(A Javascript-enabled browser is required to email me.)
TBTF logo

TBTF for 1998-12-23: The eye, altering

Keith Dawson ( dawson dot tbtf at gmail dot com )
Wed, 23 Dec 23:57:44 -0400


Threads Cryptography export policy
See also TBTF for
2000-02-06, 1999-10-05, 08-30, 08-23, 08-16, 07-26, 05-22, 05-08, 04-21, 03-01, 01-26, more...

Wassenaar: US exports crypto-export controls

33 nations agree in principle to limit exports, but all is not unity

US high-tech companies have long complained that the lack of crypto-export restrictions in other countries hampers their ability to compete abroad. The relief they have sought was relaxing US strictures, not tightening those of other nations. But US crypto ambassador David Aaron has been working behind the scenes to convince other countries to do just that. On 3 December Aaron held a press conference to claim victory in these efforts [1]. The 33 signatory nations to the Wassenaar Arrangement [2] have agreed to new rules. (Note: turn off graphics before visiting [2]: it loads 33 gratuitous GIF images of waving flags with mouseovers for a total footprint of 353K.) In summary, the new rules state:

The Wassenaar provisions are not themselves binding on signatory nations; each nation must enact its own laws to implement the rules.

Some accounts of Wassenaar have interpreted the new rules to allow the free export of any public-domain crypto of any strength, including Open Source products such as SSLEAY. My reading of the agreement itself [3] is that such products are exportable only if they meet the other requirements outlined above; in other words it would not be legal to export PGP.

A Norwegian poster to the Cryptography list asked his ministry of foreign affairs for a clarification on exactly where Open Source software falls, and was told that it is compliant with what Wassenaar calls "public domain" software.

In a speech on 7 December [4], US Commerce Department official William Reinsch said:

...participating states agreed to extend controls to mass-market encryption exports above 64 bits, thus closing a significant loophole.
A posting to Cryptography quoted a newspaper article in which the Finnish prime minister gave his views on the new Wassenaar rules. He noted that "the United States is in a very powerful position" but said that Finland will not alter its liberal principles in encryption politics.

Denmark is reported to be in a political uproar because the Danish official who signed the Wassenaar accord did not have proper parliamentary standing to do so -- and the new rules run counter to current Danish crypto policy. The upshot could be a formal renunciation of the accord by Denmark, which would render it invalid everywhere.

Two little-known Internet governance boards, the Internet Architecture Board and the Internet Engineering Steering Group, have released a memo slamming Wassenaar [5].
Threads Echelon and the UKUSA signals intelligence franchise
See also TBTF for
2000-07-20, 1999-09-11, 07-08, 06-14, 1998-12-23, 03-09

In its antitrust defense Microsoft argues that the government has no business interfering with a company's choices in product development. But the US government's National Security Agency has long taken an active role in product development, according to this CNN story [6] -- working with Microsoft as well as a host of other companies to limit available crypto technology. What's behind the US push to restrict crypto strength domestically and world-wide? Most observers of the crypto-political scene dismiss the official explanation that crypto must be limited to thwart criminals and terrorists. The bad guys have, after all, had access on the open Internet to strong-crypto source code since 1991.

This quote from Ross Anderson, with a preface by Peter Gutmann, makes plain the assumption, widely held in cypherpunk circles, that it all starts with Echelon [7].

This is probably the best one-sentence summary of export controls I've seen. It predates the recent Wassenaar announcement by about half a day, but is even more appropriate in the aftermath:

"The real aim of current policy is to ensure the continued effectiveness of US information warfare assets against individuals, businesses, and governments in Europe and elsewhere." -- Ross Anderson

In other words, those who want strong crypto restrained are, first and foremost, protecting the UKUSA franchise in filtering and monitoring worldwide communications in real time.

[1] http://www.news.com/News/Item/Textonly/0,25,29526,00.html?tbtf
[2] http://www.wassenaar.org/
[3] http://www.fitug.de/news/wa/
[4] http://jya.com/war120798-2.htm
[5] http://www.news.com/News/Item/Textonly/0,25,30228,00.html?tbtf
[6] http://cnn.com/TECH/computing/9807/27/security.idg/index.html
[7] http://tbtf.com/archive/1998-03-09.html#s05


A survey of international crypto law

On the Web and on paper

Bert-Jaap Koops <e.j.koops at kub dot nl> has updated his Crypto Law Survey [8] with news from Wassenaar and updates on the laws of 15 countries. And now Koops's PhD thesis, titled The Crypto Controversy, has been published by Kluver Law International [9]. So far the book has not appeared on Amazon.com, but you can order it directly from KLI [10] for $87 US.

[8] http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm
[9] http://cwis.kub.nl/~frw/people/koops/thesis/thesis.htm
[10] http://www.wkap.nl/book.htm/90-411-1143-3


Reflections on cyberwar

A cri de coeur, a call to care

Phil Agre doesn't usually wax emotional about issues of technology and culture; his 16 December piece on cyberwar [11] is an exception. Agre attended a conference at which several honest and sincere representatives of the US defense establishment presented a seemingly new military doctrine for the online world. They proclaimed that there is, as of now, no boundary line between military and non-military facilities. Agre writes:

In the world of the Internet, it would seem, ...we are now in... permanent, total, omnipresent, pervasive war. Cold War plus plus: all war, all the time. They said this.
Please read Agre's closely argued, anguished musings about these developments [11], and see if you don't wax emotional too.

A word on one of Agre's asides: in writing about the styles of reaction against such military thinking, Agre characterizes one group of old-line Netizens in words that strike close to home:

You may recall that, as recently as a couple of years ago, proponents of the cyberspace ideology filled the Internet with manifestos against the Communications Decency Act and many other bad actions on the part of the government. Where have those people gone? Some of them remain in business, of course, including many of the sensible ones, but they no longer come close to defining the Internet's culture.
I don't know whether or not Agre considers me one of the sensible ones. But I am certainly still in business, doing my level best to perpetuate those aspects of the roots of Internet culture most worthy of emulation -- trying to alter an occasional reader's viewpoint -- for the eye, altering, alters all.

[11] http://www.egroups.com/list/noframes/rre/983.html

space ______

South Africa considers intercepting and monitoring telecomms

Discussion paper proposes CALEA-like cost transfer

After reading about India's proposal to enable monitoring of Net traffic, Ant Brooks <ant at hivemind dot net> sent word of a similar proposal [12] (360K) circulating in South Africa. The discussion paper from the South African Law Commission proposes requiring telecomms and service providers (read: ISPs) to ensure, at their own expense, that all communications can be intercepted and monitored. Brooks writes:

These suggestions (although disturbing enough) are nowhere near as drastic as the measures being proposed in India, but because South Africa is the most connected country on the continent, I suspect that this is just the tip of the African iceberg on the issue...

As I type, I'm sitting in the auditorium attending the African Internet Group conference in Cotonou in Benin, West Africa. It is apparent that the governments of many African countries have not even begun to consider these issues, and given the high level of control that some of our governments exercise on other telecommunications services, I have some concerns about the future of Internet freedom in Africa. Hopefully, current processes of educating government about the Internet and Internet governance underway here will minimise any nasty legislation.

[12] http://jya.com/za-esnoop.htm


Threads Ganging up on Microsoft
See also TBTF for
1999-08-16, 07-19, 02-15, 02-01, 01-13, 01-04, 1998-12-23, 12-15, 12-07, 11-11, 10-19, more...

Biologist dis-integrates Explorer from Windows 98

Wait till Judge Jackson gets a whiff of this

Recent news from the Microsoft antitrust trial [13] is full of allegations and counterclaims around the testimony of Edward Felton, a Princeton computer scientist who wrote a program that he claims removes Internet Explorer from Windows 98. Microsoft says this cannot be done because Internet Explorer is an integral part of Windows. So far the trial has not been informed of the more fruitful efforts of an Australian biologist at the University of Maryland. Shane Brooks's 98lite installer [14] does a clean installation of Windows 98 without most pieces of, and without the functionality of, the Internet Explorer integration. 98lite saves at least 34 MB over a standard installation, and after adding back the Explorer shell from Windows 95, Brooks claims that his 133-MHz Pentium machine operates far faster than before. As of 15 December Microsoft was still evaluating 98Lite, but a spokesman said that the modification appears not to be good for end users: "The initial impression is this process seems to retard and replace many of the core functions that users benefit from in Windows 98" [15]. Brooks claims he is merely helping users assert their own choice of components and technologies that may be appropriate for a high-end machine but not for an older one. Techweb asserts [15] that choosing to run 98lite will forfeit you the benefit of any future Microsoft support.

[13] http://www.news.com/News/Item/Textonly/0,25,30272,00.html?tbtf
[14] http://www.wam.umd.edu/~ssbrooks/98lite/
[15] http://www.techweb.com/wire/story/TWB19981215S0017


Microsoft said to mull buying publisher Reed Elsevier

Acquisition makes sense from many points of view, not including fair use

This rumor [16] disquiets me -- such an acquisition could not be good news for fans of the fair use doctrine for intellectual property. Reed Elsevier is in the top 5 worldwide as a publisher of technical, professional, and legal books and magazines. (And corresponding Web content of course.) Reed Elsevier owns LEXIS-NEXIS, a major database publisher which has been (with West Publishing) at the center of recent battles over the copyrighting of database contents. The company has a close technical relationship with Microsoft. RE is in a management transition and is seeking a new president. Shares of both Reed (traded in London) and Elsevier (Amsterdam) have been hammered lately so the company may look like a bargain to Microsoft. Reed shares rose 5.2% on the rumor and Elsevier was up 4%.

[16] http://www.news.com/News/Item/Textonly/0,25,29985,00.html?tbtf


Quick bits

bul Self-propagating NT virus identified

Network Associates has released news [17] of a new, highly sophisticated virus named Remote Explorer that targets Windows NT systems on a network. The virus is said to exhibit self-replicating and propagating behavior typical of what is more commonly termed a "worm." NAI did not identify the company at which the virus was discovered, but MCI Worldcom has acknowledged that it was the victim. MCI Worldcom downplays the seriousness of the attack while NAI plays it up. Here is a detailed description of Remote Explorer and a "detection and cleaning" file for NAI's VirusScan NT and NetShield NT products [18].

[17] http://www.news.com/News/Item/Textonly/0,25,30167,00.html?tbtf
[18] http://www.nai.com/products/antivirus/remote_explorer.asp

bul Can IBM make Linux blue?

This account [19] is a ZDnet exclusive on a rumor that IBM is studying how best to offer support for Red Hat Linux.

[19] http://www.zdnet.com/zdnn/stories/printer_friendly/...

bul Sun to free up Java licensing

On 8 December Sun announced that it would make Java source code available under a new click-and-download "community source" program [20]. Java licensing will be free (initially) to a larger community than currently, but Sun will collect more royalties over time under the new scheme. Saying it was still finalizing details of pricing and availability, Sun has delayed introducing community source until late January 1999 at the earliest [21].

Note added 1998-12-24: Stig <stig at hackvan dot com> has analyzed [21a] the initially published Sun Community Source License, which he calls Skizzle, in comparison to other Open Source licensing models. He concludes that it has similarities to the Mozilla license and some improvements that should be studied by the Open Source community. (Stig's book on Open Source licensing will be published by O'Reilly in the spring.)

[20] http://www.pcworld.com/pcwtoday/article/0,1510,8988,00.html
[21] http://www.pcworld.com/pcwtoday/article/0,1510,9096,00.html
[21a] http://www.linuxworld.com/linuxworld/lw-1998-12/lw-12-java.html


Bright lights big tree

Seasonal real-time remote control

If you're the sort who enjoys a decorated tree at this time of year, visit this site [22] sometime during the 12 Days of Christmas. Its controls let you turn on or off various lights on and around a tree in a laboratory in The Netherlands, and see the results (via server push) more or less in real time. Drop by the statistics page [23] for a tongue-in-cheek cost calculation of this experiment's electrical energy use since 10 December. Here are the site's history, rationale, and credits [24]. Many thanks to Dan Kalikow <drdan at kalikow dot com> for the pointer. And to all a good night.

[22] http://kerstboom.roc-ehv.nl/kerstboom/scriptseng/home.asp
[23] http://kerstboom.roc-ehv.nl/kerstboom/scriptseng/stats.asp
[24] http://kerstboom.roc-ehv.nl/kerstboom/scriptseng/about.asp


bul This week's TBTF title is adapted from William Blake's The Mental Traveller [25], a poem from the Pickering Manuscript which I consider one of the more enigmatic and intriguing in Blake's oeuvre.

[25] http://www.bibliomania.com/Poetry/Blake/Collected/chap-09.html#mental

bul Emendation: At the request of Anton Sherwood I've modified the definition of the Jargon Scout term STFW [26] to "Search the flinking Web," not "Surf the fine Website" as originally published in the previous issue. Also noted is Julian Harris's claim to have originated the alternate form "STFN."

[26] http://tbtf.com/jargon-scout.html#stfw

bul Apology: Some of you took offence at a certain oblique reference in the previous TBTF to the Church of Rome. I apologize to all those so offended; be assured I intended no disrespect.

bul This will be the last issue of 1998. Remember, you have until midnight Eastern time on 31 December 1998 to file your predictions in the 1999 TBTF readers' prognostication contest [27]. Good luck and good foresight.

[27] http://tbtf.com/archive/1998-12-15.html#s10


bul For a complete list of TBTF's (mostly email) sources, see http://tbtf.com/sources.html.

TBTF home and archive at http://tbtf.com/ . To subscribe send the
the message "subscribe" to tbtf-request@world.std.com. TBTF is Copy-
right 1994-1998 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Commercial
use prohibited. For non-commercial purposes please forward, post,
and link as you see fit.
Keith Dawson    dawson dot tbtf at gmail dot com
Layer of ash separates morning and evening milk.



Copyright © 1994-2022 by Keith Dawson. Commercial use prohibited. May be excerpted, mailed, posted, or linked for non-commercial purposes.