time to put them in the original story but some of you already know my excuses :)

A survey of international encryption policy by the Electronic Privacy Information Centre Washington

EU reports on interception capabilities

European Commission DG for Information Security mission statement

a speech by Commissioner Erkki Liikanen, European Commission

and another speech by Liikanen


== Idle Random Thoughts. Usual disclaimers apply. ==
To answer the question posed in the title: Irrelev (none / 0) (#13)
by PresJPolk on Wed Jun 07, 2000 at 04:43:53 AM EST

Gnu Privacy Guard, Free S/WAN, kerneli.org, and other open source projects all work to ensure than any nation's attempts to control the spread of privacy through cryptography will be ineffectual.

If a nation passes a bad law, then the software will be housed (on the internet) in a country without that law.

Until countries begin large-scale blocking and filtering (like the Great Firewall of China that has been proposed), the old adage that the internet routes around censorship still holds.

The market is a world market (none / 0) (#14)
by Anonymous Hero on Thu Jun 08, 2000 at 06:02:29 AM EST

The development of products is determined by the potential market for them. Thus for example the standadisation of GSM mobiles (this now includes some US PCS networks) means that the same product can be sold almoste anywhere in the world. This then drives the scale of the manufactors and the amount of efford put into development of products. The current GSM systems are based on 56 bit keys as this is the lowest common denominator allowed for export. The therotical cracking of the A5/1 algorithm highlights the vunerabiluity of this length of key. The standards for the next generation of mobiles are currently being developed by the 3GPP organisation. They are adopting 128 bit keys in the standard, somewhat in the face of current legislation (see Wassenaar Agreement) in the expectation that by the time the systems are developed the legislation will have cought up. Clearly the US leglisation is harming trade by all companies. As to wether it is harming US companies more than others is a more diffucult question.

Crypto export politics - trade, control, mindshare or simply irrelevant? | 14 comments (14 topical, 0 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!