Page One

Campus Computing News


Large Group E-Mail Guidelines

J2 on the Academic Mainframe

MailBook 2000 on Academic CMS

WebCT Frequently Asked Questions (and Answers!)

Is Your Student Organization Online?

RSS Matters

The Network Connection

List of the Month


Short Courses

IRC News

Staff Activities

Subscribe to Benchmarks Online

By Mark Wilcox, Campus Web Administrator

Toward a More Secure Networked World

While the government does make some stupid decisions from time to time (ok a lot of times ;), occasionally they do manage to correct their mistakes.

One example has been US cryptography laws. Under our old laws, it was illegal for anyone in the US to give anyone outside of the US or Canada a copy of cryptographic software. In fact the US government regulated such software as the same class of munitions as nuclear weapons. The reasoning was that the bad guys could get hold of this cryptography and the US military/law enforcement (the good guys ? ;) wouldn't be able to hear/see what they were doing. Of course it ignored the fact that other countries could create strong cryptography on their own & they were not hindered by such laws.

It was just an obscene and naive law. For example, I could write a book on cryptography with the source code (e.g. the commands that tell the computer what to do) and sell it overseas. This was protected under the first amendment. But as soon as I put into an electronic form (even E-mail) and sent it to my friends in England, it was assumed I had committed a criminal act on the same level as say selling atomic secrets to Iraq.

Many people ignored or didn't care about the law really. After all they thought, "if you have nothing to hide, why hide it". Well of course this thinking has changed a bit as the Internet boom has grown. For starters, you don't want to let just anyone see your credit card number. Or you don't want anyone else reading your E-mail to your significant other (which anyone can do right now, fairly easily, unless your E-mail is encrypted).

Because of this law, companies who wanted to provide encryption in their software and wanted to export it overseas had to have two versions. One version for the US and a weaker version for overseas. This cost companies millions, if not billions of dollars in lost revenue (after all who wants to use a weaker security system, if they can get a stronger one from someone else) and in development costs.

This law was also probably unconstitutional. Arguments could be made on 1st, 2nd and 10th Amendments. However, because the law had the backing of the major intelligence agencies, the military and law enforcement (conspiracy believers should ignore the black helicopters and pay more attention to things like this) & thus it was hard to get really a fair shake in court.

However, finally, after many years of lobbying by crypto experts, lobbyists and a few ex-members of the NSA now turned business executives, both Congress and the Commerce Department (who had enforced the old law) have overturned it. [For more information see the CDT Encryption issues page ]

Essentially you can now export cryptography software overseas (except for Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria -- the so-called “T-7 countries”).

If this does stand, then it will be likely that we'll see more products appear with better & easier to use cryptography, which when used as part of a solid, simple, living security plan, makes for a much more secure networked world.

Until next time.