1 October 1999
Date: Wed, 29 Sep 1999 08:31:51 +0100
To: ukcrypto@maillist.ox.ac.uk
From: Donald Ramsbottom
Subject: BXA
They are at it again, below is the text of the current requirements for
export licences from the US, it seems to be somewhat at variance with the
removal of export controls as stated by the Presidents press release a
couple of weeks back.
[http://cryptome.org/bxa092799.txt]
Date: Wed, 29 Sep 1999 00:23:35 -0700
To: ukcrypto@maillist.ox.ac.uk
From: Greg Broiles
Subject: Re: BXA
At 12:31 AM 9/29/99 , Donald Ramsbottom wrote:
>They are at it again, below is the text of the current requirements for
>export licences from the US, it seems to be somewhat at variance with the
>removal of export controls as stated by the Presidents press release a
>couple of weeks back.
This doesn't represent a policy change, just some required support for the
current export control scheme - the US has a somewhat byzantine system
whereby federal agencies which want to require people to fill out forms are
themselves required to fill out forms regarding the forms they want filled
out, and to make regulatory filings regarding the forms, including the
kinds of information to be requested, the purposes for gathering the
information, and estimates of the time required. I'd feel sorry for the
bureacrats, but it looks like giving them a nice dose of their own
medicine, so I don't.
They've only promised to release new regs as of December 15, and they may
slip that deadline; or they may release regs which will take effect later,
after accepting public comments (or not). So it's entirely possible that
the actual changes won't take effect until sometime in the year 2000. In
that context, it's not surprising that they're taking steps to make sure
the old regulatory apparatus continues to work, especially given that they
intend to apply the old regulations to technical data, technical
assistance, and source code - the "liberalization" is only for object code.
--
Greg Broiles
gbroiles@netbox.com
PGP: 0x26E4488C
Date: Wed, 29 Sep 1999 19:41:34 -0700
To: ukcrypto@maillist.ox.ac.uk
From: Greg Broiles
Subject: Re: BXA
At 04:49 AM 9/29/99 , Donald Ramsbottom wrote:
>What really intrigues me is the end of your post relating to the
>distinction between object code and source code. So if I understand you
>correctly, you will still require the old style regime and restrictions on
>source code. If so does that not mean that there is effectively no
>liberalisation?
I think this is appropriate for the list given interest others have shown
in the topic; but if list members would prefer to avoid discussion of US
crypto regulations, that seems reasonable, too. If people have strong
feelings one way or the other, I'm happy to oblige. It's not like there
aren't a few other places to talk about the US regs.
The BXA's "question and answer" page about the upcoming regulatory changes
does a good job of adding detail to the politicians' statements; the page
is at <http://www.bxa.doc.gov/Encryption/qa99.htm>, with a mirror by John
Young at <http://cryptome.org/bxa091699.htm> in case something happens to
the official copy.
Specifically of interest are general question #18, which indicates that
technical assistance, APIs, and source code will continue to be controlled
under the old regime; technical question #7, illustrating a new detailed
approach to API regulation; and technical question #8, reiterating that
only object code will be subject to the new policies.
I believe that the new regulations will continue to further fragment
different constituencies in the US polity with respect to encryption -
we're ending up with one set of regulations for academics, another set of
regulations for traditional commercial publishers, and yet another set of
regulations for open source publishers/authors. In particular, this recent
set of regulations seems likely to drive a wedge between ideologically
driven crypto advocates and economically driven crypto advocates. SInce
it's the latter who make campaign contributions, hire lobbyists, and invite
lawmakers to address their luncheons as well-paid speakers, satisfying them
(at the expense of the privacy/crypto advocates) is a savvy maneuver.
Policies which discourage source code distribution and encourage object
code distribution make it much harder to develop and encourage a
security-conscious culture which encourages local compilation and open
source code review. The lack of such a culture is likely to allow poorly
constructed and malicious software to proliferate; whether you attribute
defects like Microsoft's NSAKEY to the former or the latter isn't
especially important, as its security implications exist independent of
individual levels of paranoia.
I've got more thoughts on the politics/policy side of this at
http://www.brujo.com/rants/bxachg.htm
--
Greg Broiles
gbroiles@netbox.com
PGP: 0x26E4488C
From: "Brian Gladman"
To: "UK Crypto List"
Subject: Changes in US Crypto Policies
Date: Wed, 29 Sep 1999 11:01:52 +0100
As others have remarked, the recent publicity about forthcoming changes in
US crypto export controls and the big US budget increases for R&D on
computer systems penetration deserve comment on this list.
Like all US crypto announcements the current 'publicity' needs to be
considered with care in order to determine what is really happening. In
fact the major thrust is to replace 'customer by customer' licensing with
'general' licensing for export to most countries for most end systems
applications. This will certainly be welcomed by US industry since a
massive and costly bureaucratic burden will be removed and this will allow
them to compete more easily on cost terms. There is no doubt that this will
promote an improved international crypto marketplace but will it promote
better (more effective) crypto?
The answer is NO because the US announcements make it clear that US
Government controls on the export of crypto products remain unchanged - the
US government will still have to be asked for approval to export 'strong'
crypto via the review process. Since the US government policy in the past
has been to prevent the export of strong crypto products, and since the
controls have not been changed, there is no basis in these announcements for
believing that US policy has changed and no basis for believing that US
companies will be able to export crypto products that are actually strong in
practice.
Large US IT companies have no option but to acquiesce, however unwillingly,
to the wishes of the US government if they want to survive and this means
that US crypto products for the international market must always remain
suspect unless they are in open source form and subject to independent,
international scrutiny of their operation. This does not mean that they
cannot be used but rather that those who do use them must judge whether
having 'Uncle Sam and his many friends' on the line is a threat to their
activities.
The recent revelations and speculation about the named "NSAKEY" in Windows
well illustrates what goes on 'behind closed doors'. Whatever the
explanation of this key is, the one thing we can be certain of is that it is
there as a result of discussions between Microsoft and the US Government
that neither of these parties want us to know about. I believe I know why
this second key is there and, if I am right, Microsoft's explanation is a
classic case of telling the truth but not the whole truth. But whatever the
explanation is, the real point here is that while the US Government
continues to meddle in this way in US company efforts to provide improved
cryptographic security, we can never be confident about the results.
The US government crypto proposals are quite shrewd for several reasons.
Firstly, the fact that they remove much of the bureaucratic burden on US
industry is likely to reduce the pressure for more profound change.
Secondly, these changes provide a basis for the US to argue for continued
controls in Wassenaar. It is not a surprise to hear that the US cypto
Ambassador, David Aaron, has been in Europe to 'explain' these changes - he
has, no doubt, been suggesting that this is what the EU should be doing
instead of abandoning Wassenaar. The US desperately needs a way to counter
the growing tide in Europe to sweep away Wassenaar crypto controls and this
is undoubtedly a significant part of their thinking. Fortunately I don't
expect Europeans to be taken in by this - Wassenaar controls on commercial
crypto are as good as dead even if we cannot yet give them a decent burial.
But in contrast to the UK Government, the US Government is better at knowing
when its going to loose a technical battle and it is not a surprise to see
them moving rapidly to systems penetration as the future means for obtaining
intelligence. It is now clear that the value of intercept will
progressively decline as an intelligence information source since people are
well aware that effective 'end to end' (applications layer) cryptographic
protection defeats such activities. So it seems that the likely future
intelligence collection scenario will increasingly be the use of intercept
for traffic analysis and targeting followed by systems penetration for
actual information collection.
Since only a minute proportion of all Internet connected computing resources
offer any real security protection, we are hence in the somewhat paradoxical
situation of securing the infrastructure and thereby redirecting attacks at
end system that are actually much easier and more vulnerable targets! And
while some countries (the UK included) have 'computer misuse laws, these are
not likely to protect people from the sorts of organisations that will see
value in mounting expert penetration attacks.
Worse still we have also seen hints from Australia about collusion between
suppliers and governments in actually introducing easy penetration paths (a
possibility will not have been lost on the US and UK). This has been a
purported feature of the cryptographic world for 50 years or more so it
would be unrealistic to expect these tactics will not be attempted in the IT
world. Governments will not have it so easy, however, since while the
'telecoms world' has acquiesced in such matters, the 'computing world' will
not be such an easy target.
But once Governments get involved in serious active systems penetration, the
scope for abuse will become truly unimaginable and this means that the
organisations involved in such work will require stringent, publicly
accountable oversight if they are to command public confidence and trust.
It remains to be seen whether the US and UK Governments will provide what is
required in this respect.
Brian Gladman
Date: Thu, 30 Sep 1999 10:49:42 -0400 (EDT)
From: Dorothy Denning
Subject: Re: Changes in US Crypto Policies
To: ukcrypto@maillist.ox.ac.uk
Brian Gladman wrote:
The answer is NO because the US announcements make it clear that US
Government controls on the export of crypto products remain unchanged - the
US government will still have to be asked for approval to export 'strong'
crypto via the review process. Since the US government policy in the past
has been to prevent the export of strong crypto products, and since the
controls have not been changed, there is no basis in these announcements for
believing that US policy has changed and no basis for believing that US
companies will be able to export crypto products that are actually strong in
practice.
---
This is not true. Under the current regs, companies can export strong
crypto (unlimited key sizes, with or without key recovery) under license
exception after a 1-time technical review to US subsidiaries, banks &
financial institutions, and health & medical end users (and others too
in more limited cases). The new regs effectively open this up to all
sectors but foreign governments. They also introduce a new category of
retail products that can even go to foreign governments under license
exception.
BXA has granted a couple of thousand license exceptions so far. As I
mentioned on this list before, I have gotten a license exception for a
company. BXA mainly wanted to know what encryption methods were used
for data encryption and key exchange and what key lengths. They did not
even look at the products. We did not have to put in back doors or
weaknesses of any sort. This same process will continue under the new
regs, the main difference being that a license exception will have a
much broader scope. BXA told us yesterday at the PECSENC meeting that
companies that have license exceptions under the old regs will be able
to use them under the new regs without further technical review (unless
they want to have an exception under the new retail category).
The PECSENC is going to take up the issue of source code and open source
at our next two meetings, December 14 in DC and Feb. 25 in California.
If anyone has written a thoughtful piece on this, please send it to me.
I have put a copy of An Easy Guide to Encryption Export Controls on my
Web site, which explains the current regs. The PECSENC
recommendations are back up as well.
http://www.cs.georgetown.edu/~denning/crypto/index.html#usgov
From: "Brian Gladman"
To:
Subject: Re: Changes in US Crypto Policies
Date: Thu, 30 Sep 1999 17:31:23 +0100
Hi Dorothy,
I'm not quite sure what is not true here.
As of now, I have no reason for believing that US companies can export
strong encryption products because I have no visibility of USG export review
processes, no confidence that their objectives serve my interests, and no
knowledge of any 'behind the scenes' agreements that may have been reached
as a part of their conduct.
As a non-US citizen who has observed the actions of the US government on
crypto export controls for more than 20 years, why should I now accept that
there has sudden and radical change of direction? Why should I now believe
that a review process that has been used for all this time to inhibit the
spread of strong encryption, will suddenly no longer going be used in this
same way? What reasons do I have for believeing that the review process
is designed to do anything other than to ensure that all crypto products
that 'pass' have weaknesses of some kind?
And I do not need to postulate the deliberate introduction of flaws (as is
often alleged with crypto). Most if not all computer/software systems have
exploitable vulnerabilities so it is entirely practical to envisage a review
process that simply ensures that all products that pass have at least one
expolitable weakness simply by blocking the (very) small number of products
that are truly effective.
If this USG review process is no longer designed to control and constrain
the export of strong encryption products from the US, why is it still a
feature of US crypto export control regime? Why not do away with it all
together?
Governments (not just the US) have been meddling too long in crypto for me
to believe that all is suddenly now sweetness and light.
Brian
Date: Thu, 30 Sep 1999 17:58:00 -0400 (EDT)
From: Dorothy Denning
Subject: Re: Changes in US Crypto Policies
To: ukcrypto@maillist.ox.ac.uk
Cc: denning@manic.cs.georgetown.edu
Brian,
I doubt that I can give you satisfactory answers given your distrust of
our technical review process. All I can say is that based on my own
experience, your claim that license exceptions are granted only for weak
products is just plain false. As a practical matter, since they are
granting thousands of licenses and license exceptions, they could not
possibly take every product apart and look for holes. Products are not
even submitted as part of the review process. The reviews take about
a month.
I can't speak for the government, but I think the recent liberalizations
are a growing recognition of the fact that the market has changed and
that law enforcement needs to adapt to the technology rather than try
to control it. This is a very positive move forward.
Not all crypto technology is decontrolled, so the review serves as a
check that what is being exported is allowed under the regs. If I
were a company, I would want that review, as the penalties for violating
the export regs are severe enough they could put you out of business.
Dorothy
The export policy is more complex than you [end]
From: "Brian Gladman"
To:
Subject: Re: Changes in US Crypto Policies
Date: Fri, 1 Oct 1999 09:35:08 +0100
But many thanks for trying.
I do distrust the review process in its current form, not necessarily
because of its characteristics in isolation but rather because of the wider
context in which it operates. It is a fact of life that all the companies
that have a serious role in crypto also have continuing ongoing
relationships with NSA that can be (and sometimes ARE) used to influence
what is actually submitted for review.
This is not unique to the US and has been a feature of the UK scene as well
for many years. I know with total certainty that the threat "If you ask to
export "X" then don't expect to get contract "Y" from the Government" has
been used in the past and my guess is that this is still a possibility
within the current US (and UK) crypto business environment.
It is the very existence of the review process that provides this lever and
hence the potential for abuse via such 'blackmail' attempts. In practice
the possibility of rejection as a result of the review process gives
Government officials powers that are just too easy to abuse and this,
combined with the need for companies to have a tolerable relationship with
Government, creates the pressure that results in acquiesence to government
wishes, quite often before the review process gets underway.
I stress that I am not getting at the USG in particular here as I have seen
this as a feature of the cryptography business generally so I don't see the
US environment as in any way unique. Such pressures from Government have
been a feature of business in Europe as well, for example, where the
European Telecommunications Standards Institute (ETSI) has been used by
Governments (especially the UK) to pressure Telecoms companies to
deliberately weaken encryption algorithms in order to allow for Government
abuses of the privacy of telecoms users.
> I can't speak for the government, but I think the recent liberalizations
> are a growing recognition of the fact that the market has changed and
> that law enforcement needs to adapt to the technology rather than try
> to control it. This is a very positive move forward.
I agree that they are a positive step forward But they are less profound
than the publicity makes out since the USG is still retaining CONTROL over
the export of cryptographic products.
> Not all crypto technology is decontrolled, so the review serves as a
> check that what is being exported is allowed under the regs. If I
> were a company, I would want that review, as the penalties for violating
> the export regs are severe enough they could put you out of business.
Exactly my point - exporting cryptography that the USG does not want
exported can put US companies out of business - exactly the power that is
capable of being abused to ensure that really strong cryptography is not
exported from the US.
There are steps that might alleviate my concerns here and I will be
interested to see if any of these are features of the new regime. If they
are I will willingly revise my scepticism about the changes.
The first is to remove all export controls on products designed to interface
with cryptographic products (currently crypto AND products designed to
interface to crypto are controlled). Secondly, a relaxation of controls on
the export of software source code and hardware design details to allow for
independent, international review of cryptographic products and proof of
correspondence between design and implementation. Thirdly a public
commitment by US companies to independent, international review processes
for their products (I am pleased to say that I am in discussions with some
US companies on just this possibility). Forthly, a public commitment by US
crypto supplers that the products they supply for US domestic use and those
they export are identical (and demonstrably so) - that is, "Mutually Assured
Destruction" applies in cyberspace - if we are vulnerable so is the US.
Brian