[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crypto Exports, Europe, and Conspiracy Theories



At 4:12 AM 1/25/96, Michael Froomkin wrote:
>On Wed, 24 Jan 1996, Timothy C. May wrote:
>[...]
>>
>> Specifically, I believe--though obviously cannot prove, given the nature of
>> time--that a cryptographically strong version of Netscape developed outside
>> the borders of the U.S. would not be freely importable into the U.S. I
>
>Nope. Nope. Nope. Nope.  Donuts to dollars that it's freely importable.

First of all let me say that I take no offense at Michael's "Nope. Nope.
Nope. Nope." opening. This is the kind of interesting debate we need to
have!

But let me address a specific question first:


>> don't know what form such a law would take, to answer the point raised in
>> another post by Peter Junger. Nor am I saying either State or NSA passes
>> the laws...the ITARs have worked largely because they have never been
>> challenged; if they were to be successfully challenged and stricken, as
>> even some folks inside the NSA think is likely if tested in a proper case,
>> then a Four Horseman-scared Congress will likely step in with some
>> restrictions.
>[...]
>
>OK, Tim, what am I missing?  How will Enhanced-crypto-Netscape match
>remailers for their ability to keep TLAs up at night?

Once one has good encrypted links, including access to a variety of
offshore sites,  remailers cannot be stopped. The TLAs may not like them,
and the courts may rule that a remailer site is strictly liable for
misdeeds which impinge on its remailers (I'm not convinced this is so, but
no matter), but what do U.S. courts have to say about Dutch remailer sites?
What will the Fifth Circuit be able to do to hactic.nl? Or chains of
remailers that pass through Norway, Japan, Estonia, Italy, and Lower
Slobovia?

We've already got that with PGP, of course, so it's to some extent moot.

All of the mentions recently about strong crypto built into Netscape,
Mosaic, AOL, etc., have to do with the _popularity_ and _ease of use_
issues, not the existence proof. That is, having strong crypto built in to
Netscape will not give us a capability we don't already have, just give it
to more people and more conveniently.

Back to the issue of remailers and anonymous servers as choke points. I
agree. These are the real threats to traffic analysis, which is of course
why I have so emphasized them in my own writings for so many years!!

I take it as a given that no remailer services will operate for profit,
publically, and with support built in to Netscape, at least not openly and
identifiably within the U.S....it is too controversial. (I don't mean that
most of the remailers are not U.S., now, I mean after the heat gets turned
up, after the next "Oklahoma City bomber" is found to have been
communicating with remailers! An awful lot of remailer sites will vanish
overnight. In act, evidence that remailers are being used may be
manufactured.)

Fortunately, and I keep coming back to this, the beauty of PGP is that the
encryption is in the text blocks within mailers, browsers, etc., and little
or no hooks to external programs are needed. (We often moan about this, and
wish for PGP 3.0 or 4.0 to have all kinds of hooks, but there is a certain
elegance about a text-block-centric program, with hooks made later on an ad
hoc basis....it is so terribly difficult to control what's in a text block
that suppression of PGP is very hard.)

--Tim May

Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
[email protected]  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."