gnu@hoptoad.uucp (John Gilmore) (10/31/86)
I know Chris has a right to his opinion and everything, but I for
one am getting tired of hearing, every time someone proposes actually
doing something to verify or correct a stupidity created by a government,
that the consequences are dire and we should all just knuckle under.
Chris is the person who first complained about the DES posting possibly
being illegal. After I did some research to fix that, he tried to
contest the results of that research (without knowing US law -- he's
Canadian!). Now when Larry Campbell proposed that we break a bad
law and form a legal defense fund to get the law challenged in court,
he tells us how stupid all the people were who fought Sentator McCarthy's
abuse of government in the 1950's.
Chris, while living like a mouse might be fun for you, can you leave
the rest of us to our kind of fun? As somebody said, the people get
exactly the government they deserve, and I for one want a better
government and am willing to work to improve it. This means learning,
myself, how it works, and teaching it when it errs.
From the tone of your postings I would almost venture a guess that you
are a CIA disinformation operative. Arguing for the supremacy of the
government and the hopelessness of fighting the police state (McCarthy).
The general tone of "Give up! It's hopeless" is unhealthy for freedom.
--
John Gilmore {sun,ptsfa,lll-crg,ihnp4}!hoptoad!gnu jgilmore@lll-crg.arpa
Bomb, terrorist, cryptography, DES, assasinate, secret, decode, NSA, CIA, NRO.
The above is food for the NSA line eater. Add it to your .signature and
you too can help overflow the NSA's ability to scan all traffic going in or
out of the USA looking for "significant" words. (This is not a joke, sadly.)clewis@spectrix.UUCP (Chris Lewis) (11/04/86)
In article <1251@hoptoad.uucp> gnu@hoptoad.uucp (John Gilmore) writes: > I know Chris has a right to his opinion and everything, but I for > one am getting tired of hearing, every time someone proposes actually > doing something to verify or correct a stupidity created by a government, > that the consequences are dire and we should all just knuckle under. Hardly. Rather, before embarking on a "grey" area it's better to know the law, and the possible consequences. And that there may be easier ways. > Chris is the person who first complained about the DES posting possibly > being illegal. After I did some research to fix that, he tried to > contest the results of that research (without knowing US law -- he's > Canadian!). I notice that you didn't post any of that conversation. Fears about DES posting being illegal is not crap - many of the people later posting about this subject have had personal experience with restrictions (or what they thought were restrictions) in this area. Some American, some not. Because there *are* restrictions on DES, which given the vagueness and language of the law can be interpreted many ways - some of which *do* prohibit posting of software. Some of which cannot be resolved without spending a lot of time and/or money to verify - not necessarily something a casual member of this net can afford - or even AT&T sometimes. Certainly, you did quote a fair bit of the law in the mail exchanged on this topic. And, given what you quoted I did say that I thought it was probably okay to post it. I stayed out of the discussions on the net - and given the fact that you only quoted part of the law, I knew the net would have the same discussion we had. What do you expect? The legal quote you sent to me and the net (the DOC stuff) was inadequate - there were several "not withstanding other legislation" clauses, which without my prodding you probably wouldn't have looked up. And some you never did. If you had posted Ritchie's item in the first place you could have headed off most of the whole mess. Certainly, being a Canadian it's a little harder to keep up with US legislation. But, being a Canadian doesn't a-priori mean that one doesn't know anything about U.S. law. We do have libraries in the Great White North you know. The province of Ontario alone is a bigger trading partner with the US than Japan - something that Ronald Reagan has yet to learn - so we have a pretty strong interest in US trade laws. And I have done some research on a related field (privacy) in US law - though some of it is outdated by now. After all, there have been many articles on this topic in some of the trade journals (I can't put a finger on a specific one at the moment). I imagine that you didn't know much about this restrictive trade legislation before I suggested that there may be a problem. I raised a concern about exportation of it by mail - and from other postings I know that my concerns were shared by many other people. Free of invective (except for one that I apologized for before you read it). Because I didn't think you knew of this possible problem. You apparently didn't. And I'm glad you searched the law - because I learned something more about the precise details of this area. So did a lot of other people. So why the overreaction? > Now when Larry Campbell proposed that we break a bad > law and form a legal defense fund to get the law challenged in court, > he tells us how stupid all the people were who fought Sentator McCarthy's > abuse of government in the 1950's. No. They weren't stupid. I admire them a lot for standing their ground and fighting for something important that they believed in. I was pointing out how stupid and naive that the attitude "resistance is simply a matter of legal fees" is. Especially when it's someone else. It's a great way of committing professional suicide. Whether or not you win. However, if somebody does want to do something like this - with eyes open to the full consequences - I'd contribute to such a fund too. Someone who did this without exploring other avenues of getting rid of such a dumb law would be stupid. You don't stop steam-rollers by standing in front of them do you? First you ask the driver to stop. Then you ask his boss to tell him to stop... Then you put a (small) land-mine under the roller. > Chris, while living like a mouse might be fun for you, can you leave > the rest of us to our kind of fun? As somebody said, the people get > exactly the government they deserve, and I for one want a better > government and am willing to work to improve it. This means learning, > myself, how it works, and teaching it when it errs. I didn't say don't do it: The country that's lost its ability for rebellion is not a country I'd like to live in... [Imperfect remembrance of something Thomas Jefferson said. Later paraphrased by Groucho Marx and Woody Allen] people are in fact *obligated* to revolt against the emperor [when the emperor screws up] [Confucious] > From the tone of your postings I would almost venture a guess that you > are a CIA disinformation operative. Egads, I've been found out - no more paychecks! (oops, I blew my cover again - it's "paycheques"!) > Arguing for the supremacy of the > government and the hopelessness of fighting the police state (McCarthy). > The general tone of "Give up! It's hopeless" is unhealthy for freedom. You'd never get me arguing for the supremacy of any government (including ours and especially yours). Nor for the naive assumption that resistance is simply a matter of legal bills. > Bomb, terrorist, cryptography, DES, assasinate, secret, decode, NSA, CIA, NRO. > The above is food for the NSA line eater. Add it to your .signature and > you too can help overflow the NSA's ability to scan all traffic going in or > out of the USA looking for "significant" words. (This is not a joke, sadly.) Agreed. But a long way from violating the law (so far). -- Chris Lewis Spectrix Microsystems Inc, UUCP: {utzoo|utcs|yetti|genat|seismo}!mnetor!spectrix!clewis Phone: (416)-474-1955
outer@utcsri.UUCP (Richard Outerbridge) (11/07/86)
[....] > > > Arguing for the supremacy of the > > government and the hopelessness of fighting the police state (McCarthy). > > The general tone of "Give up! It's hopeless" is unhealthy for freedom. > > You'd never get me arguing for the supremacy of any government (including > ours and especially yours). Nor for the naive assumption that resistance > is simply a matter of legal bills. > [....] As has become clear, this discussion is getting needlessly silly. So relax. There are a number of issues: Canadian sovereignty; export controls; and the tension between public and private sector cryptology, or lack thereof. I have a software DEA. The posting that started all this, by hoptoad!gnu, is an early version of the one I have. The BBS he got it from got it from me. The silly thing is that mine was posted to net.sources on October 19th, 1984. As far as I could tell it made it out of Canada. Besides, its been sitting in the data-libraries of a number of the SIGs on CompuServe since March of 1984, so anyone with a CIS account can download it anytime, anywhere. Besides the DEA, I have LUCIFER and a package of routines based around a DEA variant that are designed to supplant or fill in for crypt(1) and crypt(3). If you'd like any of these just let me know. I'll send them anywhere within North America. Outside of that all I can promise is listings of the software >after< export approval has been obtained. If you'd prefer to keep the net out of this arguably anti-social activity, we can arrange a dial-up to the machine I'm using at home. All these >algorithms< are in the public domain. Canada is a tributary state of the American empire, and Canadians really just can't pretend that we're not. Canada survives at American sufferance and because of American protection. It's not a bad deal: the U.S. of A. is the greatest nation in the world, and as a Canadian I have most of the advantages of being American without actually having to be American. Besides, they're friends. Sometimes difficult friends, but always good friends. When I first discovered the close parallels betwen Canadian export law and American law I was outraged. But by and large it isn't all that surprising that technology within the western alliance is subject to embargo. Uranium refining equipment, for instance; or lathes capable of turning out gun barrels. The embargo of ideas >is< repulsive. But that's not what we're talking about. The prohibition against "technical data in any material form" being exported is not surprising - but at first it seems a little questionable. When does the expression of an idea become technical data? Perhaps when it becomes capable of performing work, as in a computer program for instance. Say a program that controls a pilotless aircraft, or runs an automated factory, or performs a complex encryption algorithm. So these days I try to stay within the rules. I may not think they're enforceable; I may not think they have a rational purpose; I may not think they have any justification whatsoever. But unless there's a very good reason for breaking them I'd rather obey them - at least to the letter, if there's no fathomable spirit. The rules are there because someone was afraid of what would happen without them. While caution has never been the hallmark of my conduct, pointless risk taking is recklessness. It is often more frightening than reassuring. As concerns cryptology, typically the rules are rationalised by appeal to the spectres of organised criminal elements and international terrorism. These are motherhood issues, of course, but from my limited perspective they're not very convincing. Terrorists will use whatever cryptology their sponsor teaches them - obviously a double-edged sword, and so likely to be doubly dull. Criminals will use whatever they can afford and always have. So there's more here than meets the eye if these are the best justifications. Loss of third-world or client state ELINT? Maybe. Who knows? Most of the third world can't begin to use modern cryptology even if they recognised their need for it: computers are embargoed too, as is the technology for making them. Perhaps client state ELINT is closer to home. Would NSA object if Canadian communications became (if not already) opaque? What about NATO alliance communications? Israeli? Saudi? Rather more directly I'm needlessly worried that the export rules are being used as excuses, or levers, to perpetuate or re-establish the state monopoly on cryptologic technology. The issue is not whether >they< should have the latest and greatest (presumably they do) but whether or not >we< should. The issue is whether the free citizens of the democratic American empire should have access to the state of an art which historically only sovereign states have had the need, resources and ability to employ. Note that there's no question of 'right' involved here: like so many computer-related social problems the power is not new, simply newly affordable. "Needlessly" because there is no private market to spur competition. Someone mentioned that NSA candidly admits that unbreakable systems are verboten, and I think there's a fairly obvious inference that we can draw from that about the security of the DES. But the experts were telling us that ten years ago! Who - among the private-sector consumers, principally the U.S. financial community - listened? The government has successfully held onto its monopoly through a combination of a) telling us we have no need of the power; b) actively discouraging the development of private sector resources; and c) limiting private sector power through the promulgation of weak or "secret" standards and counter-intuitive laws on radio reception. The sad thing is that by and large that's all "we" seem to want: a soggy security blanket. We all sort of know that security is a myth, like the value of a dollar bill: its value is what you believe it to be. Rather than get into expensive and confusing arguments about the gold standard - that is, taking matters seriously - we'd much rather the government told us we were secure. Remember, whatever role NSA played in promulgating DES it was subsequently sanctioned by the U.S. congress ("...no known mathematical or cryptologic weaknesses...": true enough, but known to whom?). With the domestic market conveniently sewn into a pig's ear, whatever else export controls are designed to accomplish they effectively reduce the available market for private-sector cryptology to nil. This form of social contract, do-what-you're-told-and-we'll-all-be-secure, is the basis of the Russian state, and in this regard increasingly our own. Fundamentally, though, this can only happen with our assent. Cryptology was recognised as >the< single most effective tool for computer security long before the DES came out. There wouldn't have been a standard except for this recognised need. This is not the place to argue the quality of DES: the strange key, the crazy fixed permutations, etc. Let's assume it's perfectly adequate - after all, "we" still don't know how to break it and it's already being replaced. Let's even accept that unbreakable ciphers are correctly the preserve of sovereign states. So: perceived need, viable solution. Does it play in Peoria? Fat chance. People have gone bust trying to sell DES. The Apple LISA motherboard has an empty, unsocketed spot for a WD2001 chip. On an already overpriced machine the omission is understandable, but why is there no real estate on the IBM PC board? Why hasn't security been built into all hardware/software architecture since then? Well, obviously, because no one is silly enough to bother. The domestic market doesn't want to pay the price, and as an added disincentive there are no foreign markets. Throughout this discussion people have been asking whether the government really thinks that export controls make a difference to the spread of technology. Based on the North American attitude towards computer security in general and employing cryptology in particular, the correct question is probably: Do you? That's what I think at any rate. Richard Outerbridge -- Richard Outerbridge <outer@utcsri.UUCP> (416) 961-4757 Payload Deliveries: N 43 39'36", W 79 23'42", Elev. 106.47m.
ccplumb@watnot.UUCP (Colin Plumb) (11/10/86)
In article <3605@utcsri.UUCP> outer@utcsri.UUCP (Richard Outerbridge) writes: > >Canada is a tributary state of the American empire, and Canadians really just >can't pretend that we're not. Canada survives at American sufferance and >because of American protection. It's not a bad deal: the U.S. of A. is the >greatest nation in the world, and as a Canadian I have most of the advantages >of being American without actually having to be American. Besides, they're >friends. Sometimes difficult friends, but always good friends. > My apologies for posting this in sci.crypt, but I must say that the views expressed above are rather extreme, and *not* typical of Canadians in general. (At least none that I've ever met, and I live here!) In fact, a lot of people I've met (and myself) think Canada is a nicer place to live than the U.S. "...most of the advantages of being American"...make that almost all, and a whole lot of advantages the Americans don't have, and I'll agree. -Colin Plumb (ccplumb@watnot.UUCP) -University of Waterloo, Waterloo, Ontario Thoughts of Zippy: I don't believe there really IS a GAS SHORTAGE.. I think it's all just a BIG HOAX on the part of the plastic sign salesmen-- ..to sell more numbers!!