From: anonymous@extropia.wimsey.com
To: cypherpunks@toad.com
Message Hash: 776c67001a5161900dca664ff5d0e3bc959d07a045f3259f91c036ba7750b0b4
Message ID: <199311130306.AA20780@xtropia>
Reply To: N/A
UTC Datetime: 1993-11-13 03:29:41 UTC
Raw Date: Fri, 12 Nov 93 19:29:41 PST
From: anonymous@extropia.wimsey.com
Date: Fri, 12 Nov 93 19:29:41 PST
To: cypherpunks@toad.com
Subject: Dr. Dobb's Editorial
Message-ID: <199311130306.AA20780@xtropia>
MIME-Version: 1.0
Content-Type: text/plain
As mentioned, the December, 1993 issue of Dr. Dobb's Journal has an
excellent editorial about the government investigation of PGP export
and the general crackdown on cryptography. This issue also includes
an article by Bruce Schneier describing the IDEA encryption algorithm.
As usual with DDJ, source code is included: IDEA.C, apparently based
on PGP source.
Dr. Dobb's has published encryption source before. A few months ago
there was an article by Burt Kaliski of RSADSI on using Montgomery
multiplication to speed up an RSA implementation. Earlier there was
an article on the (patented) Lucas public-key system. Both articles
had source. No doubt there have been others as well.
Here is the text of the editorial:
Cryptography is like one of those West Virginia subterranean fires
that smolder along coal seams for months before flaring up above
ground. The current flame along the encryption firing line involves
a pair of Federal grand jury subpoenas handed out to distributors of
Phil Zimmermann's PGP ("Pretty Good Privacy") message signature and
privacy software.
Earlier this fall, the Austin Code Works (a Texas software distributor)
and ViaCrypt (a Phoenix cryptography-tool developer) were slapped with
demands to produce contracts, payments, correspondence, and related
information concerning their international distribution of PGP and
RSA cryptography source code. Neither company was told why they must
turn over this information, nor were they given any indication of when
or what the next shoe to drop might be.
For the past year Code Works has been selling Grady Ward's Moby Crypto,
a collection of crypto software that includes PGP, RSA, MD4, DES, and
the like. Although not mentioned in the subpoena, Code Works has also
been separately selling a DES encryption and decryption software
package. For the time being, both have been removed from Code Works'
shelves. ViaCrypt, on the other hand, licensed PGP from Zimmermann,
combined it with ViaCrypt's DigiSig+ cryptographic engine, and released
a toolkit called "ViaCrypt PGP," the first commercial PGP-based package.
Interestingly, ViaCrypt is also a sublicensee of RSA public-key
encryption from Public Key Partners, holder of the RSA patent and a
big-time competitor and long-time critic of PGP.
Ostensibly, the subpoenas are part of a U.S. Customs investigation into
the export of PGP. (A letter the State Department's Enforcement Branch
fired off to the Code Works begins with, "It has come to the attention
of this office that your company is making cryptographic source code...
available for commercial export....") State Department regulations
lump cryptographic software with munitions and weapons, making it
subject to export licenses as per International Traffic in Arms
Regulation guidelines. However, Code Works' current advertisements
clearly state that both Moby Crypto and DES Encryption are "not for
export," and ViaCrypt says sales are made "export regulations permitting."
In short, there's no indication that either company has exported crypto
software, leading you to believe that the investigation is really nothing
more than a fishing expedition.
The timing is curious, considering that the Clinton administration views
many high-tech export rules as antiquated Cold War laws that hinder
U.S. trade. Consequently, the administration is rethinking export laws
so that U.S. manufacturers can more easily export communications and
other high-tech equipment - what's protected today may be fair game in
a few months. Of course, the government also wants to make it harder
to sell high-tech military equipment to renegade countries. Unfortunately,
cryptography has a foot in both military and civilian communications camps.
Neither the Code Works nor ViaCrypt had anything to do with developing
PGP. You could even argue that Zimmermann really isn't the "author" of
the software. True, he did write Version 1.0, but subsequent editions
(2.3 is the current release) are the contributed efforts of U.S. and
non-U.S. programmers who've created what's been described as the
strongest, easiest-to-use encryption utility available to the public in
source form. There's no question that PGP was exported, but neither is
there a hint that Zimmermann shipped it overseas. He assiduously
avoided the chance of _his_ exporting PGP, to the point of having other
people upload the software to the nets. The bottom line is that PGP
was legally on the net and anyone with a PC and a modem could have
moved it across international borders - just as with DES, which has
been on the nets and authorized by the government for more than a decade.
Still, you have to wonder why the government is taking action now. PGP
has been around for a couple of years. Maybe the Feds are upset that
Zimmermann's encryption scheme is good - PGP is thought to be stronger
than DES, the NSA and FBI reportedly can't crack it, and the thought of
publicly available cryptography scares the dickens out of them. Or
maybe the announcement of a commercial PGP-based application finally
hitting the shelves prompted PGP's competitors to lean on the government.
We just don't know, and the Feds aren't talking.
The government is struggling to cope with a changing world, one in which
technology has altered many of the old rules. Regulations, written for
a paper-based society, aren't adapting well to digital reality.
International electronic networks make it hard to control software
distribution and information dissemination. Like wildfire, bank transfers
and e-mail are circling the globe unfettered - and encryption is keeping
secret the contents of these communications. But the means by which
Washington is attempting to maintain control over cryptography is, in
the long run, injurious to us all. From a business perspective, these
tactics hobble U.S. companies from competing internationally. More
importantly, the First Amendment guarantees us the right to speak in
an encrypted way and insidious attempts to douse public access to
cryptography, cloaked under the guise of software-export investigations,
appear to stifle those rights.
Jonathan Erickson
editor-in-chief
Return to November 1993
Return to “anonymous@extropia.wimsey.com”
1993-11-13 (Fri, 12 Nov 93 19:29:41 PST) - Dr. Dobb’s Editorial - anonymous@extropia.wimsey.com