![[tmbchr]™](/journal/popocculture-blog-logo.jpg){kind=logo}
PGP Munitions Export
PGP is really interesting and more people need to learn about it. Just look how scared of it “they” are:
Shortly after its release, PGP encryption found its way outside the United States, and in February 1993 Zimmermann became the formal target of a criminal investigation by the US Government for “munitions export without a license”. Cryptosystems using keys larger than 40 bits were then considered munitions within the definition of the US export regulations; PGP has never used keys smaller than 128 bits so it qualified at that time. Penalties for violation, if found guilty, were substantial. After several years, the investigation of Zimmermann was closed without filing criminal charges against him or anyone else.
Zimmermann challenged these regulations in a curious way. He published the entire source code of PGP in a hardback book, via MIT Press, which was distributed and sold widely. Anybody wishing to build their own copy of PGP could buy the $60 book, cut off the covers , separate the pages, scan them using an OCR program, creating a set of source code text files. One could then build the application using the freely available GNU C Compiler. PGP would thus be available anywhere in the world. The claimed principle was simple: export of munitions—guns, bombs, planes, software was (and remains) restricted; but the export of books is protected by the First Amendment. The question was never tested in court in respect to PGP, but had been established by the Supreme Court in the Bernstein case.
US export regulations regarding cryptography remain in force, but were liberalized substantially throughout the late 1990s. Since 2000, compliance with the regulations is also much easier. PGP encryption no longer meets the definition of a non-exportable weapon, and can be exported internationally except to 7 specific countries and a named list of groups and individuals.
Why do you think the government is so scared of something like PGP? I have some guesses.
- How do I sign WordPress posts with PGP?
- A Shaman’s Guide To Practical Idiocy
- What’s Missing From This Blog Post?
- Thinware, Thickware and Datawakes $$$
- What I learned from strategy games about world domination
- Prev: The Bible Is Exactly Like Life
- Next: How To Live In Heaven
September 16th, 2007 at 12:25 pm
oh man,
I was quite into the cypherpunks thing in high school, and planned (I was too young for my state) to get one of these RSA tattoos:
http://cypherspace.org/adam/rsa/
before it was reclassified for export to most countries.
seems like a more than a couple of the cypherpunks wound up in jail, certainly the most hardcore have dropped out of sight in these nutty times.
this is a fun and educational (and valuable) little project, make your own code to decrypt the certificate:
http://ciphersaber.gurus.com
the history of crypto/stego is deeply influenced by the renaissance maguses, Agrippa, Johannes Trithemius, John Dee… it is a really difficult, but fascinating field.
I have always been worried, though, about PGP: no one has ever told me WHY it should be fundamentally hard to factor multiples of large primes, only that there’s no publicly known fast algorithm, despite many smart people working on it
back in early high school, I thought we’d all have anonymous untraceable digital cash (Chaumian cash) by now, and smart contracts to make government irrelevant…
still a crypto-anarchy optimist, i guess! seems now that most security issues are more about hacking poorly-designed systems than beating crypto, the software vendors have largely given up on these VERY complicated protection schemes they used to have… people used to worry about how hard it theoretically was to crack SSH… hackers don’t care, it’s so much easier to pull some DNS shenanigans and trick the stupid human into violating his own security!
I’m rambling here, but crypto issues dominated my brain for years!
September 16th, 2007 at 12:37 pm
oh, and this is why it’s good for all computer peeps to understand a little about crypto:
http://cryptogon.com/?p=814
Mike Ruppert and Alex Jones promote bollocks “anonymity” software, apparently, and if they are using it themselves, they’re opening themselves up worse than if they used none!
September 16th, 2007 at 3:54 pm
This has always troubled me as well and I suspect that this is why PGP only stands for “Pretty Good Privacy” - because there is no such thing as perfect privacy (except maybe in the grave - the ultimate encryption algorithm).
Classifying PGP as a munition is not a legal tactic, but a language attack. It is trying to prevent people from using PGP, not because it is unbreakable, but because they don’t want to have to expend the energy breaking it constantly. So they create a law which is ridiculous but preventative to motivate behaviors in alternative directions. That’s all law does: manipulates motivations to actions (by manipulating consequences of those actions)
Whatever can be made can be unmade. Especially by the people who made it (Do viruses come from anti-virus companies?)
September 16th, 2007 at 3:55 pm
That Cryptogon link has been “SUSPENDED” by BlueHost. Not surprised!
I’m serious that people start downloading and backing up each other’s websites and hosting mirrors for one another. Flipping the switch on any of us is the easiest thing in the world.
Better still: hard-copies.
September 16th, 2007 at 5:01 pm
Actually, “one-time pad encryption” is perfect, but the key-length must be as long as the message and cannot be re-used, not too practical for everyday use, but it is used by military for very sensitive things. You have to basically physically transport the keys yourself to keep security assurance.
Also, in the very unlikely event that P=NP or someone builds an actual super-Turing hypercomputer, all bets would be off on ALL crypto except the one-time pad. both possibilities would likely require a profound re-imagining of the problems. (quantum RSA cracking would seem to be hugely expensive for a couple decades.)
I think there was at least one such case, but cannot find the specifics at the moment.
I also know of a group of serious crackers who were working on a virus that would do nothing but spread and block ad-serving hosts, but this was years ago, and I have to assume they never released it, and there have been virii that targetted other virii and then un-installed themselves after spreading.
Cryptogon got digg-killed, apparently. I’ve got a LOT of sites wget-ed. I worry about a mass intertube shutdown due to DoS or governmental interference. It would be great if (not necessarily electronic) some kind of facilities could be set up to maintain communication between us endpoints in that event.
—
I view crypto as a fundamental human right, “the right to do mathematics”, which amounts to the right to reason. maybe more fundamental than many other “innate” rights! The one god who is Reason itself is not absent from any soul, any attempt to deny it is surely satanic.
(heh, on the other hand: http://cantanima.blogspot.com/2006/03/augustine-and-mathematicians.html
)
September 16th, 2007 at 5:34 pm
Awesome! And I totally agree…
But Reason is the Truth and you can’t hide the Truth and shouldn’t have to when you exist in full union with it.
http://bible.cc/matthew/5-15.htm
Cryptography, in a sense, is Adam’s failure in Eden, and it dooms him to the crypt.
September 16th, 2007 at 6:39 pm
wow, there is a lot to unpack there, I gotta think about this!
the etymology of crypt is of course “secret”, and long before “cryptography” was a buzzword the terms “crypto-Jew” and “crypto-Christian” were commonly used to refer to those who preserved their traditions through hostile times.
Adam is both doomed to have the secret obscured from his eyes, and doomed to its ultimate revelation.
September 16th, 2007 at 6:43 pm
http://googlepublicpolicy.blogspot.com...all-for-global-privacy-standards.html
September 16th, 2007 at 6:44 pm
Nag Hammadi Library as Data Backup Among Shared Value Communities.
We need to create and maintain our own internets