
Intel subsidiary fined for unlawful export of software that enables encryption - aburan28
http://www.goodwinprocter.com/Publications/Newsletters/Client-Alert/2014/1015_Software-Companies-Now-on-Notice-That-Encryption-Exports-May-Be-Treated-More-Seriously.aspx
======
Someone1234
How utterly pathetic.

Encryption export restrictions are an absolute joke. I can go read a Wikipedia
article right now that heavily details the inner workings of most block
ciphers. They're still fining people for exporting anything over 64 bits
(which is most things), even if almost every individual let alone government
has access to the technological knowledge to reproduce such encryption at
home.

Seems like this fine is about them exporting a custom Linux distro' with all
the normal encryption libraries still in-place (e.g. 256 AES).

Why do I get the strong sense that this fine isn't really about exporting
encryption and is really about Wind River failing to place backdoors into this
equipment? Because frankly that makes a lot more sense than what it appears to
be on the surface.

Wind River got fined for "something" to do with encryption. Now you can either
take the government at their word and assume that that thing is just exporting
AES 256 within a standard OS, or maybe consider it a little deeper and wonder
if it was punishment for something else Wind River did or didn't do.

~~~
DenisM
>Encryption export restrictions are an absolute joke.

I don't think you give BIS & NSA the credit they deserve. Experto crede. The
restrictions may serve a useful purpose and if you can't see it, that doesn't
mean _they_ are the ones missing the point.

Having myself had to pass the export control for one of my apps, and so having
the opportunity to pour over the these regulations in great detail, I came to
conclusion that the actual purpose of the crypto export regulation is not to
control export of the _technology_. That sort of restrictions is impossible to
implement, as you noted, and it's also quite unnecessary.

The actual purpose of the law is to prevent export of _expertise_.
Implementing a crypto _system_ that would be secure end-to-end is pretty much
impossible without being an expert, and even then it's exceptionally hard. The
best chances belong to a team of experts with a track record of fruitful
collaboration and rich history in a particular area. Unlike bits and pieces of
code, cohesive teams of experts are relatively easy to keep track of.

The way this control regime works, is that the entirety of the regulation
revolves around two questions: 1) Are you supplying a turn-key end-to-end
system to the client? 2) Are you supplying services to setup a complete,
tailored system for the client? If the answer is "yes" to either question,
that raises the red flag for the BIS/NSA, and they want to see what's going on
there. Otherwise it's just a minor bureaucratic hoop to jump through. You are
certainly welcome to export bunch of crypto code, and they even have a special
open-source exception to the paperwork requirements.

So, you may disagree with the goals of this regulation, but it's certainly not
a joke you make it out to be.

~~~
Perseids
> 1) Are you supplying a turn-key end-to-end system to the client?

> So, you may disagree with the goals of this regulation, but it's certainly
> not a joke you make it out to be.

It remains a joke, when you consider how much really good open source software
implementations are in the wild already. Think about the crypto in Debian and
OpenBSD, including GPG, LUKS, openvpn, OTR, Open/LibreSSL with their support
in Apache, nginx, etc. Even for Android, the best end-to-end encryption
software (security-wise, not interface-wise) is open source. Let's face it, we
have won this crypto "war" long ago. (This is not to say, we don't have other
problems to deal with, regarding the immense power the NSA, etc have.)

And even all sufficiently secure software was closed source, as long as it is
reasonably widespread, it will be easy to pirate the software instead of
importing it from the US.

> 2) Are you supplying services to setup a complete, tailored system for the
> client?

What kind of systems do you have in mind? Afaik, the case referred to in the
article does not fall into this category.

~~~
DenisM
These are all components, not systems. A system would be something akin to a
full-bank installation with all the computers, cabling, routers, crypto
protocols, key generation/escrow/rotation/destruction, fall-back procedures,
firewalls, hotglued USB ports, etc.

You can use those components to build a system like this, but you have to be
an expert in it. This is why component export is restricted - all they want is
to look into your design to see if you are an expert capable enough to design
and implement a secure _system_. What happens if they pick interest in you is
beyond my experience. I know, it speaks poorly of my crypto skills, huh?.. :)
I imagine they would start looking into identity of the client(s), and see if
they are connected to embargoed entities. Or something...

~~~
Perseids
Fair point. I didn't recognize you had such a high level view of "system". But
this raises the question whether one can really call these laws "
_cryptography_ export restrictions". Because, sure, cryptography is involved,
yet the restrictions only apply to (/ are meaningful in regard of) the
procedures involved in secure IT systems in general. I'd argue that this
expertise is somewhat independent of cryptography, as you can swap the
cryptography implementations with any other and the procedures would stay the
same.

Even better, leave the cryptography out of the package entirely and just
include an "apt-get install" line or a list of open source projects you have
to install. Instructions for "cabling, routers, crypto protocols, key
generation/escrow/rotation/destruction, fall-back procedures, firewalls,
hotglued USB ports, etc." aren't cryptography in themselves, are they?

~~~
DenisM
Fist, it adds more moving parts, making the system more likely to contain a
hole, which might be just enough for NSA. Second, consider that typical buyer
is a beauracracy, and they are are either buying a crypto system, or the are
not buying it. The upgrade might be trivial for you, but a beauracrat has no
way of knowing that, so he has to play by the rules.

I think they key to scale of the word _system_ is however big it needs to be
to establish actual security. You can have perfectly good crypto, but if
you're relying on certificate authorities you may be safe from street hackers,
but as far as NSA is concerned its wide open.

It's just reading tea leaves, of course. I imagine that NSA is not enjoying
reading thousands of applications from iOS app devs like me, so if they keep
doing it they must be getting something for their effort.

------
tptacek
Wind River is the vendor behind vxWorks, which is one of the most widely-used
embedded operating systems in the world. vxWorks isn't especially common in
consumer products (although you can find SOHO-type routers running it) but
it's very important in industry, aerospace, manufacturing, RF and telecom, and
things like that.

The "sharp departure" Goodwin refers to here is the detente between industry
and the USG for the past ~12 years. In the late '90s, crypto export controls
were vigorously enforced. When you went to download Netscape, you had to
select the US-specific installer to get cryptography that wasn't trivially
brute-forced. If you shipped products that included SSL/TLS, or even just MD5,
you had forms to fill out.

It seems like there'd need to be a backstory on this Wind River enforcement
action. Surely there's quite a bit of crypto code in various vxWorks
distributions, but it pales in comparison to the cryptography shipped by
Mozilla and the Chromium projects. Maybe the issue is "enabling technology"
versus consumer products?

It's also unclear to me whether this is a return to form or the BIS being
especially aggressive about deliberate exports to specific countries.

~~~
ganzuul
Incorrect... You sometimes had to download binaries from a source outside the
US. Usually not, since the user was simply expected to click the link for the
non-US version.

In cases where the server actually looked at your source IP you could either
proxy or just download the binary from a source in Europe. The dev teams were
and still are seldom located in the US alone, but distributed all over the
world. The authors of encryption packages were often not US citizens, either.

The rest of the world looked at the US policy on encryption with wide-eyed
disbelief due to the horrifying ignorance that just had to lie behind it.

~~~
psykovsky
> The rest of the world looked at the US policy on encryption with wide-eyed
> disbelief due to the horrifying ignorance that just had to lie behind it.

[http://en.wikipedia.org/wiki/Authoritarianism](http://en.wikipedia.org/wiki/Authoritarianism)

~~~
Estragon
Back in Australia in 1994 or so, I clicked on a download link for PGP without
really reading the warnings, reading them during the download, and then
wondering when the US SWAT team was going to swing through my window.

------
sillysaurus3
If this type of thing is interesting to you, here's some lovely historical
perspective about government restrictions on crypto:
[http://www.foia.cia.gov/sites/default/files/DOC_0006231614.p...](http://www.foia.cia.gov/sites/default/files/DOC_0006231614.pdf)

In particular, related to this $750k Wind River violation:

 _Bidzos realized that there was a simple way to skirt the export limitation
laws. Both the AECA and the ITAR are US laws, and, as, such, they pertain only
to US companies. Bidzos went to Japan and established a Japanese subsidary,
Nihon RSA. Nihon RSA qualified as a distinct Japanese company, subject only to
Japanese law, and Bidzos was able to do whatever he wanted with his strong
encryption technologies. Knowing that his encryption technology was a desired
commodity, he shopped it around the Japanese marketplace. He promptly struck a
deal to produce encryption chips for Nippon Telephone and Telegraph
Corporation._

If the US government continues to fine Wind River, then couldn't they just set
up a foreign corporation?

~~~
Taek
That is likely going to be a consequence of these actions. Digital security is
a huge industry and is going continue being a huge industry for a long time.
US companies are decreasingly in a position to market themselves as genuinely
secure companies.

Companies that want to have credibility in the industry are going to need to
bring themselves out of the jurisdiction of restrictive laws, or lose business
to companies that have set themselves up in more friendly jurisdictions.

------
barisser
US Company Fined for Exporting Math.

We ain't got enough Math in the US to be sending it abroad!

~~~
tzs
Isn't that like saying someone fined for exporting missiles was fined for
"exporting physics", or someone fined for exporting chemical weapons was fined
for "exporting chemistry"? If not, how do you distinguish them?

Note: I'm not suggesting that the cryptography export restrictions are useful
or make any sense it all. They don't, as far as I can tell. I'm just trying to
get some discussion going as to whether reductionist arguments like "exporting
math" make sense.

~~~
djrogers
Missiles and chemical weapons are _physical objects_ which one can reasonably
presume to maintain at least some degree of control over.

Encryption algorithms are math, theory, information. They can be reproduced,
copied, and transmitted at-will, for no cost.

If the difference is still non-obvious, google around for instructions to make
ricin. Easy to find, and it's not illegal to share that information. Why
should it be illegal to share any other data? And how could one reasonably
expect to enforce it?

~~~
_delirium
It's definitely illegal to commercially export information in those areas as
well, at least past some level of detail. For example it's illegal to sell
missile or reactor blueprints without approval. It's not just selling the
physical objects (missiles or reactors) that's illegal, but also selling the
information on how to construct them.

------
ultramancool
Time for DJB and the EFF to bring their old case back?

[https://en.wikipedia.org/wiki/Bernstein_v._United_States](https://en.wikipedia.org/wiki/Bernstein_v._United_States)

"On October 15, 2003, almost nine years after Bernstein first brought the
case, the judge dismissed it and asked Bernstein to come back when the
government made a "concrete threat"."

This sure sounds like a concrete threat.

~~~
tptacek
It needs to be a concrete threat _to Daniel J. Bernstein_.

~~~
ultramancool
Yeah, you're likely correct. I didn't catch this at first due to my immediate
feeling of threat simply for having published a few tools which use high-level
cryptography libraries.

~~~
tptacek
Wind River seems to have been dinged for completing commercial transactions
with organizations that happened to be on the BIS export blacklist. You're not
going to get fined for posting code to Github.

~~~
ultramancool
But Wind River is only guilty of exporting the same already public information
which I may be and it's quite possible that anyone on that "BIS export
blacklist" could feel free to obtain my code.

~~~
tptacek
No, I do not think that accurately captures what the USG is fining Wind River
for.

------
billpg
Sorry, my time machine appears to be on the blink. I appear to be in the
1990s.

~~~
revelation
Seems like they are trying to reignite the crypto wars, what with the FBI
talking about mandatory backdoors.

It's just utterly confusing. You would think their reaction to Snowden would
be appeasement, not further repression and surveillance. Can't make it too
obvious this ain't a democracy.

~~~
toyg
I can actually see their reasoning: "you thought we were being _hard_ on you?
So the gloves are off now? Ok, so we'll show you what happens when we _really_
play hard".

------
willk
It was an Intel subsidiary. The article is not very informative. It appears as
if Wind River didn't file for an export permit and the BIS fined the because
of it; moreover, they voluntarily disclosed it [0].

[0]:[http://www.theregister.co.uk/2014/10/17/intel_subsidiary_cry...](http://www.theregister.co.uk/2014/10/17/intel_subsidiary_crypto_export_fine/)

~~~
the_ancient
Yes because one should have to file for a permit to export math (or anything
else)

~~~
LLWM
The law says you do. If you want to change that law, fine. But if you choose
not to comply, don't complain when you get fined for it.

~~~
nitrogen
Why shouldn't someone complain about a law, even if they already knew about
it? The false dichotomy between "obey and complain" vs. "get caught and shut
up" isn't necessary.

~~~
thoughtpolice
Because sometimes it's annoying and simply stupid.

Case in point: posting stupid reductionist arguments about "exporting math"
are obnoxious and completely frivolous, especially when it literally ignores
everything substantial about the law.

After all, if I give north korea blueprints for nuclear reactors, that's just
_paper_ right?! It's just math on paper! What, that's not the same? Sure it is
- quit trying to stop me from exporting paper!

You do see how the grandparents point is obnoxious and stupid, right? Or do
you not because it simply aligns with your worldview?

------
makmanalp
This is exactly what I fear happens when we allow bad laws to stay in a "well
it's there but we don't enforce it" state.

Is the way around this to develop crypto systems outside the US?

~~~
lucb1e
If I remember correctly, someone published a book which contained source code
in monospace for PGP so that it would fall under freedom of speech and was
allowed to leave the US. But that's from memory, I'm not sure it really did
circumvent that law or that it was PGP.

Edit: Ah, AlyssaRowan actually mentions[1] this further down the comment
thread:

> PGP 2.6.2 was exported as a book to call the bluff of the whole thing

[1]
[https://news.ycombinator.com/item?id=8552169](https://news.ycombinator.com/item?id=8552169)

~~~
LLWM
That doesn't prove anything. You can also export a physics textbook without
the issues you would run into exporting a nuclear weapon.

~~~
lucb1e
Except that you don't really need to buy expensive and probably-hard-to-get-by
stuff to turn the book with code into something useful (or munition, in the US
government's eyes) whereas with nuclear weapons you somehow need to get a
radioactive warhead or something.

~~~
LLWM
No, you need something even harder - expert knowledge.

------
drderidder
The damage to the US economy and tech industry caused by this sort of thing
seems likely to outweigh any supposed security benefit. Celine's First Law:
"National Security is the chief cause of national insecurity." [1] Related
stories on HN recently involving Twitter et al [2] are enough to make one
wonder how long before some of them relocate overseas.

[1]
[http://en.wikipedia.org/wiki/Celine%27s_laws#Celine.27s_Firs...](http://en.wikipedia.org/wiki/Celine%27s_laws#Celine.27s_First_Law)

[2]
[https://news.ycombinator.com/item?id=8422581](https://news.ycombinator.com/item?id=8422581)

------
DennisP
So if you're a U.S. software developer, perhaps opensource, working on
something that uses encryption, how do you stay out of trouble?

Are you ok if you use standard libraries, rather than implementing your own
crypto algorithms?

~~~
zerpa
Publicly available encryption source code is exempt from the ECCN[1] according
to the License Exception[2], section 740.13(e), provided you notify the BIS.
But do read the documents, IANAL. Interestingly, though I'm EU based, but ECCN
list is literally the same over here. Have been wading through these documents
countless times.

[1] [http://www.bis.doc.gov/index.php/forms-
documents/doc_downloa...](http://www.bis.doc.gov/index.php/forms-
documents/doc_download/951-ccl5-pt2)

[2] [http://www.bis.doc.gov/index.php/forms-
documents/doc_downloa...](http://www.bis.doc.gov/index.php/forms-
documents/doc_download/986-740)

------
demarq
American tech companies still in america are becoming the unluckiest bunch.
Their competitors pay a third of tax, are free from having to answer to the
NSA, and generally don't have to put up with cold war nonsense from the likes
of the BIS. If it weren't for american talent, many many more companies would
make the move.

~~~
adventured
I agree with your comment. There are also a lot more reasons than just talent
for why the US tech industry does so well.

It's the largest singular market in the world. A very technologically advanced
economy in general. It's a very diverse economy, with the second largest
manufacturing sector, the largest agriculture sector, the largest biotech +
pharma sectors, as well as the largest space industry and service sectors -
which provides for a very diverse tech demand and stimulant. Businesses in the
US have very high productivity rates, so they seek out productive gains as a
matter of fact, which incubates a higher demand for technology. The US tends
to adopt technology rapidly, the culture is mostly accepting of new tech,
which plays into that huge market. Businesses can change state locations
fairly easily, shifting to jurisdictions that are more friendly in various
ways (either for taxes, regulation, weather or talent depending). In the US
the tech industry is regulated at a _mostly_ low level, leaving the market
free to innovate and change rapidly. There are a lot of other good reasons.

------
rdtsc
Could this all be a positive thing if it promotes development of open source
libraries and tools ?

Not only that, but I wander how feasible is to create binary APIs for most
operating systems and CPU architectures, where you could download, verify
(that they were build from a commit id of some know open source
implementation), and plug in crypto modules as binaries.

So you buy your software from any vendor, any country. If they implement the
use of this API, then get your verified crypto modules and plug them in. Or
you build your own in house from source.

I can see how that mechanism would of course be a massive attack target by all
kinds of actors, but in theory is that possible? Maybe make it decentralized
as much as possible.

------
nathanm412
This might be an attempt to use existing means to pressure mobile device
manufacturers from enabling full device encryption by default. I know the
executive branch hasn't been too happy with the latest announcements from
Google and Apple.

~~~
maxerickson
I would speculate they did something closer to providing source code to
Chinese defense contractors.

(Which probably doesn't really matter in the scheme things, but it's the sort
of thing that will really piss off the U.S. Government)

------
learnstats2
If US tech companies cannot legally offer encryption to international clients
then we international clients shouldn't be using US tech companies.

------
jhallenworld
The country classifications are interesting
[https://www.bis.doc.gov/index.php/forms-
documents/doc_downlo...](https://www.bis.doc.gov/index.php/forms-
documents/doc_download/944-740-supp-1)

A:1 countries are our friends. E:1 countries are "terrorists". The rest are in
between. There is also the list of "Supplement 3" exception countries
(friends): see last page of [http://www.bis.doc.gov/index.php/forms-
documents/doc_downloa...](http://www.bis.doc.gov/index.php/forms-
documents/doc_download/986-740)

This charts shows what's allowed if you have crypto in your product:
[https://www.bis.doc.gov/index.php/forms-
documents/doc_view/9...](https://www.bis.doc.gov/index.php/forms-
documents/doc_view/98-license-exception-enc)

I assume vxWorks is 5E002 (tools to create non-standard crypto systems), which
is banned for D:1 countries. Well there is an exception "‐ 5E002: no D:1
countries (unless HQ'd in Supp. 3)".

------
perlpimp
does this mean if I have developed a product based on encryption it is better
to incorporate outside of USA? and perhaps register a satelite in US only to
import said products?

~~~
AlyssaRowan
It is better to not be in the US as a crypto developer, yes (especially since
there are some concerns that CALEA, National Security Letters and other
provisions have been used to strongarm people into backdooring crypto products
as described in the classified "SIGINT Enabling Project" budget, although so
far I have not seen any backdoors that were not put in willingly).

That has pretty much always been true. The crypto export laws are weaker than
they used to be back in the PGP days, when PGP 2.6.2 was exported _as a book_
to call the bluff of the whole thing, but they're still there and of some
concern (especially if you intend your software to be used by citizens inside
oppressive regimes which might be on The Export List).

I don't see why you'd need a 'satellite' to 'import'. There are no _import_
restrictions I'm aware of in the US?

For a brief, non-normative summary of crypto law, please see:
[http://www.cryptolaw.org/](http://www.cryptolaw.org/)

------
MattSteelblade
Correction: "against Wind River Systems, an Intel subsidiary" not Intel.

------
thrush
What is the justification of this law? Seems arbitrary to me. Another
question. Is not providing ample security the same as explicitly granting a
backdoor?

~~~
peterwwillis
The justification is we don't help our enemies, even if it doesn't make a
difference in the grand scheme.

Edit: looks like one of the countries is our ally... so that's weird. For the
rest of them makes sense from a geopolitical standpoint.

~~~
stan_rogers
It can get weird. I remember when the export list was significantly expanded
for high-bit crypto (2000? 2001?), and France was still on the no-go list -
not because the US prohibited export as such, but because France prohibited
import (except through authorized channels). Israel may be in the same camp.

~~~
yuhong
To be more precise, France allowed import of 128-bit crypto before US allowed
export of it and months after US allowed 56-bit crypto to be exported. I also
found out that it took until 2004 for France to formally allow import of
256-bit crypto.

------
jldugger
What better way to prove that your chips aren't NSA backdoors than to pay a
hefty fine to the people you're supposedly in bed with?

~~~
sitkack
Prove?

------
DennisP
Do we need to go back to Zimmerman's old trick and publish the code in books?
What happens if we put the code in non-DRM'd ebooks?

------
touseefliaqat
Few years ago, I was in a team implementing IPSec/IKE protocols for a US based
company in Pakistan. Though implemented in Pakistan, that product could not be
sold there :)

------
bigiain
So vxWorks on the Curiosity Rover is - presumably - exporting strong
encryption to Martian terrorists, right?

------
transfire
Would this include the export of Navajo?

~~~
sitkack
What do you think the reservations are for?

------
tn13
All this will eventually amount to American companies losing credibility
around the world.

------
e40
Can anyone provide details on what is forbidden to distribute and to where?

~~~
maxerickson
[http://www.bis.doc.gov/index.php/regulations/export-
administ...](http://www.bis.doc.gov/index.php/regulations/export-
administration-regulations-ear)

I guess you have to read it all before you can go back and try to understand
part of it (that is, I got a headache looking at a few paragraphs, and don't
think I learned anything).

------
lectrick
Is open sourcing the sensitive bits a possible defense against this?

------
wnevets
I feel like the title should be updated, a tad misleading IMO.

------
maerF0x0
Is it illegal to opensource encryption implementations?

~~~
zabcik
No, however, the export of it is still punishable. The GNU gcrypt tools, for
example, are hosted exclusively on European servers for this reason.

[http://www.gnu.org/software/libgcrypt/](http://www.gnu.org/software/libgcrypt/)

~~~
lectrick
What do words like "import," "export," and "country" mean in an Internet
context?

~~~
logfromblammo
They mean whatever the regulator wants them to mean, when you're handcuffed to
his table.

Prudence dictates that you not expose yourself or your business to unnecessary
risks. So by that standard, the "country" is wherever the enforcer has the
power to hurt you, an "import" is bringing something within reach of the
enforcer, and an "export" is moving something beyond his reach.

Just stay out of the "country", and you never have to worry about being
punished for "exports". If you look at the Byzantine import/export
regulations, you don't have to be physically located outside of the
geographical boundaries of the U.S. to be considered a foreign entity for the
purpose of importing and exporting technical information.

Just feed in this new input to your lawyer/accountant tax avoidance machine,
and everything should be all sorted out by next fiscal year.

~~~
mschuster91
Incorrect, the USA are known for messing with money, goods, people (CIA
abductions) or even the airplanes of foreign heads of state (Snowden), even if
there is no applicable jurisdiction.

Behave like a bully everywhere, then some day resistance will rise to you...

~~~
logfromblammo
I put "country" in scare quotes for precisely this reason.

If what you do impedes the state, even if it is outwardly legal, it will
impede you right back, with whatever means that seem most convenient. If you
want to develop strong encryption and distribute it worldwide, your
operational security had better be impeccable.

There's good reason why Bitcoin developer Satoshi is a secret pseudonym, and
why the real person or people behind it should be reluctant to link their
public identities with it. There would certainly be either a character
assassination in the media, or an "unfortunate accident" on the streets.

There have always been men in this world more willing to serve power than to
uphold principles. It hardly matters what flag patches they wear on their
uniforms.

------
tellor
So what better software or hardware encryption?

------
beatgrass44444
1 goal: Destroy Mid-size and Small USA business 2 goal: Destroy Software, IoT,
embedded software 3 strategy: 2.3.1 Stomp the grass to scare the snake 4
scope: ALL business uses encryption

5 past: destroy short term crypto by brute force 6 present: destroy mid term
crypto by Quantum Computing 7 future: destroy long term crypto security aka
NTRU

8 open source: sel4 proved secure and safe 9 open source: Post-Quantum
Cryptography NTRU 10 open source: secure against D-Wwaavve Goooogle cracking.

11 crime UNnatural: Nature, internet and Cybersecurity 12 crime UNnatural: Big
banksters too big to fail. 13 crime UNnatural: Scapegoat the small business
software 14 tactic: firing a drone is expensive. 15 tactic: firing malware at
Michael Hastings car is easy 16 pretext: Wind River Fined for Encryption
Software

17 bibliography 18 --books many titles destruction of middle class USA 19
en.wikipedia.org/wiki/Thirty-Six_Stratagems 20 --[PDF]On the Cryptographic
Long Term Security 21 www.scienpress.com/Upload/JAMB/Vol%203_1_1.pdf 22
[http://sel4.systems/](http://sel4.systems/) 23
[http://arxiv.org/abs/1405.2034](http://arxiv.org/abs/1405.2034) 24
[http://arxiv.org/abs/1410.8317](http://arxiv.org/abs/1410.8317) 25 --Insights
from the Nature for Cybersecurity 26 --[PDF]Provably Secure LWE Encryption
with Smallish Uniform ... 27 eprint.iacr.org/.../164.... 28
[https://pqcrypto2014.uwaterloo.ca/.../post-
quantu..](https://pqcrypto2014.uwaterloo.ca/.../post-quantu..). 29
--[PDF]Making NTRU as Secure as Worst-Case Problems over ... 30
www.iacr.org/.../6632... 31 --Michael Hasting's Car Allegedly hacked? 32
[http://www.huffingtonpost.com/2013/06/24/michael-hastings-
ca...](http://www.huffingtonpost.com/2013/06/24/michael-hastings-car-
hacked_n_3492339.html)

------
mariuolo
$750,000? That'll show them!

