From: nobody@cypherpunks.ca (John Anonymous MacDonald, a remailer node)
Date: Wed, 11 Dec 1996 23:23:02 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: New export controls to include code signing applications
Message-ID: <199612120712.XAA05665@cypherpunks.ca>
MIME-Version: 1.0
Content-Type: text/plain



At 8:31 PM 12/11/1996, Lucky Green wrote:
>In a way the new prohibition on exports of software that protects
>against malicious computer damage is even more far ranging.
>
>To quote again from the new list of enumerated items subject to
>export controls: "c.3. "Software" designed or modified to protect
>against malicious computer damage, e.g., viruses;"
>
>That includes every firewall product, every virus checker, every data
>security product, and this regardless if the product uses crypto or
>not. The new regulations go way beyond controlling crypto. The USG,
>in a massive power grip, has put data security as a whole on the
>export control list.
>
>One likely explanation for this unprecedented move is the USG's
>desire to gain further leverage with US software companies. If they
>don't include GAK, they not only won't export their crypto software,
>they won't export their other security related products either. Which
>may mean for some companies that they won't export anything at all.
>That would be a mighty big stick.

Another explanation is the USG's obvious interest in "infowar".  The
idea here would be that the US makes the best security tools and by
withholding them from the rest of the world, the US holds the
strongest hand in an "infowar".

Countries which the US wants to reward will receive "military
technology" to protect their networks, just as it does now with actual
weapons.

Just because this is totally insane doesn't mean they aren't thinking
about it.

However, all they will succeed in doing is greatly harming the U.S.
computer security business.  A few decades from now people will look
back on these policies in disbelief.

Milou