[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
spook pressure on crypto exports (was Re: cypherpunks coding challenge)
(cc'd to a couple of people who's name is mentioned in second half)
Bill Stewart <[email protected]> writes:
> Tim May <[email protected]> writes:
> >Not to be tedious about this, but why would "lines of code" be an
> >interesting metric?
>
> Yeah - I was thinking of the following entries:
> Adam Back RSAperl 4 lines
> Adam Back et al. RSAperl 2 lines
>
> I don't think anybody's made a T-Shirt with SSLeay on it yet :-)
:-)
> (Though actually SSLeay has been very useful to a lot of the
> world's free cryptography, and has prompted the US spooks
> to pressure the Australian spooks into restricting crypto exports,
> just as they've pressured the NZs into restricting them for
> Peter Gutman, and have been trying to work on the Irish...)
Could you elaborate on these. I caught Peter Gutmann's comments on
the hassles a company he did some work for were having with the NZ
spooks. (The spooks intercepted their mailed disk, plus some other
cloak and dagger spookish stuff). Is this still going on, was it ever
resolved? Can the next version of cryptlib be exported legally? Or
are we relying on Peters bravery?
I remember vaguely some announcments about Australia. Has Eric said
anything on this, has anything been enforced, is it legal to export
SSLeay from down under?
Ireland is new to me. What's their problem? Who's exporting things
to attract spook export attention over there? (There are quite a lot
of high tech companies over there, it's a sort of Euro silicon valley,
mostly due to tax breaks, 10% corporation tax, etc).
Btw, the UK has it's own problems also. You can export whatever you
want in `intangible form', but to post something in a tangible form,
such as perhaps a CD (or a perl-rsa T-shirt?) you need permission from
DTI in consultation with GCHQ. There are several forms of license you
can get depending on what GCHQ think of your product and of you
politically. These vary between getting a license to export pretty
much anywhere except embargoed countries (Iraq, China, etc) without
further hassle, to having to ask for export permission on a case by
case basis, going down to permission for repeat exports to the same
customer. The heuristic by which permission is handed out is nearly
impossible to extract from the beaurocrats/spooks. (Give us
protocols, and a customer, and we'll tell you.)
I have it unofficially from the hosses mouth that if you make use of
the intangible export loophole, that it might "reduce" your chances of
getting permission to export tangibly.
I thought Ireland was similar, being based on European legislation,
though perhaps with less of an axe to grind than GCHQ, being as GCHQ
(CESG) are the authors of the euro GAK, (CASM/Cloud Cover/Royal
Holloway TTP scheme) and the TTP paper which caused a fuss last month.
Adam
--
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`