[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: So, what crypto legislation (if any) is necessary?



At 11:11 AM 3/26/96 -0500, Adam Shostack wrote:
>Timothy C. May wrote:
>
>| My point is that I see no compelling legislation that is needed. If enough
>| people in Washington really want increased length in _exported products_
>| (remember the "exported" part), the Congress and the President should find
>| it easy enough to get said products on to the Approved List. (I note that
>| the Leahy Bill really doesn't change this system anyway...some products go
>| on the list, some don't...the law only seems to say that when the horse has
>| already left the barn, i.e., when "comparable" products are already in
>| fairly wide use outside the U.S., then the products should be put on the
>| approved list. Big deal.

>	I'm forced to disagree on this point.  I think that the
>comparable product has the potential to be a very big deal; it means
>that any product using IDEA or 3DES may become exportable, because
>such products are available outside the US.
>
>	It may be that wide use will be quibbled over, but DES, weak
>as it is, is widely used outside the US, and IDEA and 3DES will be.
>Thats why this legistlation will fail to pass.

I think Tim already pointed out that the danger in this kind of conditional 
approval is that it would be used to restrict export of new _usages_ for 
cryptography based on their "political correctness" quotient, rather than 
simply on the basis of level of security (length of codes.)   In other 
words, just because a program used 3DES or IDEA would not automatically make 
it exportable.  This may sound pessimistic, but unfortunately pessimistic 
turns into "accurate" far too often.

Far more acceptable (and useful to us)  would be a rule which would mandate 
the government's allowing the export of any program that had, say, the key 
security provided by IDEA or less, regardless of what it did with that 
encryption.  (Not that I want _any_ restrictions; it's just that such a 
limit would make it impractically large to attempt to crack.)

Jim Bell
[email protected]