[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Dr. Dobb's Editorial

To: [email protected]
Subject: Dr. Dobb's Editorial
From: [email protected]
Date: Fri, 12 Nov 1993 19:06:31 -0800
Comments: This message was anonymously remailed. Do not reply to the address in the From: line, unless you wish to report a problem. Thank you.
Remailed-By: [email protected]
As mentioned, the December, 1993 issue of Dr. Dobb's Journal has an
excellent editorial about the government investigation of PGP export
and the general crackdown on cryptography.  This issue also includes
an article by Bruce Schneier describing the IDEA encryption algorithm.
As usual with DDJ, source code is included: IDEA.C, apparently based
on PGP source.

Dr. Dobb's has published encryption source before.  A few months ago
there was an article by Burt Kaliski of RSADSI on using Montgomery
multiplication to speed up an RSA implementation.  Earlier there was
an article on the (patented) Lucas public-key system.  Both articles
had source.  No doubt there have been others as well.

Here is the text of the editorial:

    Cryptography is like one of those West Virginia subterranean fires
    that smolder along coal seams for months before flaring up above
    ground.  The current flame along the encryption firing line involves
    a pair of Federal grand jury subpoenas handed out to distributors of
    Phil Zimmermann's PGP ("Pretty Good Privacy") message signature and
    privacy software.

    Earlier this fall, the Austin Code Works (a Texas software distributor)
    and ViaCrypt (a Phoenix cryptography-tool developer) were slapped with
    demands to produce contracts, payments, correspondence, and related
    information concerning their international distribution of PGP and
    RSA cryptography source code.  Neither company was told why they must
    turn over this information, nor were they given any indication of when
    or what the next shoe to drop might be.

    For the past year Code Works has been selling Grady Ward's Moby Crypto,
    a collection of crypto software that includes PGP, RSA, MD4, DES, and
    the like.  Although not mentioned in the subpoena, Code Works has also
    been separately selling a DES encryption and decryption software
    package.  For the time being, both have been removed from Code Works'
    shelves.  ViaCrypt, on the other hand, licensed PGP from Zimmermann,
    combined it with ViaCrypt's DigiSig+ cryptographic engine, and released
    a toolkit called "ViaCrypt PGP," the first commercial PGP-based package.
    Interestingly, ViaCrypt is also a sublicensee of RSA public-key
    encryption from Public Key Partners, holder of the RSA patent and a
    big-time competitor and long-time critic of PGP.

    Ostensibly, the subpoenas are part of a U.S. Customs investigation into
    the export of PGP.  (A letter the State Department's Enforcement Branch
    fired off to the Code Works begins with, "It has come to the attention
    of this office that your company is making cryptographic source code...
    available for commercial export....")  State Department regulations
    lump cryptographic software with munitions and weapons, making it
    subject to export licenses as per International Traffic in Arms
    Regulation guidelines.  However, Code Works' current advertisements
    clearly state that both Moby Crypto and DES Encryption are "not for
    export," and ViaCrypt says sales are made "export regulations permitting."
    In short, there's no indication that either company has exported crypto
    software, leading you to believe that the investigation is really nothing
    more than a fishing expedition.

    The timing is curious, considering that the Clinton administration views
    many high-tech export rules as antiquated Cold War laws that hinder
    U.S. trade.  Consequently, the administration is rethinking export laws
    so that U.S. manufacturers can more easily export communications and
    other high-tech equipment - what's protected today may be fair game in
    a few months.  Of course, the government also wants to make it harder
    to sell high-tech military equipment to renegade countries.  Unfortunately,
    cryptography has a foot in both military and civilian communications camps.

    Neither the Code Works nor ViaCrypt had anything to do with developing
    PGP.  You could even argue that Zimmermann really isn't the "author" of
    the software.  True, he did write Version 1.0, but subsequent editions
    (2.3 is the current release) are the contributed efforts of U.S. and
    non-U.S. programmers who've created what's been described as the
    strongest, easiest-to-use encryption utility available to the public in
    source form.  There's no question that PGP was exported, but neither is
    there a hint that Zimmermann shipped it overseas.  He assiduously
    avoided the chance of _his_ exporting PGP, to the point of having other
    people upload the software to the nets.  The bottom line is that PGP
    was legally on the net and anyone with a PC and a modem could have
    moved it across international borders - just as with DES, which has
    been on the nets and authorized by the government for more than a decade.

    Still, you have to wonder why the government is taking action now.  PGP
    has been around for a couple of years.  Maybe the Feds are upset that
    Zimmermann's encryption scheme is good - PGP is thought to be stronger
    than DES, the NSA and FBI reportedly can't crack it, and the thought of
    publicly available cryptography scares the dickens out of them.  Or
    maybe the announcement of a commercial PGP-based application finally
    hitting the shelves prompted PGP's competitors to lean on the government.
    We just don't know, and the Feds aren't talking.

    The government is struggling to cope with a changing world, one in which
    technology has altered many of the old rules.  Regulations, written for
    a paper-based society, aren't adapting well to digital reality.
    International electronic networks make it hard to control software
    distribution and information dissemination.  Like wildfire, bank transfers
    and e-mail are circling the globe unfettered - and encryption is keeping
    secret the contents of these communications.  But the means by which
    Washington is attempting to maintain control over cryptography is, in
    the long run, injurious to us all.  From a business perspective, these
    tactics hobble U.S. companies from competing internationally.  More
    importantly, the First Amendment guarantees us the right to speak in
    an encrypted way and insidious attempts to douse public access to
    cryptography, cloaked under the guise of software-export investigations,
    appear to stifle those rights.

    Jonathan Erickson
    editor-in-chief
Prev by Date: LAW: Wireless interception
Next by Date: Re: Fractal cryptography
Prev by thread: Re:Bandwidth limitations, DNA binary coding
Next by thread: random dot stereo benefactor
Index(es):
- Date
- Thread