30 October 1998
Date: Fri, 30 Oct 1998 11:07:35 +1000 To: firstname.lastname@example.org From: Greg Rose <email@example.com> Subject: Movement on Export regulations I was in a TIA standards committee meeting the other day[*], which was attended by a couple of representatives from the NSA's export regulation group (they don't like naming names), and an interesting comment came out of them. After clarification, the comment boiled down to: "There is no longer any reason that an export licence for 56 bit encryption would be denied." That is, s/40/56/ in all previous discussions. This prompted me to ask whether the guidelines they used were themselves a matter of national security, that is, would a FOIA request for the guidelines be productive. I should have learned not to ask double barreled questions by now. After a short period of silence, I rephrased it to two questions. The former got an explicit "no comment", while the latter got a somewhat whimsical "if you like to see mostly black paper, with the occasional 'if' or 'the' visible, yes, it would be productive." With the US involvement in the international efforts to standardise 3rd generation mobile phones hamstrung by these regulations ("SHA based authentication algorithms cannot be exported to the ITU, because they don't exclude the T7 nations"), expect to see some more interesting action on this front from the telephone industry. Greg. Greg Rose INTERNET: ggr@Qualcomm.com Qualcomm Australia VOICE: +61-2-9181-4851 FAX: +61-2-9181-5470 Suite 410, Birkenhead Point, http://people.qualcomm.com/ggr/ Drummoyne NSW 2047 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
Greg, Provocative report. Can it be put on our Web site? Was that TIA meeting in the US? And, are wireless folks working with the TIA J-STD-025 Interim Standard for "Lawfully Authorized Electronic Surveillance?" Thanks, John
Date: Fri, 30 Oct 1998 15:42:14 +1000 To: John Young <firstname.lastname@example.org> From: Greg Rose <email@example.com> Subject: Re: Movement on Export regulations >Provocative report. Can it be put on our Web site? Sure... I cleared it with my boss before I posted it. >Was that TIA meeting in the US? It was in Santa Barbara, 27-28th October, at the Harbor View Inn. The AHAG (TIA TR45 Ad Hoc Authentication Group) has previously invited public participation, see http://scitech.ctia.org/Security/index.html, and John Gilmore has occasionally asked for people to come to them. >And, are wireless folks working with the TIA J-STD-025 >Interim Standard for "Lawfully Authorized Electronic >Surveillance?" We are in the process of figuring out how to comply... there is another TIA ad hoc group doing it, I think. The industry is pushing back, hard, but not necessarily successfully. The compliance date has already been pushed back (the original deadline to have it implemented has already passed). regards, Greg. Greg Rose INTERNET: ggr@Qualcomm.com Qualcomm Australia VOICE: +61-2-9181-4851 FAX: +61-2-9181-5470 Suite 410, Birkenhead Point, http://people.qualcomm.com/ggr/ Drummoyne NSW 2047 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
Note: J-STD-025, Interim Standard for "Lawfully Authorized Electronic Surveillance," December 1997, 146 pp. is available by online order from Global Engineering Documents for $136.00. Thanks to DE for pointing.