tank on Sat, 5 Dec 1998 23:27:53 +0100 (CET)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: nettime-nl: Einde van de cyptovrijheid?

[John is basing his analysis below on what's been posted on the Wassenaar
site so far, and these kinds of documents aren't always put online
immediately. That said, if Ambassador Aaron is talking about the online
documents and John's analysis is correct, the Clinton administration is
going beyond mere spin: it is trying to deliberately deceive. --Declan]


Subject: So far, I think Mr. Aarons' Wassenaar statement is disinformation

Date: Fri, 04 Dec 1998 10:55:00 -0800 
From: John Gilmore <gnu@toad.com> 

I have not found a single confirmation of the Aarons statement that
the 33 Wassenaar countries have agreed to change the exemption for
mass market crypto software.  (The NY Times and Reuters stories both
quote Ambassador Aarons.)

This lack of confirmation includes the Wassenaar Arrangement statement
itself, which merely says:

        The amendments to the lists included elimination of coverage of
        commonly available civil telecommunications equipment as well
        as the modernisation of encryption controls to keep pace with
        developing technology and electronic commerce, while also being
        mindful of security interests.


The Wassenaar Arrangement works by consensus; any member can block the
adoption of any item merely by voting against it.  The policy Aarons
announced is directly contradictory to the recently reaffirmed
government policies of Finland and Ireland.  In addition, Canada and
Germany have recently stated strong pro-crypto positions (while
waffling on the particular issue of the treatment of PD and MM

The Wassenaar Arrangement also states:

        This arrangement will not be directed against
        any state or group of states and will not impede
        bona fide civil transactions.

To the extent that there is any attempt in the Agreement to control
mass market or public domain crypto software, such a provision 
would clearly contradict this limitation written into the Arrangement.
The Arrangement is for military goods -- not for civilian goods.
PGP and other civilian crypto tools are not military by any stretch
of the imagination.  It's hard to imagine that all 33 countries would
ignore this obvious problem, especially when it was pointed out to them
by concerted lobbying over the last several months.

I also note that none of the statements are clear about exactly what
is affected.  PGP, SSH, SSLEAY, Linux IPSEC, and many other crypto
tools are "public domain" rather than "mass market" software.  The
General Software Note (originally from COCOM, and adopted bodily by
Wassenaar when it was formed) exempted both "public domain" and "mass
market" software from all controls.

Finally, a companion paper released from Wassenaar yesterday shows a
clear concern by the body for human rights and fundamental freedoms:

        e.  Is there a clearly identifiable risk that the weapons might
        be used for the violation and suppression of human rights and
        fundamental freedoms?

(In this case if the the Aarons statement was true, Wassenaar itself
would be used for the violation and suppression of human rights and
fundamental freedoms.  It's hard to see that the delegates would also
ignore this and vote to suppress human rights and freedoms.)

So, I see two major probabilities here:

        *  Either Aarons is lying, to see how much trouble this stirs up.
        This would be taking a page from FBI Director Freeh, who
        announced FBI support for domestic controls on crypto last year, 
        and was then disavowed by the Administration when a ruckus 

        *  Or the NSA has cut a deal with these countries.  Then the
        question is:  what did NSA offer in return?  The usual trade
        has been access to the flow of wiretaps (as in the UKUSA
        agreement that gives Britain, NZ, Australia, and Canada access
        to Echelon -- look who the strongest supporters of the US position
        are).  Another alternative is that they used wiretaps to
        blackmail senior politicians in the recalcitrant countries.
        (It happened in the US by J. Edgar Hoover for many years.)

Do either of you have any info that would tend to confirm or deny
one of these theories?

EFF and the GILC members are checking with various governments to
start to flesh out what *actually* happened.

I should also note that developments like this are rather expectable.
Every time crypto policies get decided in a closed-door meeting where
the US government is invited, they get worse.  Whenever crypto
policies are set in open meetings where the public and the press are
able to watch -- or even, god forbid, participate -- they get better.
The OECD meetings of a few years ago were intended to be the first,
but citizens and journalists swarmed the meeting site, buttonholed
delegates as they entered and left, and turned it into the second.  We
should've done the same with this Wassenaar meeting.

US civil libertarians are prying crypto policy decisions into the
light of day via the courts and the Freedom of Information Act.
Classified NSA/FBI testimony to Congress is getting declassified, and
then its obvious lies are easily rebutted by the public.

The natural response of a bureacracy that is more concerned with its
own power to wiretap, than with making the right decisions for its
citizens, is to move its crypto maneuvering overseas into "diplomatic
meetings", held under cover of diplomatic secrecy, where they can lie
and twist arms with impunity.


POLITECH -- the moderated mailing list of politics and technology
To subscribe: send a message to majordomo@vorlon.mit.edu with this text:
subscribe politech
More information is at http://www.well.com/~declan/politech/

From: Declan McCullagh <declan@well.com>
Subject: FC: US claims victory: stricter export controls on encryption

[So much for the White House's hands-off-the-Net policy. One wonders what
the companies that on Monday applauded Clinton and Gore for their
ostensibly deregulatory approach think about this. --Declan]


       @@@@  @@@@  @@@  @@@@      @    @     @@@@  @@@@  @@@@@
       @     @  @   @   @        @ @   @     @     @  @    @
       @@@@  @@@    @   @       @@@@@  @     @@@   @@@     @
       @     @      @   @       @   @  @     @     @  @    @
       @@@@  @     @@@  @@@@    @   @  @@@@  @@@@  @   @   @

   Volume 5.18                                   December 3, 1998

                            Published by the
              Electronic Privacy Information Center (EPIC)
                            Washington, D.C.


[2] International Crypto Agreement Modified

The US Commerce Department reported on December 3 that the Wassenaar
Arrangement, a 33-country group that works on exports of military goods,
has reached an agreement on setting limits on international transfers
of encryption.

The new agreement reportedly allows for exports of crypto products up to 56
bits for all crypto and 64 bits for mass market software or hardware.
These changes reflect both a relaxation and an increase in restrictions.
Currently, cryptography items are strictly controlled. However, mass market
software is exempt. Only a few countries including the US currently
restrict exports of mass market software.

The decision to implement these changes will remain with each country and
this agreement may not result in any changes in current practice. As the
Secretariat notes on their web page: "The decision to transfer or deny
transfer of any item will be the sole responsibility of each Participating
State. All measures undertaken with respect to the arrangement will be in
accordance with national legislation and policies and will be implemented
on the basis of national discretion." The US has been lobbying the other
members to adopt more restrictive laws. However, many nations such as
Finland, Canada and Ireland have announced domestic policies in the past
year which allow for more liberal exports.

Earlier this year members of the Global Internet Liberty Campaign,
an international organizations of civil liberties groups around
the world, wrote to the Wassenaar Secretariat and urged the removal
of controls on cryptography. The GILC Statement said that "failure to
protect the free use and distribution of cryptographic software will
jeopardize the life and freedom of human rights activists, journalists
and political activists all over the world."

The announcement from the US Department of Commerce on the new
Wassenaar controls came in the same week that the White House said that
it would pursue a policy of "self-regulation" for Internet commerce.

More information on Wassenaar is available from:


GILC Statement:


WASHINGTON, Dec 3 (Reuters) - Clinton administration officials on Thursday
said they had persuaded other leading countries to impose strict new export
controls on computer data-scrambling products under the guise of arms control.

At a meeting on Thursday in Vienna, the 33 nations that have signed the
Wassenaar Arrangement limiting arms exports -- including Japan, Germany and
Britain -- agreed to impose controls on the most powerful data-scrambling
technologies, including for the first time mass-market software, U.S.
special envoy for cryptography David Aaron told Reuters.


POLITECH -- the moderated mailing list of politics and technology
To subscribe: send a message to majordomo@vorlon.mit.edu with this text:
subscribe politech
More information is at http://www.well.com/~declan/politech/
* Verspreid via nettime-nl. Commercieel gebruik niet toegestaan zonder
* toestemming. <nettime-nl> is een gesloten en gemodereerde mailinglist
* over net-kritiek. Meer info: list@dds.nl met 'info nettime-nl' in de
* tekst v/d email. Archief: http://www.factory.org/nettime-nl. Contact:
* nettime-nl-owner@dds.nl. Int. editie: http://www.desk.nl/~nettime.