[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: yellow journalism and Encryption
On Mon, 7 Oct 1996, Vinnie Moscaritolo wrote:
> The following is an example of the asswipe media's attempt to write about
> encryption.
>
>
> http://www.sfgate.com/cgi-bin/examiner/article.cgi?year=1996&month=10&day=06&art
> icle=BUSINESS2814.dtl
Did I miss something?
Of the many columns and articles I've read recently, this is one of the
best and most concise so far. Compare it to, say, the "Netly News" column
jya posted earlier.
> At stake in the policy battle are software exports worth millions, Fourth
> Amendment rights Americans have enjoyed for centuries, and innocent lives
> that the good guys say might be saved if they're able to keep snooping on
> the bad
> guys.
What export controls have to do with keeping an eye on "the bad guys" no one
really knows. Unless the intent is control of domestic encryption of course.
The only major point that I see missed is the key size limitation
of 56 bits and the nature of the agreement itself to extend or rescind
export licenses based on a future key recovery plan which satisfies government
officials.
Fifty-six bits is simply not secure. Abate missed this fundamental point.
Furthermore, that the only way for individuals and companies to maintain
security for "the bad people(including governments)" is through secure,
virtually unbreakable (large key length) encryption. A back door and a
relatively pitiful key length limitation provide no real security.
Furthermore, the agreement itself for 2 year conditional licenses is
curious. There are many obvious questions. What will satisfy the
government or is this just a ruse? Are import restrictions the next step?
The whole nature of the compromise is very strange indeed and I would be
most interested to find out the thinking behind it.
> "Wiretapping is the main issue," said Stewart Baker, former general counsel
> of the National Security Agency, the CIA's code-breaking and eavesdroping
> cousin.
This seems like a statement that would have come from the other side of the
debate.
> Exports are the odd piece in this policy puzzle. The U.S. government has no
> authority to regulate secret codes within U.S. borders. But a law passed
> after World War II put secret codes in the same category as munitions,
> products that
> cannot be exported without a license.
>
> The government has used this export-licensing authority to indirectly
> control code-making software here. Most high-tech firms are unwilling to
> sell two sets of encryption products, one full- and the other
> half-strength, so they have
> sold weak encryption products everywhere.
While this may seem obvious to those who have watched and studied the issue
for years, the layman reading Abate's column gets a distillation of the
issue that I have not seen in other popular media.
In just two paragraphs, he explains to the unitiated reader the origin and
authority behind export controls on encryption as well as their usage by the
government to control local creation of encryption -- a point that is
almost always missed.
> To give investigators the keys to every code might be too much temptation
> and a threat to civil liberties. To deny
> investigators the keys may handcuff them in the fight against increasingly
> sophisticated and deadly forms of crime.
Is this the statement which bothers you? I simply read it as a summary of
both sides of the debate not as an opinion statement
_______________________________________________________________
Omegaman <mailto:[email protected]>
PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2
59 0A 01 E3 AF 81 94 63
Send e-mail with "get key" in the "Subject:"
field to get a copy of my public key
_______________________________________________________________