33 nations agree in principle to limit exports, but all is not unity
US high-tech companies have long complained that the lack of crypto-export restrictions in other countries hampers their ability to compete abroad. The relief they have sought was relaxing US strictures, not tightening those of other nations. But US crypto ambassador David Aaron has been working behind the scenes to convince other countries to do just that. On 3 December Aaron held a press conference to claim victory in these efforts . The 33 signatory nations to the Wassenaar Arrangement  have agreed to new rules. (Note: turn off graphics before visiting : it loads 33 gratuitous GIF images of waving flags with mouseovers for a total footprint of 353K.) In summary, the new rules state:
The Wassenaar provisions are not themselves binding on signatory nations; each nation must enact its own laws to implement the rules.
Some accounts of Wassenaar have interpreted the new rules to allow the free export of any public-domain crypto of any strength, including Open Source products such as SSLEAY. My reading of the agreement itself  is that such products are exportable only if they meet the other requirements outlined above; in other words it would not be legal to export PGP.
A Norwegian poster to the Cryptography list asked his ministry of foreign affairs for a clarification on exactly where Open Source software falls, and was told that it is compliant with what Wassenaar calls "public domain" software.
In a speech on 7 December , US Commerce Department official William Reinsch said:
Denmark is reported to be in a political uproar because the Danish official who signed the Wassenaar accord did not have proper parliamentary standing to do so -- and the new rules run counter to current Danish crypto policy. The upshot could be a formal renunciation of the accord by Denmark, which would render it invalid everywhere.
Two little-known Internet governance boards, the Internet Architecture Board and the Internet Engineering Steering Group, have released a memo slamming Wassenaar . thread("ech") ?>
In its antitrust defense Microsoft argues that the government has no business interfering with a company's choices in product development. But the US government's National Security Agency has long taken an active role in product development, according to this CNN story  -- working with Microsoft as well as a host of other companies to limit available crypto technology. What's behind the US push to restrict crypto strength domestically and world-wide? Most observers of the crypto-political scene dismiss the official explanation that crypto must be limited to thwart criminals and terrorists. The bad guys have, after all, had access on the open Internet to strong-crypto source code since 1991.
This quote from Ross Anderson, with a preface by Peter Gutmann, makes plain the assumption, widely held in cypherpunk circles, that it all starts with Echelon .
"The real aim of current policy is to ensure the continued effectiveness of US information warfare assets against individuals, businesses, and governments in Europe and elsewhere." -- Ross Anderson
On the Web and on paper
Bert-Jaap Koops <e.j.koops at kub dot nl> has updated his Crypto Law Survey  with news from Wassenaar and updates on the laws of 15 countries. And now Koops's PhD thesis, titled The Crypto Controversy, has been published by Kluver Law International . So far the book has not appeared on Amazon.com, but you can order it directly from KLI  for $87 US.
A cri de coeur, a call to care
Phil Agre doesn't usually wax emotional about issues of technology and culture; his 16 December piece on cyberwar  is an exception. Agre attended a conference at which several honest and sincere representatives of the US defense establishment presented a seemingly new military doctrine for the online world. They proclaimed that there is, as of now, no boundary line between military and non-military facilities. Agre writes:
A word on one of Agre's asides: in writing about the styles of reaction against such military thinking, Agre characterizes one group of old-line Netizens in words that strike close to home:
Discussion paper proposes CALEA-like cost transfer
After reading about India's proposal to enable monitoring of Net traffic, Ant Brooks <ant at hivemind dot net> sent word of a similar proposal  (360K) circulating in South Africa. The discussion paper from the South African Law Commission proposes requiring telecomms and service providers (read: ISPs) to ensure, at their own expense, that all communications can be intercepted and monitored. Brooks writes:
As I type, I'm sitting in the auditorium attending the African Internet Group conference in Cotonou in Benin, West Africa. It is apparent that the governments of many African countries have not even begun to consider these issues, and given the high level of control that some of our governments exercise on other telecommunications services, I have some concerns about the future of Internet freedom in Africa. Hopefully, current processes of educating government about the Internet and Internet governance underway here will minimise any nasty legislation.
Wait till Judge Jackson gets a whiff of this
Recent news from the Microsoft antitrust trial  is full of allegations and counterclaims around the testimony of Edward Felton, a Princeton computer scientist who wrote a program that he claims removes Internet Explorer from Windows 98. Microsoft says this cannot be done because Internet Explorer is an integral part of Windows. So far the trial has not been informed of the more fruitful efforts of an Australian biologist at the University of Maryland. Shane Brooks's 98lite installer  does a clean installation of Windows 98 without most pieces of, and without the functionality of, the Internet Explorer integration. 98lite saves at least 34 MB over a standard installation, and after adding back the Explorer shell from Windows 95, Brooks claims that his 133-MHz Pentium machine operates far faster than before. As of 15 December Microsoft was still evaluating 98Lite, but a spokesman said that the modification appears not to be good for end users: "The initial impression is this process seems to retard and replace many of the core functions that users benefit from in Windows 98" . Brooks claims he is merely helping users assert their own choice of components and technologies that may be appropriate for a high-end machine but not for an older one. Techweb asserts  that choosing to run 98lite will forfeit you the benefit of any future Microsoft support.
Acquisition makes sense from many points of view, not including fair use
This rumor  disquiets me -- such an acquisition could not be good news for fans of the fair use doctrine for intellectual property. Reed Elsevier is in the top 5 worldwide as a publisher of technical, professional, and legal books and magazines. (And corresponding Web content of course.) Reed Elsevier owns LEXIS-NEXIS, a major database publisher which has been (with West Publishing) at the center of recent battles over the copyrighting of database contents. The company has a close technical relationship with Microsoft. RE is in a management transition and is seeking a new president. Shares of both Reed (traded in London) and Elsevier (Amsterdam) have been hammered lately so the company may look like a bargain to Microsoft. Reed shares rose 5.2% on the rumor and Elsevier was up 4%.
Self-propagating NT virus identified
Network Associates has released news  of a new, highly sophisticated virus named Remote Explorer that targets Windows NT systems on a network. The virus is said to exhibit self-replicating and propagating behavior typical of what is more commonly termed a "worm." NAI did not identify the company at which the virus was discovered, but MCI Worldcom has acknowledged that it was the victim. MCI Worldcom downplays the seriousness of the attack while NAI plays it up. Here is a detailed description of Remote Explorer and a "detection and cleaning" file for NAI's VirusScan NT and NetShield NT products .
Can IBM make Linux blue?
This account  is a ZDnet exclusive on a rumor that IBM is studying how best to offer support for Red Hat Linux.
Sun to free up Java licensing
On 8 December Sun announced that it would make Java source code available under a new click-and-download "community source" program . Java licensing will be free (initially) to a larger community than currently, but Sun will collect more royalties over time under the new scheme. Saying it was still finalizing details of pricing and availability, Sun has delayed introducing community source until late January 1999 at the earliest .
Seasonal real-time remote control
If you're the sort who enjoys a decorated tree at this time of year, visit this site  sometime during the 12 Days of Christmas. Its controls let you turn on or off various lights on and around a tree in a laboratory in The Netherlands, and see the results (via server push) more or less in real time. Drop by the statistics page  for a tongue-in-cheek cost calculation of this experiment's electrical energy use since 10 December. Here are the site's history, rationale, and credits . Many thanks to Dan Kalikow <drdan at kalikow dot com> for the pointer. And to all a good night.
Emendation: At the request of Anton Sherwood I've modified the definition of the Jargon Scout term STFW  to "Search the flinking Web," not "Surf the fine Website" as originally published in the previous issue. Also noted is Julian Harris's claim to have originated the alternate form "STFN."
Apology: Some of you took offence at a certain oblique reference in the previous TBTF to the Church of Rome. I apologize to all those so offended; be assured I intended no disrespect.
This will be the last issue of 1998. Remember, you have until midnight Eastern time on 31 December 1998 to file your predictions in the 1999 TBTF readers' prognostication contest . Good luck and good foresight.
TBTF home and archive at http://tbtf.com/ . To subscribe send the the message "subscribe" to email@example.com. TBTF is Copy- right 1994-1998 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Commercial use prohibited. For non-commercial purposes please forward, post, and link as you see fit. _______________________________________________ Keith Dawson dawson dot tbtf at gmail dot com Layer of ash separates morning and evening milk.
include ("../inc/foot-ar") ?>