From: fc@all.net (Dr. Frederick B. Cohen)
Date: Fri, 28 Jul 95 07:07:28 PDT
To: meredith@ecid.cig.mot.com (Andrew D Meredith)
Subject: Re: Hooks to Crypto
In-Reply-To: <9507281450.ZM15992@jurua.sweng.ecid.cig.mot.com>
Message-ID: <9507281401.AA26689@all.net>
MIME-Version: 1.0
Content-Type: text


...
> > because people in the US aren't willing to risk jail for over their
> > right to do it.  The only court case I am aware of was the RSA case
> > and in that one, the courts ruled against the NSA - but in today's
> > political and economic environment, people who do cryptography
> > don't want to risk it.
> 
> Judging by the PZ case, I can't say as I can really blame them. it
> would be better of course if they would go for it, but ...

In my case, I just opted to moving my crypto business outside the US. 
This is the real result of the crypto policy.  The US is falling behind
the rest of thew world in crypto R+D.  For example, two good crypto
packages for the Internet have been released in the last few months.  I
was engaged in a similar project in the late 80s but abandoned it
because I couldn't export, so the market would not justify the work. 
Now it is owned by people in EC and Australia who are generous enough to
allow those of us in the US to use them.

Of course, I can't post them in info-sec heaven because even imported
crypto software may not be exported, and I cannot adequately detect the
difference between a foreign person using a US site to get the
information and a legitimate US site getting the information for itself. 
In other words, the policy prevents US firms from having better Internet
resources in the info-sec arena.

...
> This would infer that anything that can cause information to be piped
> out to a package and then the result sucked back in would fall into
> this category.

Right - in other words, nothing can be exported if it produces output
and takes input.  The point is, they want a way to arrest people who are
doing something they don't like.  Philo Zimmerman would almost certainly
win if they ever took him to court, but by harassing him in this more
subtle way, they destroy the impact of PGP in the marketplace, get MIT
to support an official (and perhaps customized for the NSA to have weak
keys) version, and prevent others from following in Phil's footsteps. 
So the strategy works until some brave person risks enough top get past
it.

...
> 1 - Find yourself a tenuous link with some Psycho-Baby-Killer group.
> 2 - Start a "This must be stopped" campain.
> 3 - Propose the "Internet Pornography Act"
> 4 - Shove it through before anyone can get together enough
>     opposition to get it squashed. (and that would have to be a
>     GREAT DEAL of opposition).
> 
> That's how they did the "Criminal Justice Act" which breaks both
> European and International law in a great many places. That's how
> they'll do the "Internet Pornography Act". It'll be just loose enough
> to include just about anything they want it to.

All true, but as the saying goes:

Representative democracy is a terrible form of government,
but every other form of government we know of is even worse.

-- 
-> See:  Info-Sec Heaven using our New Super Secure World-Wide-Web Server
-> Free: Test your system's security (scans deeper than SATAN or ISS!)
---------------------- both at URL: http://all.net ----------------------
-> Read: "Protection and Security on the Information Superhighway"
	 John Wiley and Sons, 1995 ISBN 0-471-11389-1, 320 pp, $24.95
-------------------------------------------------------------------------
   Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236