On Wednesday, October 9, 2002, at 07:28 PM, anonimo arancio wrote: > This relates to an issue I've wanted to discuss with "Cypherpunks" for > several years. > Over the years, I've seen several commentators (including Timothy May) > appear suprised when discussing the US's encryption export policies.
I wouldn't characterize my reaction as "surprised." I've written many thousands of articles, including hundreds (at least) on crypto export, ITAR, etc. Mostly back around 1993-95. It's become a less important issue in recent years. (Why, I wonder, are you just now sharing your thoughts with us on this old subject?) > The basic argument is that, if good encryption is available overseas > or easily downloadable, it doesn't make sense to make export of it > illegal. That's one of the basic arguments, yes. And it was borne out by the shift of development of many crypto products to non-U.S. sites. > > On the surface this would seem a sensible argument. > ANd, it would seem a purely beaureaucratic (I'm sure I spelled that > wrong) error. > But I am wondering if Cypherpunks have mentioned the 'obvious'. > > The government knows exactly what it's doing. It wants to discourage > the use of encryption by any means necessary, because of sheer > numbers. Yes, throwing roadblocks and inconvenience factors up was discussed many times here. The ITARs (since renamed) were used by the Feds to intimidate potential developers of crypto products. > Basically, the more messages that are encypted, the more hardware (and > therefore $$$) will be needed to decrypt them. And how many $$$'s worth of hardware do you think is needed? Do you believe even one tenth of one percent of traffic is now having it's RSA modulus factored by brute force? > Therefore, the only way they can stay ahead of the game is to keep the > numbers as low as possible, so they can continue to "outspend" the > problem. Public admissions by DIRNSA have stated the obvious: that they are unable to keep up with the technology of even a dozen years ago. > This is, from their perspective, a perfectly reasonable approach to > decrypting large numbers of messages, a small fraction of which may > contain "interesting" information. If you actually believe they are decrypting "large numbers of messages," you must know something about their quantum computers that we haven't heard about. Care to share? > > Is the above statement a) wrong, b) obvious c) mentioned previously on > the cypherpunks boards, or d)"hey! We never thought of that" The archives are easily searchable. --Tim May