[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: What about PGP? (was Re: Leahy Bill a Move to Slow Crypto Exports as Much as Possible)




Mutant Rob writes:
>Timothy C. May wrote:
>> I think this is showing that one of the intended purposes of the Leahy bill
>> is to slow down exports of crypto for as long as possible, and then only to
>> grant export licenses when competition from abroad threatens to undo the
>> effects of the stalling process anyway.

I think this is somewhat skewed.  Let's look at our situation now:

	We don't get to export much crypto software.

The Leahy bill takes us to:

	We get to export lots of software that is "generally available",
	"in the public domain or publicly available", or if similar
	products exist already in other countries.  (That's a lot of
	stuff, but it's not the whole enchilada.)

We want to be at:

	We get to export all crypto software. (I mean legally; I think
	we all know that export controls don't work against someone with
	enough brains to post news, send mail, or use ftp)

This is a pretty good improvement in the situation, and will hopefully
pave the way for the "whole enchilada".  It's not good strategy though
to criticize this because it's not the ultimate crypto bill.  Let's be
honest with ourselves here, this is Congress we're talking about and
this is a pretty bold step.  We need to educate them to see the facts
we understand so thoroughly: that crypto export controls do not work,
endanger our own requirements for confidentiality, and aren't helping
contain this technology in the rest of the world.

Forcing Congress to have this debate will lay bare these facts and
hopefully embarass the Administration for their absurd policy
approach on encryption.

They say that liberty is seldom lost all at once, but a little at a time. 
Regaining it is probably done this way as well.  In this case, the
Leahy bill gives us back a mouthful.

-S

>
>Hmmm.
>
>But what about the case of PGP? It's a relatively strong product, and
>an international version exists.  I'd guess that PGP 3.0 may implement
>other algorithms (PK and symmetric), and likely an international PGP3
>would follow... so how could the Commerce Dept rationalize not giving
>an export license to ViaCrypt?
>
>And would a similar, but non-compatible, utility that used RSA and/or
>IDEA, 3DES, etc. also be exportable? ...
>
-Shabbir J. Safdar * Online Representative * Voters Telecomm. Watch (VTW)
 http://www.vtw.org/ * Defending Your Rights In Cyberspace