on Fri, 11 Dec 1998 01:58:23 +0100 (CET)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> Strike to protest Wassenaar!


*** beginning of quoted text ***

                         Strike to protest Wassenaar!

      Bob's usual web pages are temporarily unavailable. They will return
                                                       after 14 December.

   This is a global call for computer professionals to strike on Monday,
   14 December, 1998 to protest the signing of the Wassenaar Arrangement,
   an international treaty that imposes new restrictions on cryptographic
   software technology. The strike is meant to raise awareness about the
   importance of cryptography, about the U.S. government's wrongheaded
   attempts to curtail its use, and about the strong-arm tactics used by
   the United States to pressure other countries into limiting their
   citizens' rights the way it has limited its own.


   For many years, a U.S. law known as ITAR regulating the export of
   munitions has been used by the government to prohibit the export not
   only of missiles and tanks but of cryptographic software as well
   ("crypto" for short).

   Crypto is an essential technology for electronic commerce, online
   privacy, and computer security. Without it, malicious hackers can
   easily intercept credit card numbers and bank account data, read
   private e-mail and forge messages, and infiltrate computer networks.
   Crypto is also used to protect against unwanted information disclosure
   that's not malicious; for instance, to keep employees on a computer
   network from accidentally stumbling across a file full of salary

   Most major software vendors require crypto capabilities in their
   products. For instance, Netscape Navigator contains crypto software
   from RSA for doing such things as secure credit card transactions.

   The U.S. was alone among its major trading partners in imposing such
   restrictions on crypto export (France being a notable exception). In
   the mid-1990's, as the Internet began reaching the mainstream,
   software vendors began complaining that the export restrictions made
   it impossible for them to compete globally. They had to deliberately
   "cripple" their software, disabling crypto capabilities, before being
   allowed to export it. Their competitors overseas did not face this
   handicap. U.S. software vendors pleaded with the government for a
   level playing field.

   Around the same time, various legal challenges to the export control
   of crypto were underway, notably Phil Karn's Applied Cryptography case
   and Dan Bernstein's Snuffle case. A ruling in the Snuffle case
   declared parts of ITAR to be unconstitutional. Meanwhile, Phil
   Zimmermann, author of the popular crypto program PGP, was the object
   of years of legal harassment by the government---harassment that was
   abruptly dropped when the government (apparently) realized they were
   on shaky legal ground. Similarly, attempts by the Clinton
   administration to place new domestic restraints on crypto---the
   so-called "Clipper chip" proposals, that would have required all
   encrypted data to be decipherable by the government---failed because
   of constitutionality concerns. Because of these and other
   developments, the days appeared to be numbered for laws restricting
   crypto technology.

   Is your country among the Wassenaar signatories?

   Argentina; Australia; Austria; Belgium; Bulgaria; Canada; Czech
   Republic; Denmark; Finland; France; Germany; Greece; Hungary; Ireland;
   Italy; Japan; Republic of Korea; Luxembourg; The Netherlands; New
   Zealand; Norway; Poland; Portugal; Romania; Russia; Slovakia; Spain;
   Sweden; Switzerland; Turkey; Ukraine; United Kingdom; United States.

   If so, you've just lost some rights you may not have been aware of.

   Then on 3 December 1998, 33 countries signed the Wassenaar Arrangement
   on Export Controls for Conventional Arms and Dual-Use Goods and
   Technologies, whose noble purpose is to preserve international peace
   and stability by reducing the proliferation of offensive strategic
   weapons. Incredibly, though, crypto software is included in the treaty
   as an offensive strategic weapon! The U.S., under pressure from its
   high-tech sector to "create a level playing field," did just
   that---not by dropping the unreasonable restrictions on crypto export
   but by bullying its trading partners into adopting the same ones!
   This, despite the fact that they didn't want to, despite Europe's
   recent commitment to strong privacy laws, and despite mounting legal
   evidence that the crypto export laws are flawed.

  Why does the government care?

   Why does the U.S. government insist on treating crypto as munitions?
   After all, numerous citizens' and industry groups, including the
   American Civil Liberties Union, the Electronic Frontier Foundation,
   the Electronic Privacy Information Center, and some fifty other
   members of the Global Internet Liberty Campaign have denounced the
   government's position. Furthermore, there is other software not
   covered by export control laws that would seem to pose a greater
   military threat. Missile guidance software, for instance.

   The answer is that the government wishes to control crypto to preserve
   its eavesdropping capabilities. (This intent was betrayed by the
   administration's failed Clipper chip proposals.) The position of the
   U.S. government is that crypto technology can be used by lawbreakers
   in maturing their felonious little plans, and law enforcement will
   have that much harder a time keeping up with them. International
   terrorists might use encrypted e-mail to plan some hideous act on
   American soil, and the FBI would be none the wiser.

   This argument is specious for at least two reasons. First of all,
   high-quality crypto software has long been available outside the
   United States; just because the terrorists can't get their hands on
   American crypto software doesn't mean that they can't still conceal
   their activities using encryption.

   The second reason is that this argument applies equally to such things
   as knives, locks, matches, power tools, the Interstate highway system,
   rope, and anything else that has a legitimate use but might also be
   used in a crime.

  What will be the result?

   After Wassenaar, the major industrialized nations will not be able to
   export cryptographic software. Each nation will have to develop its
   own software, or rely on exports from Third World countries (or others
   that aren't Wassenaar signatories). Since crypto software won't be
   shareable, it is likely that there will be interoperability problems;
   citizens of one country will be unable to exchange encrypted data with
   citizens of another.

   On the other hand, countries can share crypto software---as long as
   it's not exported as software. The Applied Cryptography case, for
   example, highlights the fact that crypto programs, reproduced
   line-by-line in a printed book, are exportable, because they're
   "protected speech" under the First Amendment. This is why, when Phil
   Zimmermann wrote PGP, he published the program in book form so it
   could legally be shared with other nations despite ITAR. Now, it's a
   lot of work for someone overseas to get a copy of the book and
   transcribe its contents back into a computer, but it's certainly
   possible to do. It's even easier to scan the book with an OCR (optical
   character recognition) device, turning it back into digital form
   automatically. Furthermore, since the U.S. Supreme Court opined in
   ACLU vs. Reno that the Internet deserves the highest level of
   free-speech protection, it seems inevitable that the legal distinction
   between exporting a program in book form and exporting a program in
   digital form will soon evaporate.

   In short, the law accomplishes nothing except to create an
   inconvenience for law-abiding users of cryptography and to set a bad
   precedent that will allow governments to impose further unwarranted
   restrictions on our freedoms in the future.

   Not surprisingly, although Wassenaar blithely tramples the rights of
   individuals, it protects large corporations. Exempt from its
   cryptography restrictions are uses that protect intellectual property.
   So Sony Pictures can rest assured that its investment in Leonard Part
   6 is safe 'cause no one can copy the DVD, whereas little old you can't
   be certain who'll see that embarrassing mash note you e-mailed to your

  Call to action

   If you are a computer professional, don't work on Monday, 14 December,
   1998. Take the day off, and use part of that time to contact
   journalists, politicians, friends, and relatives, informing them of
   your displeasure with the big step backward represented by Wassenaar's
   crypto provisions.

   Prior to that date, spread the news about this strike among colleagues
   and associates. Share the URL of this web page. Mirror it on your own
   web server if you can. Educate yourself about the issues. (Begin by
   following some of the links on this page.)

  Why strike?

   In democratic societies, citizens generally do not surrender their
   liberties without a compelling reason. But interested parties can
   sometimes take away liberties when the issues aren't well-understood.

   In order to make its job easier, the American law-enforcement
   establishment is interested in taking away liberties that most people
   don't yet know to care about preserving. The purpose of this strike,
   therefore, is to raise public awareness, educating people about what's
   been taken away from them and what else they stand to lose.

   It would make law enforcement's job easier if it could restrict travel
   between cities, too, or monitor private conversations at will, or
   fingerprint everybody, but we don't tolerate such intrusions. When
   technology advances, we insist that law enforcement update its methods
   to combat its occasional misuse, rather than deny us its benefits. So
   must we insist now.

  I don't care

   Maybe you don't plan to shop online, or if you do, you don't care if
   your credit card number is intercepted. Or maybe you don't plan to
   correspond with people electronically, or if you do, you don't care
   that your correspondence can be read by total strangers. Maybe
   cryptography just plain doesn't matter to you. But the law that
   governs it should matter to you, and here's why: it's based solely on
   the premise that cryptography tools can be used for illegal purposes.
   Some things, like lock-picking tools and nuclear weapons, are banned
   for the same reason, but only because they have no legitimate use. The
   uses of cryptographic software, on the other hand, are overwhelmingly
   legitimate. When the government deprives its citizens of useful rights
   simply to make the job of law enforcement easier, it is on the road to
   becoming a police state.

   Can't happen here? It does seem unlikely---but only because we have
   the freedom to oppose such measures, a freedom that Americans have
   always used to ward off government abuses. If we don't use that
   freedom now, while it's still early enough to do some good, we may
   lose it altogether.

   In 1996, Phil Zimmermann testified to the U.S. Senate about crypto
   export restrictions, saying in part that crypto is an essential tool
   used throughout the world to protect citizens against tyranny in

                         [LINK] Golden Key Campaign

     Copyright  1998 by Bob Glickstein. The opinions expressed on this
                 page are not necessarily those of Zanshin.

                     This page was created with Latte.
*** end of quoted text ***

#  distributed via nettime-l : no commercial use without permission
#  <nettime> is a closed moderated mailinglist for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: and "info nettime-l" in the msg body
#  URL:  contact: