Interesting People mailing list archives
IP: more on Re:: re crypto policy impact
From: David Farber <farber () cis upenn edu>
Date: Mon, 6 Sep 1999 19:20:42 -0400
From: shapj () us ibm com X-Lotus-FromDomain: IBMUS To: farber () cis upenn edu Date: Mon, 6 Sep 1999 18:14:52 -0400 Subject: Re: IP: re crypto policy impactThe following [note concerning export of Apple's G$ processors] is from a legitimate Apple dealer in RussiaDave: Since some of your readers may not know, I just wanted to take note that this isn't really a crypto issue. The US maintains export controls on three categories of things related to computers (and probably several others): 1. Cryptographic technology 2. High-performance processors 3. Secure operating systems Cryptographic technologies see regular discussion in your list, and I won't belabor them further. The high-performance processor issue doesn't appear to be an issue of "speech", and probably will never be challengable under first ammendment grounds. It's a fatally flawed policy; it is simply too easy to send students or buyers to countries that have high-performance machines and buy them for transport or use them in place. Further, I'm not aware of controls that prohibit remote access from proscribed countries over (say) the internet. [Perhaps someone on your list can expand on the last issue.] The success and widespread availability of things like Beowulf -- a project that links ordinary machines into a networked "supercomputer" -- is making the definition of "supercomputer" increasingly suspect. Why bother controlling the export of G4 processors when a few suitably linked Pentiums work just as well? The export controls were designed to make it difficult to do things like nuclear bomb simulations and decryption. Both problems are parallelizable; it may even be that a Beowulf cluster is a better solution than a G4 class processor. The Beowulf technology is not subject to export control. The secure operating system issue is a case of good intentions ill considered. It is legitemate to worry about what would happen if, say, Iran had access to operating systems that the US could not crack. Worrying won't help. Today, such technology is available piecemeal on the web, and getting better integrated daily. Court rulings on cryptographic technology have so far been careful to avoid impacting the export of operating systems. The downside to the secure OS issue is that it is *also* desirable to be able to ship products that cannot be tampered with by the end user or a third party. An adequately secured air traffic control system, for example, cannot be abused by terrorists. An adequately secure banking software suite is significantly less susceptible to electronic attack. There have been several highly secure operating system products that have been dropped because of export controls. A company has no incentive to go for real security when this means that expense is increased and the product must then be restricted to the US market. Digital (now Compaq) built and dropped an A1-capable virtual machine monitor for the VAX line that is a good case in point. Combine such policies with the Pentagon's increasing emphasis on use of COTS (commercial off the shelf) software in the interests of cost reduction and you have a clear-cut disaster in the making. This particular export restriction remains in force because of an executive order signed by Clinton when the earlier law went out of force. While opinions are now split, many individuals at NSA now believe that this law was a mistake. A compelling case can be made that this law effectively prevents the widespread dissemination of secure systems, and that in the face of current activities against our nation's electronic infrastructure the continuation of this law constitutes a clear and present danger to our nation. Jonathan S. Shapiro
Current thread:
- IP: more on Re:: re crypto policy impact David Farber (Sep 06)