
The Evolution of US Restrictions on Using and Exporting Encryption (1997) [pdf] - awakened
http://www.foia.cia.gov/sites/default/files/DOC_0006231614.pdf
======
Zikes
After a quick read of that document, I get the distinct impression that the US
government feels it has a fundamental right to control all encryption schemes
and to have access to any and all encrypted data.

Bollocks.

~~~
john_b
The 10th Amendment is largely a fiction today. Instead, the opposite is true:
the federal government frequently claims and uses novel powers until a Supreme
Court case says it can't. And sometimes those powers get minor modifications
to enable their re-use afterwards.

The only fundamental force resisting these types of power grabs is a large
body of citizens who both know and exercise their rights, and who look at
government with suspicion instead of looking at it as a protector.

~~~
higherpurpose
This is why it's a shame the US doesn't have a Constitutional Court with its
sole purpose of _filtering out_ unconstitutional bills signed by the president
_before_ they become actual laws.

Then bills like the Patriot Act in its current form would have a much smaller
chance of becoming laws, and then having the government abuse them for two
decades before they are challenged at the Supreme Court.

~~~
rtkwe
A Constitutional Court seems like a good idea except the politics surrounding
it would be at least as bad as those surrounding the Supreme Court and
probably worse because it'd have an earlier and thus more powerful
interdiction chance against laws.

It usually isn't that much of an issue because normally unconstitutional laws
are quickly brought up through the courts and along the way injunctions are
issued preventing the problematic portions of the law from being exercised.
It's an issue with the latest spying and PATRIOT ACT laws (along with all it's
spawn) is the fact that because of the secrecy it's fairly impossible to prove
standing for the challenge to begin in the first place.

------
Zigurd
Here is the chilling part:

 _What is next? Obviously, an international resolution on the control and
management of encryption technology is a desirable goal, if not a lofty one.
Critics of the Clinton Administration are right in noting that sophisticated
criminals and terrorists will not use the encryption systems that that require
key escrow registration. If an international referendum requires all
encryption systems and users to register their keys, however, then criminals
and terrorists will be forced into the escrow system. A worldwide key escrow
system will not be put into place quickly, but with serious effort it may be
attainable, and it is a worthwhile goal. The proliferation of strong
encryption is already beyond control, but perhaps the continued monitoring of
criminals and terrorists is not._

This view has probably evolved, but the goals are almost certainly the same.
It is preferable to be able to keep track of _you_ than it is to enable people
in repressive regimes to communicate securely. Depending on whether you
consider pervasive surveillance repressive, that could become a tautology.

------
asadotzler
Little known fact, Mozilla+Netscape fixed the export restriction for open
source software which ultimately led to it being eliminated all together.

~~~
peterwwillis
As far as i'm aware, they did no such thing. They created SSL and then a
library that allowed them to control what encryption was used where, as well
as be able to plug in better encryption overseas. They also were the first
open source crypto library to get FIPS 140 validated.

Actually it was the original openssl developers who created a fork of Mozilla
just so you could use 128-bit crypto in the browser overseas.

~~~
asadotzler
You should read up on the legal challenges. You're missing the actual story in
favor of watching the code.

------
rjsw
Do we still have to lie in answering the "have you ever been a gunrunner"
question on the form you fill in on entry to the US ?

~~~
dllthomas
I don't recall ever being asked that. Is it only for non-citizens?

~~~
rjsw
It could have been just for non-citizens.

The language [1] describing visa ineligibility seems much more nuanced now.
The last paper form that I filled in asked whether you had been involved in
transporting munitions, strong crypto was classified as a munition at the
time.

[1]
[http://travel.state.gov/content/visas/english/general/inelig...](http://travel.state.gov/content/visas/english/general/ineligibilities.html#Ineligibilities)

~~~
rdtsc
Dangerous stuff. Never be that truthful on government forms and do not make
the mistake of trying to be clever or have an "interesting" story to tell or
prove some point to the bureaucrat across the desk.

The answer should therefore be "no" without hesitation. Otherwise that goes
into a database but the interesting story about open source work on Netscape
won't. So at that point as far the govt is concerned you might as well have
been selling SAMs to Syria.

~~~
dllthomas
Note that the parent _said_ they lie on that question.

This seems to drift over into "Three Felonies A Day" territory. If asked that
question either you lie and they can prosecute you for lying, or you tell the
truth and they can make sure you're hassled over your answer. Though I believe
that crypto software is no longer considered munitions (while still retaining
_some_ restrictions) - but IANAL...

------
snake_plissken
Any ideas on what would need to be blanked out on what appears to be a
document from an intra-agency magazine article?

------
hackuser
Interesting history and perspective. What ever happened to key escrow for
exported crypto with >56-bit keys?

------
kuhhk
When was this published? I see the approval for release date, but not the
author's publish date.

~~~
bthornbury
I don't see a date either, however given some of the dates in the document, it
seems sometime between 1997 and 2000.

Relevant lines:

"Representatives from the Organization for Economic Cooperation (OECD) backed
the concept of key recovery systems during a January 1997 conference."

"The software industry estimated that, if export controls were removed, US
companies could sell as much as $60 billion a year in encryption hardware and
software by 2000."

~~~
hackuser
> "The software industry estimated that, if export controls were removed, US
> companies could sell as much as $60 billion a year in encryption hardware
> and software by 2000."

He writes that in the context of describing the business leaders' arguments at
the time. He could have written it much later. For example, I could write the
following today: "Ronald Reagan estimated that unemployment would drop 2% by
1988".

That said, I see no definite references in the article past 1997.

~~~
bthornbury
I agree about the context here, and I thought over it before posting it. If
you look at the previous statements which are also giving estimates, they have
established dates. this led me to the conclusion that this statement about the
year 2000 had some probabability of being written in the context of future
estimate.

