>> Cryptic laws confuse U.S. agency
>> By Kenneth Cukier
>> 24 May 1999
>> Pity poor Phil Zimmermann. The author of the world's most popular
>> encryption software, Pretty Good Privacy (PGP), was the subject of a
>> three-year federal investigation for allegedly violating U.S.
>> cryptography controls when the product was posted on the Internet.
>> Though the charges were dropped in 1997, United States laws banning
>> the export of strong encryption remain firmly in place.
>> So it was a shock for the soft-spoken engineer, and more than a
>> little ironic, when he was handed a CD-ROM containing some of the
>> world's most powerful crypto-algorithms at a cryptology conference
>> in Rome in April - sponsored by the U.S. National Institute for
>> Standards and Technology (NIST). The federal agency had violated
>> U.S. law.
>> For Zimmermann, as well as other cryptographic scientists, the
>> accident underscored the futility of international controls on
>> encryption, the mathematical act of scrambling data to assure its
>> confidentiality. Although the bedrock of electronic commerce, the
>> technology remains classified as military goods and its export
>> "What it really shows is that the rules are so ridiculous, so
>> counter-intuitive and so hard to follow that even the U.S.
>> government made an honest mistake," said Bruce Schneier, a
>> cryptographer who attended the meeting.
>> But the Rome event was no ordinary gathering. It was a chance for
>> NIST publicly to vet new algorithms to replace its Data Encryption
>> Standard (DES), the widely-deployed, 20-year-old cipher used
>> especially by the banking sector.
>> In June, NIST will short list five of the 15 submissions for DES's
>> successor, the Advanced Encryption Standard (AES), bringing
>> considerable fame - if not fortune, because it will become a
>> public technology - to the engineer and company whose algorithm is
>> Five algorithms were informally selected by the Rome participants,
>> including Twofish, invented by a team led by Schneier; Serpent,
>> by Ross Anderson and others; Mars, by IBM's Nevenko Zunic; RC6 by
>> RSA Laboratories' Matthew Robshaw; and Rijndael, co-developed by
>> Joan Daemen and Vincent Rijmen.
>> Despite the stringent crypto controls in the United States, the
>> NIST Web site for AES
>> also posted source-code that violated the U.S. law. When informed of
>> the gaffe in April, a special agent at the Department of Commerce's
>> office of export enforcement smiled and shrugged his shoulders, saying
>> simply "mistakes happen."
>> Today, the code is off the Web, and the site reads: "This CD-ROM is
>> subject to export controls for destinations outside the United States
>> and Canada."
<< end of forwarded material >>
Lets put the *fun* back in dysfunctional...
<> firstname.lastname@example.org <>