off-the-record chats with spooks (was Re: spook pressure on crypto exports)

[Adam Back <aba@dcs.ex.ac.uk>]

There is a tendency I think to be drawn into spooks, civil servants,
and polticians requests for off the record comments on how politics
really works.  (The politics of favours, the politics of spooks
wishing to intimidate people into censoring themselves to operating
according to unwritten laws (laws which don't exist, but which the
spooks wish did, and so pretend do exist)).

I think: if they said it, hold them to it.  Ignore off the cuff
requests, if they have the force of law behind them (it boils down to
a threat to kill you, or imprison you if you disagree), that they
should also get you to behave nicely and keep quiet your experience of
the way they work in practice sucks, there's too much of it in
politics in general, it belongs on a bill-board not in quiet off the
record moments after crypto-conferences.

Of course this might have the effect that spooks don't want to talk to
you, or are more careful what they say, but who cares.

Also... some clarification on the UK export situation, which I talked
about in my last post in this thread:

One concern about some of this stuff, is that often people are
representing some company when interacting with spooks, where they 
would be covered by an NDA with the company.  Well OK.  There are 
still remailers to explain the situation without giving enough detail
to identify yourself.  Sometimes there are no NDAs.

The export situation has slightly conflicting parties, the DTI (civil
servants, Dept. of Trade & Industry) and GCHQ.  DTI say you can export
intangibly, but gave a whole list of reasons why a "responsible" company
surely would not want to do anything disreputable, like have different views
of export controls from the government, here from:

	http://www.dcs.ex.ac.uk/~aba/ukexport/dti-let.txt

: 9.  Hard to see what practical advantage there is to exporters in
: exporting technology by intangible means because they could get
: licences anyway if no concerns about the export itself.
: 
: 10.  And if concerns are sufficient for a licence to be refused, what
: reputable exporter would wish to export it by any means?

CESG/GCHQ seem less keen to admit the intangible export loop hole
exists, preferring to pretend it doesn't exist until pressed.

The DTI at least has contingency plans for this (from same letter):

: 4.  Government is aware of the potential for abuse of the spirit of
: export controls. If it appears HMG's export control policies are being
: undermined, then further action may have to be considered.

As I said in the previous post: the GCHQ off-the-record low down on this is
that if you export stuff intangibly (which the DTI at least will admit
reluctantly that you can do), then they will deny your tangible export
requests.  If you are a business, this might cause you to think carefully
about using the intangible export loop-hole.  Or perhaps about discussing
too much the way this works with journalists or otherwise embarrassing them. 
Which is of course what they want: an unwritten law which they have power to
decide as they wish.

Wouldn't it be fun if people in government/spookdom actually participated in
open discussions such as this?  (People like say Nigel Hickson, who got
roasted at the LSE crypto conference recently on the DTI/GCHQ/government
infamous TTP paper, his boss David Hendon slunk off early to avoid facing
the music during open question time). (David Hendon not to be confused with
David Henson, the ex-spook now in some governmental Euro gakkers group)

But they aren't going to participate because they operate best in
half-light, they hate harsh bright lights of open discourse.

Adam
-- 
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`