[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Let's Say "No!" to Single, World Versions of Software
At 3:57 PM 7/30/96, Arun Mehta wrote:
>At 15:13 30/07/96 -0700, Timothy C. May wrote:
>>
>>It is imperative that Netscape, Microsoft, Qualcomm, and the other players
>>be pressured/urged/cajoled to commit to introducing strong, unescrowed
>>crypto for the *domestic* versions, even if not for export versions.
>
>I agree. Foreign buyers will look askance at software that is
>"second grade" in security terms, just so the US government can
>read their mail. This will encourage non-US software companies to
>fill the vacuum, and US companies will get pissed off and pull
>some strings in Washington.
Exactly.
Having a U.S. version, without any limits on crypto and without any
software key escrow (GAK), and then having a "for export" version, with
keylength limits and/or mandatory registration of keys with the U.S.
National Security Agency....
Well, what this would do is to basically drive sales of the "NSA" version
to near zero. Between customer distaste for an NSA version, I can imagine
many foreign governments not being too pleased to see this product being
used by its citizens.
(We've discussed this many times, since software key escrow came to our
attention in 1993. Imagine the reaction of the United States government if
American corporations adopted a French software product which automatically
gave access to American trade secrets to DGSE ( Direction Generale de
Security France Securite Exterieure), their primary spy agency, and RG
(Direction de Renseignement), their economic intelligence agency. France is
well-known for spying on U.S. businesses (a la the Air France case), and
would no doubt be thrilled to have a "French-GAKked" program in wide use in
the U.S.)
This point has been raised by us many times. And, to be fair, this point is
not lost on the NSA/Freeh/Denning/Gorelick crowd, I am sure. That is, they
would not countenance the importation into the U.S. of "Iraq-GAKked" and
"China-GAKked" programs, for example.
So, what's the deal? The resolution of this quandary almost certainly lies
in an "international agreement," along the lines of the various key escrow
meetings which have been held (Karlsruhe in '93, Washington in '94, etc.).
A "New World Order" solution, with complicated reciprocal agreements about
whom the trusted key authorities might be, how nations could gain access,
etc. (These relationships are too complicated for my brain to handle...how,
for example, would one come to an agreement with Libya? What about Cuba,
given that many of our nominal allies trade freely with Cuba and chafe when
we try to get them to join our boycotts?)
Such an international deal would almost certainly mean that even
fully-domestic versions of software would have to be GAKked.
Hence the need for us to pressure Netscape, Microsoft, Qualcomm, Novell,
etc. *not* to play ball on this. This would then "marginalize" the European
and Asian customers of a special "NSA-readable" version of their products,
and would likely derail the whole thing.
ObMartialLaw: Clinton is pushing to have new "anti-terrorist" legislation
passed *this week*, according to CNN. He wants "memories to be fresh." Joe
Biden wants exanded roving wiretap laws and restrictions on efforts to
"circumvent" wiretaps. Feinstein wants bomb instructions banned. And so it
goes.
--Tim May
Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
[email protected] 408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
Licensed Ontologist | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."