
Matt Blaze: My life as an international arms courier (1995) - rdl
http://www.crypto.com/papers/export.txt
======
rdl
Hardware crypto devices are still "special", as well as non-COTS systems for
foreign governments/militaries.

Seagate's security dude claimed at RWC this year that NSA had threatened to
ITARify their self encrypting devices if they allowed them to be used as
engines for encrypting arbitrary data (to me and Perry Metzger, separately).
IMO, this is likely bullshit.

~~~
samstave
What does ITARify mean?

~~~
rdl
"cause them to be regulated under ITAR and be non-exportable without a
license". Even more complicated because they are US designs manufactured
overseas, and I'm sure the design team includes a lot of non-citizens, so
there are ITAR violations during design and production as well as (re) export.

------
eliteraspberrie
Interestingly, in Canada, encryption is still considered dual-use technology
and sometimes subject to export control (with the main exceptions of: software
"generally available to the public"; and all exports to the US). See Category
5, Part 2 of the _Guide to Canada 's Export Controls_:

[http://www.international.gc.ca/controls-controles/about-
a_pr...](http://www.international.gc.ca/controls-controles/about-
a_propos/expor/guide-2011.aspx?lang=eng)

It's _really_ interesting to read what else is on the list.

------
rdl
This is a scan of his temporary export license:
[http://www.crypto.com/private/exportlic-
scan.pdf](http://www.crypto.com/private/exportlic-scan.pdf)

------
furyg3
So we create a law to mitigate a possible threat, implement a complex
bureaucratic process, fail to inform or train the people responsible for
implementing it, waste the resources of everyone involved, create the
opportunity for abuse, and presumably completely fail to achieve the original
goal.

These kind of scenarios are aplenty and can turn people from all ideologies
into a libertarian for at least a few seconds... but I'm left wondering what
good options are for actually assessing policies and laws before and after
they are implemented.

After living under a few different legal systems in different countries, I
find the US pretty lacking in the "so did that work?" component. Laws which
are contentious, directly expensive, cause loud groups harm, or show up in the
press are given attention, but this is a small slice of the whole legal/policy
universe.

A law or policy which nobody knows about or enforces is 'operationally'
cost/effective, but a system which implements these policies continuously is
going to run into unintended consequences eventually (abuse, or sheer costs of
a large legal apparatus).

Shouldn't there be good built-in mechanisms to actively give feedback to
government about policy effectiveness? What would that look like?

------
mootothemax
This appears to be the device in question:

[http://www.cryptomuseum.com/crypto/att/tsd3600/](http://www.cryptomuseum.com/crypto/att/tsd3600/)

The variant the author carried is described as " _developed for export
purposes. It used a 'weak' cipher algorithm with a 40-bit key._"

Should you feel the need, you can buy the E variant - " _the first model with
the ill-fated Clipper Chip inside_ " \- for the low, low price of $60 here:

[http://www.dutchguard.com/ATT-TSD-3600-telephone-security-
de...](http://www.dutchguard.com/ATT-TSD-3600-telephone-security-device-p-
persec.html)

------
MichaelGG
We need a modern-day equivalent that works over existing phone technology. I
should be able to call anyone on their cellphone and have a secure call. With
data it's straightforward (ZRTP or VPN), but not for voice channels. I wonder
if its possible to get enough data throughput over GSM compressed audio for
encrypted voice to work.

~~~
rdl
I really don't see the point, given how ubiquitous data is, at least at EDGE
speeds, and how expensive international long distance remains. I'd rather have
something which degraded to half duplex voice messages (and IM) relaxing hard
realtime on the slowest data links. I also want wideband audio whenever
possible (which is frequent).

There were open source systems which used CSD/HSCSD on Windows CE
("cryptophone", in early incarnations), and systems which did used analog
phone lines and then modems and slip/ppp (I think a plugin for speak freely),
but neither analog lines nor HSCSD are particularly common these days.

Even the military stuff moved to ISDN, largely.

~~~
mnw21cam
Speak Freely was pretty good, and had plugins for all sorts of compression and
encryption systems. It could quite happily compress and encrypt intelligible
voice sufficiently to be carried over a 1995-era modem.

But then Skype swept it away. Shame, really.

------
yangyang
I wonder what would happen if someone tried that now. I suspect officials may
not be so flexible.

------
PhasmaFelis
Almost totally off topic, why in God's name would you substitute double-
backticks and double-single-quotes for actual quotes?

~~~
jonemo
It's LaTeX syntax.

Also: Because there is no symbol for quotation marks on the keyboard?
Technically, " is a unit symbol for inch and not a quotation mark, which would
be weird because there is only one of these on the keyboard but left and right
quotation are different symbols.

~~~
boomlinde

        > " is a unit symbol for inch and not a quotation mark
    

Can you think of any reliable source that supports this claim? The printable
characters in the original standard are defined in a table of glyphs with no
other meaning attached to them. In unicode, the corresponding character,
U+0022, is defined as "QUOTATION MARK". You're not helping anyone by making
things up.

~~~
jonemo
I remembered reading an article that made the case that computer keyboards
evolved from scientific calculators which had the arcmin and arcsec symbols
but no use for quotation marks.

After thinking about this for a bit and reading Wikipedia
([http://en.wikipedia.org/wiki/Quotation_mark#Non-
language_rel...](http://en.wikipedia.org/wiki/Quotation_mark#Non-
language_related_usage)) I am starting to think that this is wrong. Keyboards
obviously mirror the typewriter and not the calculator. Thanks for making me
think about this!

------
gerrytan
It's amazing how technology made this second world war regulation obsolete as
early as 1995.

