[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Strike may have had small impact...



I think the impact of the strike on December 14 against the Wassenaar
Arrangement has been greatly under-estimated. Even though I can only
comfirm a handfull of brave souls may have supported the cause, the
discussion about it was enough to raise awareness. And wasn't that the point?

I submit this as proof for your aproval:
(Orinigal story quoted directly from:
http://www.zdnet.com/icom/e-business/1998/12/wassenaar/index.html )

December 14, 1998 
Wassenaar Pact May Threaten Global
E-com 

By Jim Kerstetter - PC Week 
Could a treaty banning the use of strong encryption put
the screws, once again, to the U.S. encryption industry?
Cryptographers and others in the security industry worry
that that could be exactly what is happening.
The Clinton administration this month, in an about-face to
indications that it was loosening its grip on encryption,
announced the signing of a treaty with 32 countries called
the Wassenaar Arrangement. The treaty would limit key
lengths to 64 bits or less.

Clinton administration officials said the treaty will, for the
first time, level the playing field for U.S. companies trying
to sell abroad. That's true, to a point. U.S. companies
have long complained that they were unfairly hampered by
the lack of restrictions in other countries. What they had
hoped would happen--and what the administration
seemed to be edging toward--was an easing of U.S.
export laws. They never asked for stronger controls in
other countries.

The Wassenaar Agreement broadsided many who had
watched the Clinton administration over recent years
grant export licenses for strong encryption products to
companies such as Hewlett-Packard Co. and Netscape
Communications Corp.

Jeff Smith, general counsel of the Washington industry
group Americans for Computer Privacy, said in a
statement the treaty is a welcome attempt to level the
playing field, but "it also demonstrates flaws in our
government's encryption export policies."

Security status quo 
So what does it mean if the agreement does become
law? For starters, it would not cut the use of unbreakable
encryption. The Data Encryption Standard, the U.S. standard for symmetric, or
private-key, encryption, has been broken at 56 bits. No one has publicly
acknowledged breaking a DES key longer than that. The Triple DES key,
commonly used in the United States, would continue to be illegal for export. 

Ironically, the government's own proposed Advanced Encryption Standard, which
is expected to replace DES in about two years, would not be allowed for
export.
It's not clear what the treaty will mean to companies that have already been
granted export licenses either for strong encryption--the
financial-transaction
encryption that has been exempt in the past--or for authentication mechanisms
that usually take 1,024 bits.

In other words, the treaty would reinforce the status quo in the United
States.

Elsewhere around the world, it could be a different story. Of the 32 other
nations, several, such as the United Kingdom and Japan, already have strong
encryption controls. But others, such as Germany, have virtually no export
controls, and companies there could be seriously impacted.

About 18 months ago, the control of encryption products was taken out of the
hands of the U.S. Department of Defense, which had long considered encryption
a munition, and handed to the Commerce Department. Although the result was
often the same--the DOD, the National Security Agency, the CIA and the FBI
still had a say in what could and could not be exported--the shift of
control was considered by many to be a sign that the administration was
growing more friendly to industry concerns.

Those hopes were further bolstered when export limits were raised from 40
bits to 56 bits, when financial institutions where allowed to use whatever
they wanted to protect transactions and when a long list of companies
gained export approval.

But the Wassenaar Agreement, which must still be approved by Congress and
legislative bodies in most of the participating countries, would put the
brakes on that road to government deregulation.

Jim Kerstetter is a staff writer at PC Week. Send e-mail to
[email protected] 



-Kevlar
<[email protected]>

Does God know Peano Algebra? Or does she not care if strong atheists
couldnt reason their way out of a trap made of Boolean presumptions?

A little bit of knowledge is a dangerous thing, but zero knowlege is
absolutely subversive.

Overspecialization breeds in weakness. It's a slow death.

Beat your algorithms into swords, your dumb terminals into shields, and
turn virtual machines into battlefields... Let the weak say, "I am strong"
and question authority.