Exportable cryptography will be weaker than some threshold, and many
of us will demand stronger cryptorgraphy for non-exportable systems.
I wish you weren't so negative about our chances to have the export laws
made sensible. [pause while people laugh] Isn't it about time for our laws
to allow export of any crypto up to the strength of what can be purchased
(or acquired for free) in the country of destination? For example, PGP is
available almost everywhere. So are DES subroutines, from which a
programmer could build up a 25x DES chain, if she so chose.
I would rather we write to the NIST tomorrow in response to their request
for comments on export regulations than assume that we'll forever have
trouble exporting cryptography less powerful than what can be had for free
over there.
- Carl
Oh, well, I ALMOST made it through this series without responding - you
got me.
I don't think that this is a NIST or NSA issue. No one (including Ms.
Anonymous or Mr. Well-Informed-Source) whom I have spoken to at either
of these agencies believes that there is any national security impact
to exporting the common encryption technologies. Heck, I have had
foreign gov'ts suggest that we include hooks for "compression" routines
so save space on their backup media - yes, even they know how to ftp to
the Usenet source server in the UK ...
We are fighting the law enforcement authorities who are (validly -
wait! read on) concerned about criminals being able to encrypt records
simply on open systems and make investigations difficult. Our own FBI
is very strongly into this approach. What they (the law enforcement
agencies) apparently don't realize is that drug dealers and money
launderers can readily afford to hire any one of 10,000+ young people
who can add encryption to the criminals' systems anywhere in the
world. What the law enforcement agencies don't seem to care about is
the honest businesses (international or otherwise) which suffer tens of
billions of dollars in losses annually because we, the vendors, can't
put reasonable protection mechanisms into our standard products.
The correct approach, IMHO, is to go to your Congressional
representatives and ensure that they understand that US companies are
losing market share and technology leadership - that their constituents
are losing income and might get mad at the Congressperson and not
re-elect them! Heavens! That's real motivation for action! No amount
of rational talk amongst techies will solve this problem in a political
environment such as we have (where "we" applies to any place on this
earth).
--
Jon F. Spencer spencerj(_at_)dg-rtp(_dot_)dg(_dot_)com
(uunet!dg-rtp.dg.com!spencerj)
Data General Corp. Phone : (919)248-6246
62 T.W. Alexander Dr, MailStop #6 FAX : (919)248-5942 [FAX]
Research Triangle Park, NC 27709 Office RTP 116/3, MS #6
Reality is an illusion - perception is what counts.
"I don't practice what I preach because I'm not the kind of person
I am preaching to!" -- Bob Dobbs in Newsweek