"Are there so many foreign crypto products that any regulation by only one country will be easily circumvented? Or has the industry consolidated around only a few products made by only a few countries, so that effective regulation of strong encryption is possible?"
your questions are very interesting. i am very interested in your results. if you look at big data and analysis of the snowden leaks, it would appear, that there are just a few players / manufacturers in a few countries. strategically located in some "crypto free port". [i would check the footnotes in Bruce Schneier's book, Data and Goliath] i can offer some gut intuition; as well as state that there are human and sociological factors that apply. not just to crypto, but to other areas as well.
imho, it is not the number of foreign crypto products that permits circumvention. you only need one good product to be available somewhere. customers will come. since, knowledge can not be contained, any one, any where, can build "it". whatever it is. to borrow from theology. the idea of a wooden table exists any where. even in the sahara desert where there are no trees and wood. because it's an idea. it exists in people's head.
there is an arrogance and belief that knowledge, mental ability, is beyond other races, cultures, etc. this mentality applies to the US and UK gov'ts attitude toward others. esp. in crypto. the UK was the leader. then, the US. but, it seems to be overlooked what the Swedish did. and, the Poles cracked the Enigma in its first stages. something overlooked. the US believes they are the ones who cracked the Enigma. in final stages yes. while americans believe they are inventors, which is an american culture, a lot of the technology in the US is adopted after fundamental research is done elsewhere. a fact overlooked by US historians and average Americans. the trains are a good example. once fundamentally developed in europe. the US adopted and implemented the railroads in a way, on a scale; no european nation did. and; the US built a country and conquested the "West", with the railroads.
not adhering to the axiom that 'what one man can do, another can undo', is causing the US lots of trouble and the loss of the cyrpto war. the US, FBI goes to math professors to tell them to stop doing their research or else. the research stops. and, some Israeli math professer comes out with a key busting algorithm instead. and, everyone knows it. because, the Israeli professor doesn't have the constrictions that the American professor has. mind you, Israel is in a constant state of war, has a military censor and under the constant threat of terrorism. yet, the israeli approach to crypto is not suppression. [one should consider this deeply in the discussion of crypto, terrorism and the suppression of crypto knowledge and the restrictions on encryption to prevent terrorism.]
also, in general, suppression, dictatorships, make ppl less innovative. its scary to be innovative under those conditions. and, it doesn't have to be an actual dictatorship. people need privacy to function properly. you can't innovate, create, follow intellectual pursuits and discovery, if you live under the fear, that if you think or say or write something, that you will get into trouble or be persecuted or publicly humiliaty and shamed. it's kind of ironic, that in such a "free" country, when it comes to unclassified, independent research, the gov't will crack down on you hard. if they can.
so, US citizens, corporations, don't even bother making or employing good crypto. while i don't know this for a fact, from what appears in the papers, i can only surmise, that gov't contractors, like Boeing, making air force jets, is not using the best crypto and security practices. which is why they are being hacked by the Chinese.
technically, legally, in the US, you can sell the toughest encryption to private US citizens and domestic companies, for use in the US. that never happens. the FBI will come after you. some hackers have developed stuff, that they sell. quality uncertain. and, i doubt you can get much else besides passwords and access numbers on the dark web. kiddie scripts and war game dialers. commercially, IBM once made a hack proof machine. in the 70's. the FBI approached them and pressured / asked / bribed IBM not to sell the machine. IBM complied. IBM was only going to sell to banks. and to think, non US ppl can't make such stuff, is ridiculous.
another point about the gov't suppression of crypto work, a good example is David Kahn's book, "The History of Cryptography". Kahn was a newspaper reporter who wrote a book. he selected a topic that was sensational and would sell copy. Kahn was no expert in crypto. Kahn was living in the post WWII era. he chose an exciting topic from the war. were the US were heroes. and, the NSA didn't want the book published. the main thing was the exposition of the US-UK crypto link. there were also issues about the legality of the NSA and its actions. the blackmail of Truman to create the NSA. spying on citizens. during WWII if ppl had found out, they would have been ok with it. war powers. but, in peace time. shut it down. how the NSA handled it is indicative of this whole issue.
first they told the publisher not to print the book. since gallies had already been made, the publisher said, we're ready to go into production. we've invested. we need to see this through.
then, they slandered the author as an ignoramous. the publisher still didn't fall for that. don't remember why. but, ok. we know he wasn't an expert. but, he was a good writer and did his research. his book is really good.
then, they came with the national security thing and asked, please don't publish this. the publisher said, i'll have to ask the author. who was totally fine with that. ok. no problem. all they had to do is ask. but, didn't do that first. and, the stupidest thing of all is, that the statement they wanted removed, was in the text and a footnote. they only asked for it to be removed from the text. not the footnote. so, if you really, read the book. you would know any way.
it is this attitude that is making the US lose the crypto war. i'll say it again. if there is a backdoor for you, it's only a matter of time, until some else can find that backdoor too.
On 1/1/2016 2:55 AM, Jeffrey Walton wrote:
From Schneier's CRYPTOGRAM (http://www.schneier.com/crypto-gram/archives/2015/1215.html): In 1999, Lance Hoffman, David Balenson, and others published a survey of non-US cryptographic products. The point of the survey was to illustrate that there was a robust international market in these products, and that US-only export restrictions on strong encryption did nothing to prevent its adoption and everything to disadvantage US corporations. This was an important contribution during the First Crypto War, and Hoffman testified before a Senate committee on his findings. I want to redo that survey for 2015. Here, at the beginning of the Second Crypto War, we again need to understand which encryption products are outside the reach of US regulation (or UK regulation). Are there so many foreign crypto products that any regulation by only one country will be easily circumvented? Or has the industry consolidated around only a few products made by only a few countries, so that effective regulation of strong encryption is possible? What are the possibilities for encrypted communication and data storage? I honestly don't know the answer -- and I think it's important to find out. To that end, I am asking for help. Please respond in the comments with the names -- and URLs -- of non-US encryption software and hardware products. I am only interested in those useful for protecting communications and data storage. I don't care about encrypting financial transactions, or anything of that sort. Thank you for your help. And please forward this blog post to anyone else who might help. EDITED TO ADD: Thinking about it more, I want to compile a list of domestic (US) encryption products as well. Since right now the FBI seems intent on just pressuring the big companies like Apple and Microsoft, and not regulating cryptography in general, knowing what else is out there in the US will be useful. 1999 Survey: https://www.cryptome.org/cpi-survey.htm https://www.seas.gwu.edu/~lanceh/senate_testimony_pdf.pdf First Crypto War: https://www.newamerica.org/oti/doomed-to-repeat-history-lessons-from-the-crypto-wars-of-the-1990s/ Second Crypto War: http://harvardkennedyschoolreview.com/the-return-of-the-crypto-wars/ http://www.tandfonline.com/doi/pdf/10.1080/15295036.2014.921320 https://www.schneier.com/blog/archives/2014/10/more_crypto_war.html _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
