mailing list archives
IP: Nice reporting on Wassenaar in Keith Dawson's TBTF
From: Dave Farber <farber () cis upenn edu>
Date: Fri, 25 Dec 1998 05:11:17 -0500
Sender: rberger () ibd com
Date: Fri, 25 Dec 1998 01:43:26 -0800
From: "Robert J. Berger" <rberger () ibd com>
Don't know if you already get this, but its one of the clearest synopsis of
the international communities reaction to the US statements on the results
of Wassenaar and Crypto controls. Also followed with a bit on Net Monitoring
in South Africa.
TBTF for 12/23/98: The eye, altering
T a s t y B i t s f r o m t h e T e c h n o l o g y F r o n t
Your Host: Keith Dawson
This issue: < http://tbtf.com/archive/12-23-98.html >
..Wassenaar: US exports crypto-export controls
33 nations agree in principle to limit exports, but all is not
US high-tech companies have long complained that the lack of crypto-
export restrictions in other countries hampers their ability to com-
pete abroad. The relief they have sought was relaxing US strictures,
not tightening those of other nations. But US crypto ambassador
David Aaron has been working behind the scenes to convince other
countries to do just that. On 3 December Aaron held a press confer-
ence to claim victory in these efforts . The 33 signatory nations
to the Wassenaar Arrangement  have agreed to new rules. (Note:
turn off graphics before visiting : it loads 33 gratuitous GIF im-
ages of waving flags with mouseovers for a total footprint of 353K.)
In summary, the new rules state:
- All crypto products of up to 56 bits can be freely exported.
- Mass-market crypto software and hardware of up to 64 bits can
be freely exported.
- The export of products that use encryption to protect intel-
lectual property, such as DVDs, has been relaxed.
- Export of all other crypto still requires a license.
- No alteration was made in the ambiguous area of whether Wass-
enaar covers intangible exports (such as via the Internet).
The Wassenaar provisions are not themselves binding on signatory
nations; each nation must enact its own laws to implement the rules.
Some accounts of Wassenaar have interpreted the new rules to allow
the free export of any public-domain crypto of any strength, inclu-
ding Open Source products such as SSLEAY. My reading of the agree-
ment itself  is that such products are exportable only if they
meet the other requirements outlined above; in other words it would
not be legal to export PGP.
A Norwegian poster to the Cryptography list asked his ministry of
foreign affairs for a clarification on exactly where Open Source
software falls, and was told that it is compliant with what Wass-
enaar calls "public domain" software.
In a speech on 7 December , US Commerce Department official
William Reinsch said:
> ...participating states agreed to extend controls to mass-
> market encryption exports above 64 bits, thus closing a
> significant loophole.
A posting to Cryptography quoted a newspaper article in which the
Finnish prime minister gave his views on the new Wassenaar rules. He
noted that "the United States is in a very powerful position" but
said that Finland will not alter its liberal principles in encryp-
Denmark is reported to be in a political uproar because the Danish
official who signed the Wassenaar accord did not have proper par-
liamentary standing to do so -- and the new rules run counter to
current Danish crypto policy. The upshot could be a formal renun-
ciation of the accord by Denmark, which would render it invalid
Two little-known Internet governance boards, the Internet Architec-
ture Board and the Internet Engineering Steering Group, have re-
leased a memo slamming Wassenaar .
In its antitrust defense Microsoft argues that the government has no
business interfering with a company's choices in product develop-
ment. But the US government's National Security Agency has long
taken an active role in product development, according to this CNN
story  -- working with Microsoft as well as a host of other com-
panies to limit available crypto technology. What's behind the US
push to restrict crypto strength domestically and world-wide? Most
observers of the crypto-political scene dismiss the official explan-
ation that crypto must be limited to thwart criminals and terror-
ists. The bad guys have, after all, had access on the open Internet
to strong-crypto source code since 1991.
This quote from Ross Anderson, with a preface by Peter Gutmann, makes
plain the assumption, widely held in cypherpunk circles, that it all
starts with Echelon .
> This is probably the best one-sentence summary of export
> controls I've seen. It predates the recent Wassenaar an-
> nouncement by about half a day, but is even more appropri-
> ate in the aftermath:
> "The real aim of current policy is to ensure the continued
> effectiveness of US information warfare assets against in-
> dividuals, businesses, and governments in Europe and else-
> where." -- Ross Anderson
In other words, those who want strong crypto restrained are, first
and foremost, protecting the UKUSA franchise in filtering and moni-
toring worldwide communications in real time.
..A survey of international crypto law
On the Web and on paper
Bert-Jaap Koops <e.j.koops () kub nl> has updated his Crypto Law Survey
 with news from Wassenaar and updates on the laws of 15 coun-
tries. And now Koops's PhD thesis, titled The Crypto Controversy,
has been published by Kluver Law International . So far the book
has not appeared on Amazon.com, but you can order it directly from
KLI  for $87 US.
..Reflections on cyberwar
A cri de coeur, a call to care
Phil Agre doesn't usually wax emotional about issues of technology
and culture; his 16 December piece on cyberwar  is an exception.
Agre attended a conference at which several honest and sincere rep-
resentatives of the US defense establishment presented a seemingly
new military doctrine for the online world. They proclaimed that
there is, as of now, no boundary line between military and non-mil-
itary facilities. Agre writes:
> In the world of the Internet, it would seem, ...we are now in...
> permanent, total, omnipresent, pervasive war. Cold War plus
> plus: all war, all the time. They said this.
Please read Agre's closely argued, anguished musings about these
developments , and see if you don't wax emotional too.
A word on one of Agre's asides: in writing about the styles of
reaction against such military thinking, Agre characterizes one
group of old-line Netizens in words that strike close to home:
> You may recall that, as recently as a couple of years ago,
> proponents of the cyberspace ideology filled the Internet
> with manifestos against the Communications Decency Act and
> many other bad actions on the part of the government. Where
> have those people gone? Some of them remain in business, of
> course, including many of the sensible ones, but they no
> longer come close to defining the Internet's culture.
I don't know whether or not Agre considers me one of the sensible
ones. But I am certainly still in business, doing my level best
to perpetuate those aspects of the roots of Internet culture most
worthy of emulation -- trying to alter an occasional reader's view-
point -- for the eye, altering, alters all.
..South Africa considers intercepting and monitoring telecomms
Discussion paper proposes CALEA-like cost transfer
After reading about India's proposal to enable monitoring of Net
traffic, Ant Brooks <ant () hivemind net> sent word of a similar pro-
posal  (360K) circulating in South Africa. The discussion paper
from the South African Law Commission proposes requiring telecomms
and service providers (read: ISPs) to ensure, at their own expense,
that all communications can be intercepted and monitored. Brooks
> These suggestions (although disturbing enough) are nowhere
> near as drastic as the measures being proposed in India, but
> because South Africa is the most connected country on the
> continent, I suspect that this is just the tip of the Afri-
> can iceberg on the issue...
> As I type, I'm sitting in the auditorium attending the Af-
> rican Internet Group conference in Cotonou in Benin, West
> Africa. It is apparent that the governments of many African
> countries have not even begun to consider these issues, and
> given the high level of control that some of our governments
> exercise on other telecommunications services, I have some
> concerns about the future of Internet freedom in Africa.
> Hopefully, current processes of educating government about
> the Internet and Internet governance underway here will min-
> imise any nasty legislation.
Robert J. Berger - Internet Bandwidth Development
14510 Big Basin Way #253 Saratoga, CA 95070
Voice: 408-882-4755 Fax: 408-490-2868
Email: rberger () ibd com http://www.ibd.com
"Software expands to fill the space available. If it didn't, it
wouldn't be designed properly."
- NATHAN MYHRVOLD explains Microsoft's design philosophy
- IP: Nice reporting on Wassenaar in Keith Dawson's TBTF Dave Farber (Dec 25)