linux-ipsec: US encryption announcement: Business as usual (fwd)
From
jesse hirsh <jesse@tao.ca>
Date
Fri, 17 Sep 1999 02:36:15 +0000 (GMT)
[: hacktivism :]
Tao K'o Tao Fei Ch'ang Tao
---------- Forwarded message ----------
Date: Thu, 16 Sep 1999 18:29:11 -0700
From: John Gilmore <gnu@toad.com>
To: linux-ipsec@clinet.fi, gnu@toad.com
Subject: linux-ipsec: US encryption announcement: Business as usual
A short summary for the FreeS/WAN project of the new announcement. No
impact on us. Every export from the US still requires a prior
"one-time technical review" by the NSA, which is expected to take
months. There's no time limit, they can effectively say No just by
never saying Yes. If and when you get past that hurdle, you still
can't post your code to the Web, because seven small countries can't be
allowed to have it, and they might learn how to use the Web.
If your product is "retail" then it can go to anybody anywhere except
those seven countries. But only *tangible* product shipments are
"retail"; Internet transactions need not apply. Unless they are
"specifically designed for individual consumer use". I begin to think
this means SDMI (anti-MP3) software. I seriously doubt that
FreeS/WAN or PGP or SSH -- or anything in source code -- will somehow
qualify. We won't know til the real regulations come out, months
from now.
If your product isn't "retail" then you can't put it on the Web anyway
because "government" users in the rest of the world can't get it, even
though "people and businesses" in the rest of the world can. It's
nice of them to acknowledge that governments are the problem.
Even if you can eventually export the product to some people without
further permission, they require you to report everybody you shipped
it to, after the fact.
As part of this deal the Government is introducing a bill that would
encourage companies to put back-doors into their security products.
It would prevent the back-door from being disclosed in court, even if
it was part of how evidence against an accused citizen was obtained,
and would also absolve any such company from liability. In fact the
US Government could intercede in a civil suit between two other
parties to prevent such a disclosure. This bill likely violates the
US Constitution, which requires that citizens accused of crimes be
able to examine and challenge the evidence against them. (There's a
phenomenon among hardened criminals called recidivism; they come back
and do more crimes. The US Government seems to have the same problem;
once they get used to violating one part of the Constitution, they
can't resist the temptation to shred the rest of it too.)
The Administration did succeed in temporarily distracting the
Congressmen who were pushing the SAFE bill. Goodlatte and Burns now
say they'll "wait and see" how the regs come out in December, rather
than pass the bill. If it takes til March or June for those speedy
new regulations to come out, I doubt the Administration will be
displeased. The SAFE bill would not have been much better, but
the Administration wants the credit instead of giving it to Congress.
The more things change, the more they stay the same. The FreeS/WAN
project will go on as usual. We in the "land of the free" are still
relying on you furriners to build and support great crypto products to
protect us from our own fucked-up government.
John
[: hacktivism :]
[: for unsubscribe instructions or list info consult the list FAQ :]
[: http://hacktivism.tao.ca/ :]