Xref: utzoo comp.unix.internals:1792 sci.crypt:4056 Path: utzoo!censor!geac!torsqnt!news-server.csri.toronto.edu!cs.utexas.edu!samsung!rex!wuarchive!sdd.hp.com!hplabs!hpda!hpwala!hpwadac!lupienj From: lupienj@hpwadac.hp.com (John Lupien) Newsgroups: comp.unix.internals,sci.crypt Subject: Re: DES export regulations. And what to do about it! Message-ID: <1562@hpwala.wal.hp.com> Date: 8 Jan 91 21:34:05 GMT References: <1548@inews.intel.com> <1991Jan3.173546.9809@dramba.neis.oz> <14511@hoptoad.uucp> <1991Jan3.232017.15364@Think.COM> Sender: netnews@hpwala.wal.hp.com Reply-To: lupienj@hpwadac.UUCP (John Lupien) Lines: 72 In article <1991Jan3.232017.15364@Think.COM> barmar@think.com (Barry Margolin) writes: >In article <14511@hoptoad.uucp> gnu@hoptoad.uucp (John Gilmore) writes: >>WHY SHOULD PRIVACY TECHNOLOGY BE ILLEGAL? > >There are a couple of reasons. "ostensibly", of course. >First of all, it's high-tech, and there are >export regulations on most of our higher technologies. I think the purpose >of this is to try to make sure we maintain the lead in *applications* of >high technology; for instance, we can maintain the lead in weather >simulation, which generally requires supercomputers, by making it hard for >foreigners to get supercomputers. Kind of a bogus argument. All that really does is ensure that foreign supercomputer markets will be supplied by foreign supercomputer manufacturers. Similarly for other high tech, of course. >Also, smuggling high-tech devices to >enemy nations is frequently done by pretending to be a purchaser from a >friendly nation. Yes it is, but this doesn't relate to the question, which in context could be re-cast as "should unfriendly nations have privacy?" The bit about "unfriendly nations" is kind of transient, too: Iraq was a better friend than Iran for some time after the Iranian revolution. >As far as DES in particular is concerned, the NSA is extremely (read >"overly") paranoid about foreigners getting our encryption technology. Well, perhaps that's not what "the NSA" is concerned about. The NSA is in charge of national security. They desire that the information related to national security should be secure. This may involve the use of encryption. If so, decryption becomes problematic: they do not want "others" to be able to decrypt security related information. Rumors that DES is breakable kind of make the DES issue moot, if true, but DES is not the only cryptographic technology which NSA seeks to control. >A few years ago the NSA tried to get all research on cryptology declared >"unclassified but sensitive." This would have required all papers on >cryptology to be sent to the NSA for approval to publish, and foreigners >would generally not be allowed to attend conferences on cryptology. >It's not clear whether they're worried about foreigners learning how to >break our codes or use codes that we can't break; it's probably some of >both. I would guess that it's more of the latter. Specifically, US citizens are subject to eavesdropping along with everybody else, and the possibility that the content of the communications taking place are not available to the eavesdroppers has an unsettling effect to the policy makers that benefit therefrom. >The academic community went up in arms about those restrictions, and I >think the NSA eventually gave up. However, they did manage to get the >Commerce Dept to restrict export of encryption mechanisms, and this has >stuck. Since no large companies depend heavily on such devices for their >income, there wasn't enough complaint to prevent it. Well, that seems a bit out of line with reality. Banks, insurance companies, major financial institutions of many kinds use encryption as the backbone of the financial networks. The management of these companies are naturally unwilling to stick their necks out. >Barry Margolin, Thinking Machines Corp. >barmar@think.com >{uunet,harvard}!think!barmar --- John R. Lupien lupienj@hpwarq.hp.com