TBTF for 12/23/98: The eye, altering
T a s t y B i t s f r o m t h e T e c h n o l o g y F r o n t
Timely news of the bellwethers in computer and communications
technology that will affect electronic commerce -- since 1994
Your Host: Keith Dawson
This issue: < http://tbtf.com/archive/12-23-98.html >
________________________________________________________________________
C o n t e n t s
Wassenaar: US exports crypto-export controls
A survey of international crypto law
Reflections on cyberwar
South Africa considers intercepting and monitoring telecomms
Biologist dis-integrates Explorer from Windows 98
Microsoft said to mull buying publisher Reed Elsevier
Quick bits
Self-propagating NT virus identified
Can IBM make Linux blue?
Sun to free up Java licensing
Bright lights big tree
________________________________________________________________________
..Wassenaar: US exports crypto-export controls
33 nations agree in principle to limit exports, but all is not
unity
US high-tech companies have long complained that the lack of crypto-
export restrictions in other countries hampers their ability to com-
pete abroad. The relief they have sought was relaxing US strictures,
not tightening those of other nations. But US crypto ambassador
David Aaron has been working behind the scenes to convince other
countries to do just that. On 3 December Aaron held a press confer-
ence to claim victory in these efforts [1]. The 33 signatory nations
to the Wassenaar Arrangement [2] have agreed to new rules. (Note:
turn off graphics before visiting [2]: it loads 33 gratuitous GIF im-
ages of waving flags with mouseovers for a total footprint of 353K.)
In summary, the new rules state:
- All crypto products of up to 56 bits can be freely exported.
- Mass-market crypto software and hardware of up to 64 bits can
be freely exported.
- The export of products that use encryption to protect intel-
lectual property, such as DVDs, has been relaxed.
- Export of all other crypto still requires a license.
- No alteration was made in the ambiguous area of whether Wass-
enaar covers intangible exports (such as via the Internet).
The Wassenaar provisions are not themselves binding on signatory
nations; each nation must enact its own laws to implement the rules.
Some accounts of Wassenaar have interpreted the new rules to allow
the free export of any public-domain crypto of any strength, inclu-
ding Open Source products such as SSLEAY. My reading of the agree-
ment itself [3] is that such products are exportable only if they
meet the other requirements outlined above; in other words it would
not be legal to export PGP.
A Norwegian poster to the Cryptography list asked his ministry of
foreign affairs for a clarification on exactly where Open Source
software falls, and was told that it is compliant with what Wass-
enaar calls "public domain" software.
In a speech on 7 December [4], US Commerce Department official
William Reinsch said:
> ...participating states agreed to extend controls to mass-
> market encryption exports above 64 bits, thus closing a
> significant loophole.
A posting to Cryptography quoted a newspaper article in which the
Finnish prime minister gave his views on the new Wassenaar rules. He
noted that "the United States is in a very powerful position" but
said that Finland will not alter its liberal principles in encryp-
tion politics.
Denmark is reported to be in a political uproar because the Danish
official who signed the Wassenaar accord did not have proper par-
liamentary standing to do so -- and the new rules run counter to
current Danish crypto policy. The upshot could be a formal renun-
ciation of the accord by Denmark, which would render it invalid
everywhere.
Two little-known Internet governance boards, the Internet Architec-
ture Board and the Internet Engineering Steering Group, have re-
leased a memo slamming Wassenaar [5].
In its antitrust defense Microsoft argues that the government has no
business interfering with a company's choices in product develop-
ment. But the US government's National Security Agency has long
taken an active role in product development, according to this CNN
story [6] -- working with Microsoft as well as a host of other com-
panies to limit available crypto technology. What's behind the US
push to restrict crypto strength domestically and world-wide? Most
observers of the crypto-political scene dismiss the official explan-
ation that crypto must be limited to thwart criminals and terror-
ists. The bad guys have, after all, had access on the open Internet
to strong-crypto source code since 1991.
This quote from Ross Anderson, with a preface by Peter Gutmann, makes
plain the assumption, widely held in cypherpunk circles, that it all
starts with Echelon [7].
> This is probably the best one-sentence summary of export
> controls I've seen. It predates the recent Wassenaar an-
> nouncement by about half a day, but is even more appropri-
> ate in the aftermath:
> "The real aim of current policy is to ensure the continued
> effectiveness of US information warfare assets against in-
> dividuals, businesses, and governments in Europe and else-
> where." -- Ross Anderson
In other words, those who want strong crypto restrained are, first
and foremost, protecting the UKUSA franchise in filtering and moni-
toring worldwide communications in real time.
[1] http://www.news.com/News/Item/Textonly/0,25,29526,00.html?tbtf
[2] http://www.wassenaar.org/
[3] http://www.fitug.de/news/wa/
[4] http://jya.com/war120798-2.htm
[5] http://www.news.com/News/Item/Textonly/0,25,30228,00.html?tbtf
[6] http://cnn.com/TECH/computing/9807/27/security.idg/index.html
[7] http://tbtf.com/archive/03-09-98.html#s05
____________
..A survey of international crypto law
On the Web and on paper
Bert-Jaap Koops <e.j.koops@kub.nl> has updated his Crypto Law Survey
[8] with news from Wassenaar and updates on the laws of 15 coun-
tries. And now Koops's PhD thesis, titled The Crypto Controversy,
has been published by Kluver Law International [9]. So far the book
has not appeared on Amazon.com, but you can order it directly from
KLI [10] for $87 US.
[8] http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm
[9] http://cwis.kub.nl/~frw/people/koops/thesis/thesis.htm
[10] http://www.wkap.nl/book.htm/90-411-1143-3
____________
..Reflections on cyberwar
A cri de coeur, a call to care
Phil Agre doesn't usually wax emotional about issues of technology
and culture; his 16 December piece on cyberwar [11] is an exception.
Agre attended a conference at which several honest and sincere rep-
resentatives of the US defense establishment presented a seemingly
new military doctrine for the online world. They proclaimed that
there is, as of now, no boundary line between military and non-mil-
itary facilities. Agre writes:
> In the world of the Internet, it would seem, ...we are now in...
> permanent, total, omnipresent, pervasive war. Cold War plus
> plus: all war, all the time. They said this.
Please read Agre's closely argued, anguished musings about these
developments [11], and see if you don't wax emotional too.
A word on one of Agre's asides: in writing about the styles of
reaction against such military thinking, Agre characterizes one
group of old-line Netizens in words that strike close to home:
> You may recall that, as recently as a couple of years ago,
> proponents of the cyberspace ideology filled the Internet
> with manifestos against the Communications Decency Act and
> many other bad actions on the part of the government. Where
> have those people gone? Some of them remain in business, of
> course, including many of the sensible ones, but they no
> longer come close to defining the Internet's culture.
I don't know whether or not Agre considers me one of the sensible
ones. But I am certainly still in business, doing my level best
to perpetuate those aspects of the roots of Internet culture most
worthy of emulation -- trying to alter an occasional reader's view-
point -- for the eye, altering, alters all.
[11] http://www.egroups.com/list/noframes/rre/983.html
____________
..South Africa considers intercepting and monitoring telecomms
Discussion paper proposes CALEA-like cost transfer
After reading about India's proposal to enable monitoring of Net
traffic, Ant Brooks <ant@hivemind.net> sent word of a similar pro-
posal [12] (360K) circulating in South Africa. The discussion paper
from the South African Law Commission proposes requiring telecomms
and service providers (read: ISPs) to ensure, at their own expense,
that all communications can be intercepted and monitored. Brooks
writes:
> These suggestions (although disturbing enough) are nowhere
> near as drastic as the measures being proposed in India, but
> because South Africa is the most connected country on the
> continent, I suspect that this is just the tip of the Afri-
> can iceberg on the issue...
> As I type, I'm sitting in the auditorium attending the Af-
> rican Internet Group conference in Cotonou in Benin, West
> Africa. It is apparent that the governments of many African
> countries have not even begun to consider these issues, and
> given the high level of control that some of our governments
> exercise on other telecommunications services, I have some
> concerns about the future of Internet freedom in Africa.
> Hopefully, current processes of educating government about
> the Internet and Internet governance underway here will min-
> imise any nasty legislation.
[12] http://jya.com/za-esnoop.htm
____________
..Biologist dis-integrates Explorer from Windows 98
Wait till Judge Jackson gets a whiff of this
Recent news from the Microsoft antitrust trial [13] is full of alle-
gations and counterclaims around the testimony of Edward Felton, a
Princeton computer scientist who wrote a program that he claims re-
moves Internet Explorer from Windows 98. Microsoft says this cannot
be done because Internet Explorer is an integral part of Windows.
So far the trial has not been informed of the more fruitful efforts
of an Australian biologist at the University of Maryland. Shane
Brooks's 98lite installer [14] does a clean installation of Windows
98 without most pieces of, and without the functionality of, the
Internet Explorer integration. 98lite saves at least 34 MB over a
standard installation, and after adding back the Explorer shell
from Windows 95, Brooks claims that his 133-MHz Pentium machine op-
erates far faster than before. As of 15 December Microsoft was still
evaluating 98Lite, but a spokesman said that the modification ap-
pears not to be good for end users: "The initial impression is this
process seems to retard and replace many of the core functions that
users benefit from in Windows 98" [15]. Brooks claims he is merely
helping users assert their own choice of components and technologies
that may be appropriate for a high-end machine but not for an older
one. Techweb asserts [15] that choosing to run 98lite will forfeit
you the benefit of any future Microsoft support.
[13] http://www.news.com/News/Item/Textonly/0,25,30272,00.html?tbtf
[14] http://www.wam.umd.edu/~ssbrooks/98lite/
[15] http://www.techweb.com/wire/story/TWB19981215S0017
____________
..Microsoft said to mull buying publisher Reed Elsevier
Acquisition makes sense from many points of view, not including
fair use
This rumor [16] disquiets me -- such an acquisition could not be good
news for fans of the fair use doctrine for intellectual property.
Reed Elsevier is in the top 5 worldwide as a publisher of technical,
professional, and legal books and magazines. (And corresponding Web
content of course.) Reed Elsevier owns LEXIS-NEXIS, a major database
publisher which has been (with West Publishing) at the center of
recent battles over the copyrighting of database contents. The com-
pany has a close technical relationship with Microsoft. RE is in a
management transition and is seeking a new president. Shares of both
Reed (traded in London) and Elsevier (Amsterdam) have been hammered
lately so the company may look like a bargain to Microsoft. Reed
shares rose 5.2% on the rumor and Elsevier was up 4%.
[16] http://www.news.com/News/Item/Textonly/0,25,29985,00.html?tbtf
____________
..Quick bits
A twisty little maze of different items
..Self-propagating NT virus identified
Network Associates has released news [17] of a new, highly sophis-
ticated virus named Remote Explorer that targets Windows NT systems
on a network. The virus is said to exhibit self-replicating and
propagating behavior typical of what is more commonly termed a
"worm." NAI did not identify the company at which the virus was
discovered, but MCI Worldcom has acknowledged that it was the vic-
tim. MCI Worldcom downplays the seriousness of the attack while NAI
plays it up. Here is a detailed description of Remote Explorer and
a "detection and cleaning" file for NAI's VirusScan NT and NetShield
NT products [18].
[17] http://www.news.com/News/Item/Textonly/0,25,30167,00.html?tbtf
[18] http://www.nai.com/products/antivirus/remote_explorer.asp
____________
..Can IBM make Linux blue?
This account [19] is a ZDnet exclusive on a rumor that IBM is study-
ing how best to offer support for Red Hat Linux.
[19] http://www.zdnet.com/zdnn/stories/printer_friendly/0,5444,2177559,00.html
____________
..Sun to free up Java licensing
On 8 December Sun announced that it would make Java source code
available under a new click-and-download "community source" program
[20]. Java licensing will be free (initially) to a larger community
than currently, but Sun will collect more royalties over time under
the new scheme. Saying it was still finalizing details of pricing
and availability, Sun has delayed introducing community source until
late January 1999 at the earliest [21].
[20] http://www.pcworld.com/pcwtoday/article/0,1510,8988,00.html
[21] http://www.pcworld.com/pcwtoday/article/0,1510,9096,00.html
____________
..Bright lights big tree
Seasonal real-time remote control