From the first moment it proclaimed the "information superhighway", the Clinton administration has waged a wholesale assault on Internet free speech and privacy. The latest blow is the Clinton administration's strong- arming of the 32 fellow countries of the Wassenaar Arrangement to agree to an export ban on strong cryptographic (data scrambling) software. The net effect will be to make it easier for each government to read its own citizen's email and other private documents. Normally if a nation attempts to restrict the domestic sale of strong encryption software, that attempt is made ineffective by the availability of strong encryption software from other countries. But such software won't be available anymore--at least not from one of the Wassenaar countries, once they have enacted local legislation to implement the terms of the Wassenaar agreement of December 2. The Wassenaar Arrangement is supposed to be an intergovernmental agreement to restrict international traffic in arms. What does this have to do with encryption? Simply this: the US government still holds that secret-code-producing software is a munition. So if you encrypt your letters and files, and the government hasn't given you permission to use that caliber encryption, then the person who gave you the encryption software may be in violation of some regulation on arms dealing. "They've plugged a loophole," gleefully proclaimed Ambassador David Aaron, the President's Special Envoy for Cryptology. The day following the agreement, the US Department of Commerce issued a press release in which Aaron spouts gobble-de-gook phrases about a "level playing field" and about balancing "commercial and privacy interests with national security and public safety concerns" (see Appendix A for Commerce Dept. press statement). How has this agreement supposedly created a "level playing field" and helped U.S. industry? Well, namely, by censoring foreign publishers of cryptology software in the same way that the US government already censors US publishers. This is similar to arguing that by increasing tyranny in surrounding countries, we can create a "level playing field" for freedom. "It's ironic, but the US government is leading the charge internationally to restrict personal privacy and individual liberty around the world," said Alan Davidson, a staff counsel at the Center for Democracy and Technology, according to Reuters (see Appendix B for Reuter's news release). A restriction on cryptology is a restriction on free speech. In the Second World War, the US used native Navaho speakers for secure communications. Since no one else understood the language, it served as a powerful secret code. But is what you speak or write in an email message suddenly not speech or language if the government can't understand it? If your message says "Xu23MN iilc]z MNBl", does the government suddenly have the right to imprison you for writing gibberish? While the clear answer is No, nevertheless the US government thinks it has the right to restrict your "gibberish" if it is produced by encryption software that it can't crack. The Wassenaar agreement says encryption software that is "weak" (less than 56 bit keys in some cases, or less than 64 bit keys in others), so that the government can unscramble and read the real message underneath the gibberish, is okay, and in fact frees up some export restrictions on this type of software. The trade-off? Greater restrictions on software that produces secret code the government can't read. Arms control. It sounds wonderful, doesn't it? Go over to the Wassenaar web page and take a look. High nobility of purpose, right? "We're keeping those guns away from the Indians," they proclaim. But what they mean to say is: "We fully intend to read what is written on the hard drive of your computer." Posting to the cypherpunks mailing list, Timothy May noted:
Is there any good news? Enabling legislation has to be enacted in each country to carry out the terms of the Wassenaar agreement. Raising a hue and cry with legislators over this latest invasion of privacy should have a positive effect. In the meantime, Mr. "Information Superhighway" Al Gore is poised for a presidential run, so he can continue to ignore privacy concerns and bend over for the Big Brother agencies of the national security establishment. Related LinksAppendix A: Commerce Dept. Press ReleaseUNITED STATES DEPARTMENT OF COMMERCE NEWS International Trade Administration Washington, DC For Immediate Release Tuesday, December 3, 1998 Contact: Maria Harris Tildon (202)482-3809 Sue Hofer (202)482-2721 P R E S S S T A T E M E N T U.S. Applauds Agreement on Encryption in International Export Control Regime Vienna, Austria -- The United States welcomed the decision taken Thursday in Vienna by the 33 members of the Wassenaar Arrangement to modernize and improve multilateral encryption export controls. Ambassador David Aaron, the President's Special Envoy for Cryptology, said that "the international agreement reached here goes a long way toward leveling the playing field for exporters and promoting electornic commerce. It provides countries with a stronger regulatory framework to protect national security and public safety." The agreement caps a two year effort by the United States, to update international encryption export controls and to balance commercial and privacy interests with national security and public safety concerns. Thursday's agreement simplifies and streamlines controls on many encryption items and eliminates multilateral reporting requirements. Specific improvements to multilateral encryption controls include removing controls on all encryption products at or below 56 bit and certain consumer entertainment TV systems, such as DVD products, and on cordless telephone systems designed for home or office use. Wassenaar members also agreed to extend controls to mass-market encryption above 64 bits, thus closing a significant loophole in multilateral encryption controls. This gives Wassenaar member governments the legal authority to license many mass market encryption software exports which were previously not covered by multilateral controls and enables governments to review the dissemination of the strongest encryption products that might fall into the hands of rogue end users. The new controls also extend liberalized mass-market hardware below 64 bits. Until today, only mass-market software products enjoyed this liberalized treatment. "The decisions taken here in Vienna reinforce the Administration's efforts to promote a balanced encryption policy," Aaron confirmed. Appendix B: Reuters News ReleaseThursday, 3 December 1998 12:57:40 U.S. claims success in curbing encryption trade Aaron Pressman, Reuters, Washington newsroom, 202-898-8312 WASHINGTON (Reuters) - Clinton administration officials Thursday said they had persuaded other leading countries to impose strict new export controls on computer data-scrambling products under the guise of arms control. At a meeting Thursday in Vienna, the 33 nations that have signed the Wassenaar Arrangement limiting arms exports -- including Japan, Germany and Britain -- agreed to impose controls on the most powerful data-scrambling technologies, including for the first time mass-market software, U.S. special envoy for cryptography David Aaron told Reuters. The United States, which restricts exports of a wide range of data-scrambling products and software -- also known as encryption -- has long sought without success to persuade other countries to impose similar restrictions. ``We think this is very important in terms of bringing a level playing field for our exporters,'' Aaron said. Leading U.S. high-technology companies, including Microsoft Corp. and Intel Corp., have complained that the lack of restrictions in other countries hampered their ability to compete abroad. The industry has sought to have U.S. restrictions relaxed or repealed, but has not asked for tighter controls in other countries. Privacy advocates have also staunchly opposed U.S. export controls on encryption, arguing that data-scrambling technologies provided a crucial means of protecting privacy in the digital age. ``It's ironic, but the U.S. government is leading the charge internationally to restrict personal privacy and individual liberty around the world,'' said Alan Davidson, staff counsel at the Center for Democracy and Technology, a Washington-based advocacy group. Special envoy Aaron said the Wassenaar countries agreed to continue export controls on powerful encryption products in general but decided to end an exemption for widely available software containing such capabilities. ``They plugged a loophole,'' Aaron said. The new policy also reduced reporting and paperwork requirements and specifically excluded from export controls products that used encryption to protect intellectual property -- such as movies or recordings sent over the Internet -- from illegal copying, Aaron said. Encryption uses mathematical formulas to scramble information and render it unreadable without a password or software ``key.'' One important measure of the strength of the encryption is the length of the software key, measured in bits, the ones and zeros that make up the smallest unit of computer data. With the increasing speed and falling prices of computers, data encrypted with a key 40 bits long that was considered highly secure several years ago can now be cracked in a few hours. Cutting-edge electronic commerce and communications programs typically use 128-bit or longer keys. Under Thursday's agreement, Wassenaar countries would restrict exports of general encryption products using more than 56-bit keys and mass-market products with keys more than 64 bits long, Aaron said. Each country must now draft its own rules to implement the agreement.
Homepage: http://www.aci.net/kalliste/homepage.html |