[Email Reply]

The Wassenaar Invasion of Privacy

by J. Orlin Grabbe

From the first moment it proclaimed the "information superhighway", the Clinton administration has waged a wholesale assault on Internet free speech and privacy.

The latest blow is the Clinton administration's strong- arming of the 32 fellow countries of the Wassenaar Arrangement to agree to an export ban on strong cryptographic (data scrambling) software. The net effect will be to make it easier for each government to read its own citizen's email and other private documents.

Normally if a nation attempts to restrict the domestic sale of strong encryption software, that attempt is made ineffective by the availability of strong encryption software from other countries. But such software won't be available anymore--at least not from one of the Wassenaar countries, once they have enacted local legislation to implement the terms of the Wassenaar agreement of December 2.

The Wassenaar Arrangement is supposed to be an intergovernmental agreement to restrict international traffic in arms. What does this have to do with encryption? Simply this: the US government still holds that secret-code-producing software is a munition. So if you encrypt your letters and files, and the government hasn't given you permission to use that caliber encryption, then the person who gave you the encryption software may be in violation of some regulation on arms dealing.

"They've plugged a loophole," gleefully proclaimed Ambassador David Aaron, the President's Special Envoy for Cryptology. The day following the agreement, the US Department of Commerce issued a press release in which Aaron spouts gobble-de-gook phrases about a "level playing field" and about balancing "commercial and privacy interests with national security and public safety concerns" (see Appendix A for Commerce Dept. press statement).

How has this agreement supposedly created a "level playing field" and helped U.S. industry? Well, namely, by censoring foreign publishers of cryptology software in the same way that the US government already censors US publishers. This is similar to arguing that by increasing tyranny in surrounding countries, we can create a "level playing field" for freedom.

"It's ironic, but the US government is leading the charge internationally to restrict personal privacy and individual liberty around the world," said Alan Davidson, a staff counsel at the Center for Democracy and Technology, according to Reuters (see Appendix B for Reuter's news release).

A restriction on cryptology is a restriction on free speech. In the Second World War, the US used native Navaho speakers for secure communications. Since no one else understood the language, it served as a powerful secret code. But is what you speak or write in an email message suddenly not speech or language if the government can't understand it? If your message says "Xu23MN iilc]z &#MNBl", does the government suddenly have the right to imprison you for writing gibberish?

While the clear answer is No, nevertheless the US government thinks it has the right to restrict your "gibberish" if it is produced by encryption software that it can't crack. The Wassenaar agreement says encryption software that is "weak" (less than 56 bit keys in some cases, or less than 64 bit keys in others), so that the government can unscramble and read the real message underneath the gibberish, is okay, and in fact frees up some export restrictions on this type of software. The trade-off? Greater restrictions on software that produces secret code the government can't read.

Arms control. It sounds wonderful, doesn't it? Go over to the Wassenaar web page and take a look. High nobility of purpose, right? "We're keeping those guns away from the Indians," they proclaim. But what they mean to say is: "We fully intend to read what is written on the hard drive of your computer."

Posting to the cypherpunks mailing list, Timothy May noted:

I recently heard T. J. Rodgers, CEO of Cypress Semiconductor, repeat his oft-made point that Silicon Valley and the high tech industry gains nothing by talking to Washington. That as soon as dialog is started with Washington, things get worse. This applies as well to crypto, to gun rights, to everything. Everything Washington touches turns to statist shit.

Is there any good news? Enabling legislation has to be enacted in each country to carry out the terms of the Wassenaar agreement. Raising a hue and cry with legislators over this latest invasion of privacy should have a positive effect.

In the meantime, Mr. "Information Superhighway" Al Gore is poised for a presidential run, so he can continue to ignore privacy concerns and bend over for the Big Brother agencies of the national security establishment.


Related Links

  • The End of Ordinary Money: Part 1
  • The End of Ordinary Money: Part 2

  • Appendix A: Commerce Dept. Press Release

    UNITED STATES DEPARTMENT OF COMMERCE NEWS
    
    International Trade Administration
    
    Washington, DC
    
    For Immediate Release
    Tuesday, December 3, 1998
    
    Contact: Maria Harris Tildon
              (202)482-3809
              Sue Hofer
              (202)482-2721
    
    P R E S S  S T A T E M E N T
    
    U.S. Applauds Agreement on Encryption in International Export
    Control Regime
    
    Vienna, Austria -- The United States welcomed the decision taken
    Thursday in Vienna by the 33 members of the Wassenaar Arrangement
    to modernize and improve multilateral encryption export controls.
    Ambassador David Aaron, the President's Special Envoy for Cryptology,
    said that "the international agreement reached here goes a long way
    toward leveling the playing field for exporters and promoting
    electornic commerce.  It provides countries with a stronger
    regulatory framework to protect national security and public safety."
    
    The agreement caps a two year effort by the United States, to update
    international encryption export controls and to balance commercial
    and privacy interests with national security and public safety
    concerns. Thursday's agreement simplifies and streamlines controls
    on many encryption items and eliminates multilateral reporting
    requirements. Specific improvements to multilateral encryption
    controls include removing controls on all encryption products at
    or below 56 bit and certain consumer entertainment TV systems, such
    as DVD products, and on cordless telephone systems designed for
    home or office use.
    
    Wassenaar members also agreed to extend controls to mass-market
    encryption above 64 bits, thus closing a significant loophole in
    multilateral encryption controls.  This gives Wassenaar member
    governments the legal authority to license many mass market
    encryption software exports which were previously not covered by
    multilateral controls and enables governments to review the
    dissemination of the strongest encryption products that might
    fall into the hands of rogue end users.   The new controls also
    extend liberalized mass-market hardware below 64 bits.  Until
    today, only mass-market software products enjoyed this
    liberalized treatment.
    
    "The decisions taken here in Vienna reinforce the Administration's
    efforts to promote a balanced encryption policy," Aaron confirmed.
    

    Appendix B: Reuters News Release

    Thursday, 3 December 1998 12:57:40
    
    U.S. claims success in curbing encryption trade
    
    Aaron Pressman, Reuters, Washington newsroom, 202-898-8312
    
    WASHINGTON (Reuters) - Clinton administration officials
    Thursday said they had persuaded other leading countries to
    impose strict new export controls on computer
    data-scrambling products under the guise of arms control.
    
    At a meeting Thursday in Vienna, the 33 nations that have
    signed the Wassenaar Arrangement limiting arms exports --
    including Japan, Germany and Britain -- agreed to impose
    controls on the most powerful data-scrambling technologies,
    including for the first time mass-market software, U.S.
    special envoy for cryptography David Aaron told Reuters.
    
    The United States, which restricts exports of a wide range of
    data-scrambling products and software -- also known as
    encryption -- has long sought without success to persuade
    other countries to impose similar restrictions.
    
    ``We think this is very important in terms of bringing a level
    playing field for our exporters,'' Aaron said.
    
    Leading U.S. high-technology companies, including Microsoft
    Corp. and Intel Corp., have complained that the lack of
    restrictions in other countries hampered their ability to
    compete abroad. The industry has sought to have U.S.
    restrictions relaxed or repealed, but has not asked for tighter
    controls in other countries.
    
    Privacy advocates have also staunchly opposed U.S. export
    controls on encryption, arguing that data-scrambling
    technologies provided a crucial means of protecting privacy in
    the digital age.
    
    ``It's ironic, but the U.S. government is leading the charge
    internationally to restrict personal privacy and individual
    liberty around the world,'' said Alan Davidson, staff counsel at
    the Center for Democracy and Technology, a Washington-based
    advocacy group.
    
    Special envoy Aaron said the Wassenaar countries agreed to
    continue export controls on powerful encryption products in
    general but decided to end an exemption for widely available
    software containing such capabilities.
    
    ``They plugged a loophole,'' Aaron said.
    
    The new policy also reduced reporting and paperwork
    requirements and specifically excluded from export controls
    products that used encryption to protect intellectual property
    -- such as movies or recordings sent over the Internet -- from
    illegal copying, Aaron said.
    
    Encryption uses mathematical formulas to scramble
    information and render it unreadable without a password or
    software ``key.'' One important measure of the strength of the
    encryption is the length of the software key, measured in bits,
    the ones and zeros that make up the smallest unit of computer
    data.
    
    With the increasing speed and falling prices of computers,
    data encrypted with a key 40 bits long that was considered
    highly secure several years ago can now be cracked in a few
    hours. Cutting-edge electronic commerce and communications
    programs typically use 128-bit or longer keys.
    
    Under Thursday's agreement, Wassenaar countries would
    restrict exports of general encryption products using more
    than 56-bit keys and mass-market products with keys more
    than 64 bits long, Aaron said.
    
    Each country must now draft its own rules to implement the
    agreement.
    

    -30-

    from The Laissez Faire City Times, Vol. 2, No. 41, Dec. 7, 1998

    Homepage: http://www.aci.net/kalliste/homepage.html
    Laissez Faire City Times: http://zolatimes.com/