Re: "Only" export control

Scott McDermott (scottm@kcls.org)
Tue, 24 Jun 1997 09:29:03 -0700 (PDT)


On Mon, 23 Jun 1997, Seth D. Schoen wrote:

> All right, so in regard to this bill: sure, it's terrible, but it may
> not be _as terrible_ as people think. That is, for U.S. users, I don't
> think that the bill means to take away _your copies_ of crypto software.
> Sure, Louis Freeh would love to do that, but not by means of this bill.
> It only seems to codify in law current export regulations, to the major
> detriment of U.S. programmers' competitiveness, but _not_ of U.S. users'
> privacy.

OK, so we can't export more than 56-bits, we've already know this.

What it does do that is very bad is state that any encryption products
used by the federal government, or purchased with federal government
funds, must be based on a key recovery system.

In and of it's self that may seem fairly innocent. However, what
commercial entity is going to create and sell products that they cannot
sell to the federal government? It's a big incentive to switch to
techniques under which key recovery can be employed. With this law, I'm
afraid we'll start seeing key recovery systems become standard. State and
local governments will probably pass similar laws.

After a while they'll probably at least try to make key recovery mandatory
for private encryption use. I hope that day doesn't come, as it's
obviously a Bad Thing(tm), but since when did the government work with
common sense?

It sets a bad precedent.

/*
Scott McDermott - SysAdmin \ "Always make it reversible."
King County Library System \ - A wise SysAdmin
PGP key in the usual places... \
*/