Home page logo

interesting-people logo Interesting People mailing list archives

IP: Nice reporting on Wassenaar in Keith Dawson's TBTF
From: Dave Farber <farber () cis upenn edu>
Date: Fri, 25 Dec 1998 05:11:17 -0500

Sender: rberger () ibd com
Date: Fri, 25 Dec 1998 01:43:26 -0800
From: "Robert J. Berger" <rberger () ibd com>

Don't know if you already get this, but its one of the clearest synopsis of 
the international communities reaction to the US statements on the results 
of Wassenaar and Crypto controls. Also followed with a bit on Net Monitoring 
in South Africa.

Excerpted From:
TBTF for 12/23/98: The eye, altering

    T a s t y   B i t s   f r o m   t h e   T e c h n o l o g y   F r o n t
    Your Host: Keith Dawson

    This issue: < http://tbtf.com/archive/12-23-98.html >

..Wassenaar: US exports crypto-export controls

  33 nations agree in principle to limit exports, but all is not

    US high-tech companies have long complained that the lack of crypto-
    export restrictions in other countries hampers their ability to com-
    pete abroad. The relief they have sought was relaxing US strictures,
    not tightening those of other nations. But US crypto ambassador
    David Aaron has been working behind the scenes to convince other
    countries to do just that. On 3 December Aaron held a press confer-
    ence to claim victory in these efforts [1]. The 33 signatory nations
    to the Wassenaar Arrangement [2] have agreed to new rules. (Note:
    turn off graphics before visiting [2]: it loads 33 gratuitous GIF im-
    ages of waving flags with mouseovers for a total footprint of 353K.)
    In summary, the new rules state:

      - All crypto products of up to 56 bits can be freely exported.

      - Mass-market crypto software and hardware of up to 64 bits can
        be freely exported.

      - The export of products that use encryption to protect intel-
        lectual property, such as DVDs, has been relaxed.

      - Export of all other crypto still requires a license.

      - No alteration was made in the ambiguous area of whether Wass-
        enaar covers intangible exports (such as via the Internet).

    The Wassenaar provisions are not themselves binding on signatory
    nations; each nation must enact its own laws to implement the rules.

    Some accounts of Wassenaar have interpreted the new rules to allow
    the free export of any public-domain crypto of any strength, inclu-
    ding Open Source products such as SSLEAY. My reading of the agree-
    ment itself [3] is that such products are exportable only if they
    meet the other requirements outlined above; in other words it would
    not be legal to export PGP.

    A Norwegian poster to the Cryptography list asked his ministry of
    foreign affairs for a clarification on exactly where Open Source
    software falls, and was told that it is compliant with what Wass-
    enaar calls "public domain" software.

    In a speech on 7 December [4], US Commerce Department official
    William Reinsch said:

      > ...participating states agreed to extend controls to mass-
      > market encryption exports above 64 bits, thus closing a
      > significant loophole.

    A posting to Cryptography quoted a newspaper article in which the
    Finnish prime minister gave his views on the new Wassenaar rules. He
    noted that "the United States is in a very powerful position" but
    said that Finland will not alter its liberal principles in encryp-
    tion politics.

    Denmark is reported to be in a political uproar because the Danish
    official who signed the Wassenaar accord did not have proper par-
    liamentary standing to do so -- and the new rules run counter to
    current Danish crypto policy. The upshot could be a formal renun-
    ciation of the accord by Denmark, which would render it invalid

    Two little-known Internet governance boards, the Internet Architec-
    ture Board and the Internet Engineering Steering Group, have re-
    leased a memo slamming Wassenaar [5].

    In its antitrust defense Microsoft argues that the government has no
    business interfering with a company's choices in product develop-
    ment. But the US government's National Security Agency has long
    taken an active role in product development, according to this CNN
    story [6] -- working with Microsoft as well as a host of other com-
    panies to limit available crypto technology. What's behind the US
    push to restrict crypto strength domestically and world-wide? Most
    observers of the crypto-political scene dismiss the official explan-
    ation that crypto must be limited to thwart criminals and terror-
    ists. The bad guys have, after all, had access on the open Internet
    to strong-crypto source code since 1991.

    This quote from Ross Anderson, with a preface by Peter Gutmann, makes
    plain the assumption, widely held in cypherpunk circles, that it all
    starts with Echelon [7].

      > This is probably the best one-sentence summary of export
      > controls I've seen. It predates the recent Wassenaar an-
      > nouncement by about half a day, but is even more appropri-
      > ate in the aftermath:

      > "The real aim of current policy is to ensure the continued
      >  effectiveness of US information warfare assets against in-
      >  dividuals, businesses, and governments in Europe and else-
      >  where." -- Ross Anderson

    In other words, those who want strong crypto restrained are, first
    and foremost, protecting the UKUSA franchise in filtering and moni-
    toring worldwide communications in real time.

    [1]  http://www.news.com/News/Item/Textonly/0,25,29526,00.html?tbtf
    [2]  http://www.wassenaar.org/
    [3]  http://www.fitug.de/news/wa/
    [4]  http://jya.com/war120798-2.htm
    [5]  http://www.news.com/News/Item/Textonly/0,25,30228,00.html?tbtf
    [6]  http://cnn.com/TECH/computing/9807/27/security.idg/index.html
    [7]  http://tbtf.com/archive/03-09-98.html#s05

..A survey of international crypto law

  On the Web and on paper

    Bert-Jaap Koops <e.j.koops () kub nl> has updated his Crypto Law Survey
    [8] with news from Wassenaar and updates on the laws of 15 coun-
    tries. And now Koops's PhD thesis, titled The Crypto Controversy,
    has been published by Kluver Law International [9]. So far the book
    has not appeared on Amazon.com, but you can order it directly from
    KLI [10] for $87 US.

    [8]  http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm
    [9]  http://cwis.kub.nl/~frw/people/koops/thesis/thesis.htm
    [10] http://www.wkap.nl/book.htm/90-411-1143-3

..Reflections on cyberwar

  A cri de coeur, a call to care

    Phil Agre doesn't usually wax emotional about issues of technology
    and culture; his 16 December piece on cyberwar [11] is an exception.
    Agre attended a conference at which several honest and sincere rep-
    resentatives of the US defense establishment presented a seemingly
    new military doctrine for the online world. They proclaimed that
    there is, as of now, no boundary line between military and non-mil-
    itary facilities. Agre writes:

      > In the world of the Internet, it would seem, ...we are now in...
      > permanent, total, omnipresent, pervasive war. Cold War plus
      > plus: all war, all the time. They said this.

    Please read Agre's closely argued, anguished musings about these
    developments [11], and see if you don't wax emotional too.

    A word on one of Agre's asides: in writing about the styles of
    reaction against such military thinking, Agre characterizes one
    group of old-line Netizens in words that strike close to home:

      > You may recall that, as recently as a couple of years ago,
      > proponents of the cyberspace ideology filled the Internet
      > with manifestos against the Communications Decency Act and
      > many other bad actions on the part of the government. Where
      > have those people gone? Some of them remain in business, of
      > course, including many of the sensible ones, but they no
      > longer come close to defining the Internet's culture.

    I don't know whether or not Agre considers me one of the sensible
    ones. But I am certainly still in business, doing my level best
    to perpetuate those aspects of the roots of Internet culture most
    worthy of emulation -- trying to alter an occasional reader's view-
    point -- for the eye, altering, alters all.

    [11] http://www.egroups.com/list/noframes/rre/983.html

..South Africa considers intercepting and monitoring telecomms

  Discussion paper proposes CALEA-like cost transfer

    After reading about India's proposal to enable monitoring of Net
    traffic, Ant Brooks <ant () hivemind net> sent word of a similar pro-
    posal [12] (360K) circulating in South Africa. The discussion paper
    from the South African Law Commission proposes requiring telecomms
    and service providers (read: ISPs) to ensure, at their own expense,
    that all communications can be intercepted and monitored. Brooks

      > These suggestions (although disturbing enough) are nowhere
      > near as drastic as the measures being proposed in India, but
      > because South Africa is the most connected country on the
      > continent, I suspect that this is just the tip of the Afri-
      > can iceberg on the issue...

      > As I type, I'm sitting in the auditorium attending the Af-
      > rican Internet Group conference in Cotonou in Benin, West
      > Africa. It is apparent that the governments of many African
      > countries have not even begun to consider these issues, and
      > given the high level of control that some of our governments
      > exercise on other telecommunications services, I have some
      > concerns about the future of Internet freedom in Africa.
      > Hopefully, current processes of educating government about
      > the Internet and Internet governance underway here will min-
      > imise any nasty legislation.

    [12] http://jya.com/za-esnoop.htm

Robert J. Berger - Internet Bandwidth Development
14510 Big Basin Way #253  Saratoga, CA 95070 
Voice: 408-882-4755 Fax: 408-490-2868
Email: rberger () ibd com http://www.ibd.com

"Software expands to fill the space available.  If it didn't, it
wouldn't be designed properly."
                 - NATHAN MYHRVOLD explains Microsoft's design philosophy

  By Date           By Thread  

Current thread:
  • IP: Nice reporting on Wassenaar in Keith Dawson's TBTF Dave Farber (Dec 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]