Cryptome DVDs are offered by Cryptome. Donate $25 for two DVDs of the Cryptome 12-and-a-half-years collection of 47,000 files from June 1996 to January 2009 (~6.9 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of,,,, and, and 23,100 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost.


2 December 1998: Add messages. Add more messages.

2 December 1998

From: "Yaman Akdeniz" <>
Date: Wed, 2 Dec 1998 14:56:55 GMT0BST
Subject: News on Vienna Wassenaar meeting

Anyone knows more about this ?


Communications Daily
December 2, 1998, Wednesday


Thirty-three countries that set rules for international export of
weapons technology are to meet today (Wed.) and tomorrow in Vienna to
make final decisions on implementing export restrictions on encryption
software.  Senior Commerce Dept. official said he was hopeful
Wassenaar Arrangement group, post- Cold War successor to COCOM, would
close what he called "massive loophole" on allowing export of
sophisticated encryption software.

However, David Banisar, counsel for Electronic Privacy Information
Center (EPIC), said that trend in Europe is to allow more use of
sophisticated encryption, not less, and that it may be struggle for
U.S. to persuade many countries to reverse that. Some countries issued
those policies on their own, others agreed to Organization for
Economic Cooperation & Development (OECD) guidelines.         

Meanwhile, negotiations continued between U.S. and European
Commission on implementation of data privacy standards for U.S.
companies doing business in Europe as result of EC privacy
directive that took effect Oct. 25.  Commerce Undersecy. David
Aaron met with EC Director Gen. John Mogg Tues.  Senior Commerce
official said that Europeans agreed generally to "safe harbor"
policy for American companies proposed by U.S. but that many
difficult technical issues remained.  Among those are how to
monitor any safe harbor arrangement.  Some sort of independent
arbitrator has been proposed as one option, but there's no
agreement on specifics.  Commerce officials said EC won't cut off data
flow between U.S. and EC countries as long as both sides are
negotiating seriously on implementing privacy policy.         

Aaron and Mogg said in statement they "reaffirmed their commitment to
seek a final agreement on data privacy" and will meet again in late
Jan.  Commerce officials familiar with talks said it's important to
emphasize that agreement wouldn't apply to domestic business practices
of U.S. companies except in terms of transfer of data.  Officials said
some principles of domestic market wouldn't necessarily apply in same
setting.  For example, FTC Chmn. Robert Pitofsky has suggested
sector-by-sector approach to privacy, but Administration rejects that
notion in EC context because there are sufficient general principles
to be used, senior Commerce Dept. official said.
Yaman Akdeniz <>
Cyber-Rights & Cyber-Liberties (UK) at:

Read the new CR&CL (UK) Report, Who Watches the Watchmen, Part:II
Accountability & Effective Self-Regulation in the Information Age,
August 1998 at

Date: Wed, 2 Dec 1998 10:31:38 -0500 From: <> To: <>, <> Subject: Re:News on Vienna Wassenaar meeting Odds are about 50-50 for an agreement allowing free export of 56-bit products while tightening up the general software note to allow restrictions on mass-market products containing stronger crypto. Stewart Baker Steptoe & Johnson LLP 202.429.6413 Baker & Hurst, "The Limits of Trust -- Governments, Cryptography, and Electronic Commerce" is now available from
From: "Brian Gladman" <> To: <> Subject: Re: News on Vienna Wassenaar meeting Date: Wed, 2 Dec 1998 18:18:58 -0000 Stewart Baker: >Odds are about 50-50 for an agreement allowing free export of 56-bit products >while tightening up the general software note to allow restrictions on >mass-market products containing stronger crypto. You may be right but I would hope that countries other than the US who are present might confine their wishes (and the outcome) to provisions that are compliant with the terms of the agreement under which they are being sought. I would hope that the US government would do this too but such niceties don't seem to bother them much. It is stated clearly in the Wassenaar Arrangement that it will not be directed against any state or group of states and ***will not impede bona fide civil transactions***. DES is now at the end of its life and the US government has a programme in place for a new cryptographic standard to replace it - the AES programme. This is a ***civil*** programme designed to meet purely commercial encryption requirements.  NIST has a good reputation for producing standards and it is reasonable to presume that they have carefully set the AES algorithm requirements to be fully representative of commercial needs as they now see them. All AES candidate algorithms have to be capable of operating with keys lengths of 128, 192 and 256 bits.   NIST is an agency of the US government and it is hence clear that the ***US governemnt view*** of the minimum key length needed to meet future civil encryption requirements is 128 bits. I emphasise that the AES effort is a US GOVERNMENT SPONSORED CIVIL PROGRAMME and I hence repeat: THE US GOVERNMENT VIEW IS THAT THE MINIMUM KEY LENGTH REQUIRED TO MEET FUTURE CIVIL AND COMMERCIAL ENCRYPTION NEEDS IS 128 BITS. 128 bits is already a typical key length used in civil and commercial, mass market software.  And the AES process will rapidly ensure that 128 bits is the minimum key length used in such products. And this has the full approval of the US government - otherwise the NIST AES programme could not exist. Given 128 bit keys as the norm for civil use it hence follows that any restrictions on civil or mass market software at key lengths at or below 128 bits ***would be*** a massive impediment to bona fide civil transactions. Setting or even just allowing such standards within the Wassenaar process would hence contravene the terms of the arrangement. I don't doubt that this is what the US government wants.  Nor do I doubt their determination to ignore the provisions of the WA in trying to achieve this.  I just hope that other governments are more respectful of their obligations under the arrangement and move to block any such restrictions.     Brian
Date: Wed, 2 Dec 1998 13:41:21 -0500 From: <> To: <> Subject: Re[2]: News on Vienna Wassenaar meeting You may be right, Brian, but of course DES has been the US government standard for civilian encryption for twenty years, and Wassenaar (or its predecessor, CoCom) has required licenses for DES exports for the entire period.  So Wassenaar tradition, at least, is against your reading. Stewart Baker Steptoe & Johnson LLP
From: "Scott M. Gearity" <sgearity@MK.IBEK.COM> To: "''" <> Subject: RE: News on Vienna Wassenaar meeting Date: Wed, 2 Dec 1998 11:18:48 -0500 According to high-ranking U.S. officials at the Bureau of Export Administration, it's highly unlikely that this Wassenaar Plenary meeting (long-scheduled) will result in any significant changes to the crypto rules.  The U.S., U.K., and France are just too far away from everyone else at the Wassenaar table for major changes to be made to either the General Software Note or intangibles.  And since WA changes require a consensus, that makes changes nearly impossible. Scott M. Gearity Export Control Specialist Crypto-Controls Advisory Services MK Technology Tel: +1 202.463.0904 ext. 109 Fax: +1 202.429.9812
Date: Wed, 02 Dec 1998 11:12:07 -0500 To: From: John Young <> Subject: Re: News on Vienna Wassenaar meeting Cc: According to a Wassenaar spokesman today there will be a press release about the results of the two-day meeting on Friday. Until then no public information will be issued. Inquiries should be directed to the member national representatives. The telephone number of the Vienna spokesman, Igor Meteltin: 43 1 713 5780. A copy of the Friday press release will be faxed upon request to Mr. Meteltin. He says there is no central office of information. The Arrangement is that each member tells its own carefully tailored story of what Wassenaar is, and may be up to. Which is why there is minimal, ever out of date, information at its Web site: The Secretariat is closed for the two days of the meeting, which is being held elsewhere in Vienna, also closed to the public for its own protection. However, GILC agents and Secret Agent Erich Moechel in Vienna, among others, should promptly intercept and reveal the poop.
Date: Wed, 02 Dec 1998 15:00:54 -0500 To: From: John Young <> Subject: Re: News on Vienna Wassenaar meeting Forwarded for Erich Moechel (from Vienna): Date: Wed, 2 Dec 1998 20:51:03 +0100 Subject: Re: News on Vienna Wassenaar meeting Dear Listmembers, We are just in preparation of publishing the (not so public) working paper on police surveillance plans in full text. The joint EU home & justice ministers will discuss this paper in their Brussels meeting tomorrow ;)) (German) Here are the documents plus two Articles in English. Containing wiretapping GSM & Iridium plans plus some Crypto plans. The secret cops seem to be sure they will get what they want: key escrow crypto & nothing else all over Europe For this Wassenaar lagged behind. My sources say there is no basis for a decision on Crypto other than prolongation of the status quo thinkable - they cancelled the Crypto experts meeting before. > The Secretariat is closed for the two days of the meeting, > which is being held elsewhere in Vienna, also closed to the > public for its own protection. If they moved out of their office this should mean that the plenary session participants exceeded the usual number. The office's meeting room has space for about 120 people. The other possibility is just a joke: That Barry Steinhardt's & my presence in summer at the Wassenaar office has defaced this spooky location forever ;) Let me see what I can get out till Friday & after. Thanx for the information, I was a bit more in Brussels mentally than here. Erich -.-.- --.-  -.-.- --.-  -.-.- --.-      q/depesche taeglich ueber internationale hacks--.-zensur im netz crypto--.-IT mergers--.-monopole & die universalitaet digitaler dummheit subscribe -.-.- --.-  -.-.- --.-  -.-.- --.- Certified PGP key -.-.- --.-  -.-.- --.-  -.-.- --.- ++43 2266 687201 fon  ++43 2266 687204 fax -.-.- --.-  -.-.- --.-  -.-.- --.-
From: "Erich Moechel" <> To: <>, Date: Wed, 2 Dec 1998 22:07:04 +0100 Subject: Re:News on Vienna Wassenaar meeting Hello 2 all, Just stepped in... > Odds are about 50-50 for an agreement allowing free export of 56-bit > products while tightening up the general software note to allow > restrictions on mass-market products containing stronger crypto. I do not think that the latter is likely with 33 Wassenaar member states & statutes saying all decisions must be unanimous. But let us see. Maybe changing their usual session location could indeed mean something special. cu Erich
Date: Wed, 2 Dec 1998 19:16:43 -0500 From: nigel hickson <> Subject: Re: Wassenaar and UK To: "" <> Colleagues Just to confirm that I will try and give you read out from Wassenaar as soon as we hear anything. What has been said about consensus is true (ie a new text has to be agreed by all).  But unless there IS a new text the "sunset" clause could be triggered (put in when list was first agreed re encryption) with result that ALL controls on crypto would fall (from Wassenaar).  Hence there is real pressure to reach an agreement. Nigel  [JYA Note: Nigel Hickson is with the UK Department of Trade and Industry (DTI) which handles encryption matters.]