DES export regulations. And what to do about it!

[John Lupien]

In article <1991Jan3.232017.15364 at Think.COM> barmar at think.com (Barry Margolin) writes:
>In article <14511 at hoptoad.uucp> gnu at hoptoad.uucp (John Gilmore) writes:
>>WHY SHOULD PRIVACY TECHNOLOGY BE ILLEGAL?
>
>There are a couple of reasons.

"ostensibly", of course.

>First of all, it's high-tech, and there are
>export regulations on most of our higher technologies.  I think the purpose
>of this is to try to make sure we maintain the lead in *applications* of
>high technology; for instance, we can maintain the lead in weather
>simulation, which generally requires supercomputers, by making it hard for
>foreigners to get supercomputers.

Kind of a bogus argument. All that really does is ensure that foreign
supercomputer markets will be supplied by foreign supercomputer manufacturers.
Similarly for other high tech, of course.

>Also, smuggling high-tech devices to
>enemy nations is frequently done by pretending to be a purchaser from a
>friendly nation.

Yes it is, but this doesn't relate to the question, which in context
could be re-cast as "should unfriendly nations have privacy?"
The bit about "unfriendly nations" is kind of transient, too: Iraq
was a better friend than Iran for some time after the Iranian revolution.

>As far as DES in particular is concerned, the NSA is extremely (read
>"overly") paranoid about foreigners getting our encryption technology.

Well, perhaps that's not what "the NSA" is concerned about. The NSA
is in charge of national security. They desire that the information
related to national security should be secure. This may involve the
use of encryption. If so, decryption becomes problematic: they do
not want "others" to be able to decrypt security related information.
Rumors that DES is breakable kind of make the DES issue moot, if true,
but DES is not the only cryptographic technology which NSA seeks to control.

>A few years ago the NSA tried to get all research on cryptology declared
>"unclassified but sensitive."  This would have required all papers on
>cryptology to be sent to the NSA for approval to publish, and foreigners
>would generally not be allowed to attend conferences on cryptology.
>It's not clear whether they're worried about foreigners learning how to
>break our codes or use codes that we can't break; it's probably some of
>both.

I would guess that it's more of the latter. Specifically, US citizens
are subject to eavesdropping along with everybody else, and the possibility
that the content of the communications taking place are not available to
the eavesdroppers has an unsettling effect to the policy makers that benefit
therefrom.

>The academic community went up in arms about those restrictions, and I
>think the NSA eventually gave up.  However, they did manage to get the
>Commerce Dept to restrict export of encryption mechanisms, and this has
>stuck.  Since no large companies depend heavily on such devices for their
>income, there wasn't enough complaint to prevent it.

Well, that seems a bit out of line with reality. Banks, insurance companies,
major financial institutions of many kinds use encryption as the backbone
of the financial networks. The management of these companies are naturally
unwilling to stick their necks out.

>Barry Margolin, Thinking Machines Corp.
>barmar at think.com
>{uunet,harvard}!think!barmar


---
John R. Lupien
lupienj at hpwarq.hp.com