[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Dorothy Denning attacks Leahy's crypto bill



Hey, wait, are Jim Bell and I supposed to be in fairly complete agreement
on something?  :-)
At 12:09 AM 3/20/96 -0800, jim bell <[email protected]> wrote:
>At 09:45 PM 3/19/96 -0800, Declan McCullagh wrote:
...
>>From: [email protected] (Dorothy Denning)

>"Far easier"?  That's an odd statement, because the export of encryption is 
>easy with or without restrictive laws.  How much trouble is a "criminal or 
>terrorist" going to risk by violating a few measly export laws?  

It probably would make it much easier for Designated Scary People to 
use crypto without having to take special precautions.  If IPv6 security
was part of the standard Microsoft Win2000 networking stack (ok, without major
botches, and with a convenient user interface :-), and PGPphone came on
the Soundblaster N+1 installation disk, all those tax-evaders and pharmaceutical
wholesalers and, and, and father-rapers could talk to their accountants in
private
and chat with each other about tax-evadin' and father-rapin' and _crime_,
and it'd be much harder to Federalize their money and arrest their clients.
And a lot of that probably won't happen if Microsoft and Soundblaster have to
make domestic and international versions of their software.

>>I am concerned that the proposed legislation responds only to a loud
>>cry for assistance and is not the reasoned and practiced position of
>>our multinational corporations.

Well, certainly not the position of MNCs who are big players in the
military-industrial complex.  But what's this _our_ terminology?
In particular, cryptography offers the only technical defense against the
ability of computers to centralize and correlate information from many sources,
which is one of the primary threats to personal privacy today,
and MNCs are generally supportive of centralizing any information they can.

>> At the International Cryptography
>>Institute, which I chaired in September 1994 and 1995, our discussions
>>did not find that this unrestricted distribution of encryption
>>technology was required to satisfy business objectives. 

Well, I'd expect not.  It wasn't exactly an unbiased crowd; there were a 
couple people there on Our Side, but it was largely people who agreed
with Dr. Denning on the political objectives, and the business contingent
included companies like TIS which _sell_ so-called escrow software.

>

>Notice that we've already established that this bill in no way produces an 
>"unrestriction distribution of encryption technology."  Wish it did, but it 
>doesn't.
Yeah.


>>The Commerce/NSA study did acknowledge that the existence of foreign
>>products claiming strong encryption could have a negative effect on
>>U.S. competitiveness.  However, by allowing encryption services to be
>>sold separately from the applications software that uses them, CAPIs
>>will make it extremely unlikely that general-purpose software will be
>>substantially effected by export controls.

Which side is Dr. Denning _on_ here?  At present, software using CAPIs
is not exportable under the ITAR, since the CAPI is a "component of a 
munitions system"; is she now advocating legalized export of software
using government-approved CAPIs only?  


>Notice that she seems to be making policy for the government, yet again.
She seems to have been the big public advocate of it for years....


>>Export controls are often blamed for the lack of security in our public
>>infrastructure. 

Sure - the fact that Microsoft Office built-in file protection
isn't even up to RC4/40 standards isn't primarily the fault of export controls,
but the lack of a clearly defined official export standard doesn't _help_ them
make a business case for including good encryption.


>>Encryption policy is a difficult and often emotional issue. 
>
>It's only emotional because of malicious and counter-productive efforts by 
>government, and government suck-ups like Denning.

She certainly hasn't helped, and she's aided and abetted and provided
assistance to the folks like Freeh who want to stop free speech and privacy,
but it's also emotional because many of us really don't want our privacy
compromised and our freedom of speech restricted.  The Bill of Rights
isn't perfect, but it's far better than what the government is using today,
and it's got provisions like the 9th and 10th amendments to remind readers
that it's just a set of examples of civil rights, not an exhaustive inventory.



>>I will be pleased to meet with you and the committee for comment and
>>questioning, or to assist in any way I can with the development of a
>>balanced approach to encryption legislation.

I've always enjoyed discussing issues with people who offer an
outrageously extreme set of proposals, then back off to a still offensive
level and call it "balanced".  The status quo already gives too much 
effective power to the government, and she's proposing to give in
where it the alternatives are unenforceable and strenghten her position
where there's new power to be seized.
#--
#			Thanks;  Bill
# Bill Stewart, [email protected], +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissible."  - US government statement on China...

"SigFiles of Unusual Size?  I don't believe they exist!"