Comments: Security Software faces rising barriers

This deemed export is ridiculous. The fact that this has become law implies a number of ridiculous assumptions, namely that by default foreginers are
1. significantly more of a threat to US homeland security than US nationals and
2. less versed in cryptography and IT security in general than locals.

A trade embargo usually hurts both parties, but it is the less developed party that suffers more from the lack of exchange (of ideas in this case). Are there more good ideas within the US than outside of it? I somehow doubt it.

Also, this law makes it harder (if not outright disadvantageous) to hire foreigners in crypto-related development within the US. The rational response for a company facing this problem is to relocate abroad and continue business as usual.

Posted by Daniel A. Nagy at October 8, 2005 10:13 AM

Yes, more or less. I think we've proven that crypto can be done anywhere. At the beginning of the 90s, crypto was stronger in the US, and in the NSA. At the end of the 90s this was no longer so. If I had to say where the US leads the world in crypto I'd list things like the NSA's budget and RSADSI's conference, not actual developments like block ciphers, md cryptanalysis, eliptic curves and good utilisations of basic work.

Why the USG continues this policy is puzzling to me; but I don't really care why it is, I just wish they'd stop doing damage to us all. What I care more about is that if you look deeply into security, you see problems: crypto-free distros, poor architectural understanding of security processes and crypto in particular, higher than normal obeisance to book learning, standards committees etc etc. And if you look closely, one of the factors that holds up consistently is that crypto is in some sense controlled or to be avoided. "Bad" in other words, or "you must use a real security expert..."

This comes directly from the USG attitude, I believe. And the result is that the net is insecure. Until we can get at the underlying factors and free them up in a sort of microeconomic reform sense (crypto to the people, willingness to include security early on, self-dependency and not the nanny state attitude) ... then we can't really ever expect the net to be secure.

Posted by Iang at October 8, 2005 11:17 AM

Although ... note that the 'deemed' export did not include crypto for some reason. I didn't understand that part.

Posted by Iang at October 8, 2005 11:18 AM
Post a comment









Remember personal info?






Hit Preview to see your comment.
MT::App::Comments=HASH(0x55a788558860) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.