Interesting People mailing list archives
John Gilmore on CSIS' Lewis anti-encryption,
From: Dave Farber <dave () farber net>
Date: Sun, 22 Sep 2002 09:29:09 -0400
------ Forwarded Message From: Declan McCullagh <declan () well com> Reply-To: declan () well com Date: Sat, 21 Sep 2002 08:46:37 -0700 To: politech () politechbot com Cc: gnu () toad com, JALewis () csis org Subject: FC: John Gilmore on CSIS' Lewis anti-encryption, privacy efforts Previous Politech message: "CSIS' James Lewis replies to Politech on WH cybersecurity report" http://www.politechbot.com/p-04008.html -Declan --- Date: Sat, 21 Sep 2002 00:42:15 -0700 From: John Gilmore <gnu () toad com> To: declan () well com, gnu () toad com Cc: JALewis () csis org Subject: Re: FC: CSIS' James Lewis replies to Politech on WH cybersecurity report In-reply-to: <5.1.1.6.0.20020920073027.01a88cb0 () mail well com> Jim Lewis said:
Declan: I actually think the National Strategy is very strong, but I question the heavy reliance on voluntary action and self-regulation.
Don't forget that Jim Lewis is the guy who headed the Bureau of Export Administration sub-department that wrote and enforced the unconstitutional regulations that prevented people from building good security into their computer and communications products. Perhaps he has learned just how much cyber security his previous regime's censorship cost the US (and world society). It took a six-year court case, Bernstein v. US, that cost us (private sector security & privacy activists) millions of dollars of work, to get him to stop. So that we in the private sector could merely be LEGALLY ABLE to build decent security into our products, without being thrown in prison for our efforts. The case is still going on, because the last regulations Jim promulgated before decamping to CSIS are STILL torturous and unconstitutional. See http://www.eff.org/bernstein/ and http://cr.yp.to/export.html. Hugh Daniel and I personally appealed a particular export decision, in a room full of Commerce Dept lawyers and him. Jim had decided that it was illegal for Hugh to ship software for AUTHENTICATION -- proving who you are, or that you are authentic -- because somebody, someday, maybe, could potentially modify that software to hide information. (Better Authentication is much of what we need to improve cyber security.) Jim's decision flew in the face of the explicit regulations, that for many years had exempted Authentication software from the controls that he was enforcing. We argued to them that if they made totally arbitrary decisions that ignored the printed regulations, nobody would even bother to submit crypto products to them -- we might as well ask for foregiveness as permission, if both are arbitrary. I think the phrase "Rule of Law" was uttered at least once. They ultimately ignored us, and (months later) told us we couldn't export it anyway. Hugh and I were trying to make the Domain Name System secure, an effort that has still never been accomplished, thanks to the opposition from Jim, and from a few other people with their own crazy axes to grind. Building even the half-decent level of computer security we have today took thousands of other peoples' work too. Phil Zimmermann's courageous activism, in the face of Jim's attempt to indict him on Federal crimes. Millions spent on lobbying by commercial firms who merely wanted to ship secure computer products. The Netscape crew put strong crypto into their product, navigating the perilous export bureacracy so that we U.S. customers could actually get a copy of it, thus bringing us secure web transactions instead of the bogus security that prevails to this day in telephony (including cellular) and wireless (including 802.11 WiFi). Many foreigners, from Australia to Finland and everywhere in between, contributed working crypto that has become the backbone of security on the Internet. All of this happened DESPITE Mr. Lewis's fervent opposition. [Of course, the reason Jim Lewis opposed all of this good security is because his collaborators in the NSA and FBI wanted the physical capability to wiretap *everyone* illegally. In the last year even the secret FISA wiretap court has thrown up its hands, tossed aside its 20+ years of secrecy, and announced, "These guys are totally blowing the Constitution." See http://www.aclu.org/issues/privacy/FISA_feature.html and http://www.eff.org/Privacy/Surveillance/20020919_eff_FISCR.html ] I wouldn't put much faith in what Mr. Lewis has to say on the topic of cyber security. He knows how to drive us, with the biggest whips possible, in the exact wrong direction. John Gilmore ------------------------------------- You are subscribed as interesting-people () lists elistx com Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- John Gilmore on CSIS' Lewis anti-encryption, Dave Farber (Sep 22)