Free Software encryption and US Exports

[Aaron Toponce]

What are your thoughts about Free Software that relies on encryption algorithms, and the laws regarding exporting cryptographic software outside of the United States? Have we as developers, Free Software advocates and operating system vendors not paid attention to this detail? Are there any legal consequences that the Free Software projects could face? What about the developers? I thought about this on my way home from work yesterday, and I guess I'm unclear where and how all of this fits together. I'm interested in your feedback and opinions regarding this.

-Aaron

[Stuart Jansen]

On Wed, 2009-11-25 at 16:53 -0700, Aaron Toponce wrote:
> What are your thoughts about Free Software that relies on encryption
> algorithms, and the laws regarding exporting cryptographic software
> outside of the United States?

My understanding was that those restriction had be relaxed.

http://www.crn.com/it-channel/18807432;jsessionid=BTNSR25VS4MQLQE1GHPCKH4ATMY32JVN

--
"XML is like violence: if it doesn't solve your problem, you aren't
using enough of it." - Chris Maden

[Joseph Barney]

I also think we should relax them. It only protects people from regular people. Scientists, or so I read on the internet one time, broke quantum encryption or said that it was definitely breakable. So, since science, whether funded by the government or others, ends up in government as well as some universities, corps like Lockheed etc. So, yeah, we'll have fewer problems as far as ID theft, kidnapping, etc with encryption. I've actually read that if your email is hacked, facebook, etc, your kids/family/wife can be stalked, kidnapped etc. Not just in 3rd world countries and not just by pedo's/weird people but criminals, and who knows what else is out there that looks like a regular person but is a bit mean to say the least. It's like the gun thing actually. I have no great want for a gun. But guns in the hands of truly resonsible citizens protects at least the citizens. It's like UHF, guns don't kill people, people do. Same with encryption. BTW, ever read Spies Among Us? Written by a former NSA IT Security guy. It's not technical, but simply tells what he's seen online as far as hackers involving not just governments but criminals and more, and more to it as well. So, with other governments, even France releasing hacker code to the hacker community (they have really good hackers apparently) we might as well help protect everyone including the French. The way I read it works with France is they hack/spy us and others not to sell to enemies or for war, but to make money. Their corps simply tell the gov, hey, I like that product. Me want. The French, deny it of course, and get 3rd party hackers to steal it, and if caught they say "oh but Missioure, we only like cheese and wine." Hey, I'm part French I can say that. ;) haha But they're not the only ones and I guarantee we do the same to not only France, but others. Whether or not it's payback won't matter for the next in line for the great cyberwar machine. It affected them from the get go and won't matter to our or their side who started it. I would love more security, for me and everyone. It's partially selfish and partially compassion/ethics. If others are safe, I am more likely to be as well, and the same for them. The ultimate buddy system. And the world is all connected. Think of it this way...do we want the rest of the world infected/insecure and in danger? We'll have a WW3 in cyberspace alone, and it will go onto conventional warfare, it's pretty much guaranteed. Even reading Tom Clancy's NetForce can give you a simple idea in that direction, but I did a summer job in security at Hill AFB, though not IT, I talked to guards at the visitor's center and you know, it's sort of like Men in Black, the world probably is always about to go nuts, usually is at threat level yellow. It gets worse and better without that to tell us. Anyone that's even glimpsed at a history book knows that, let alone current events. The  Air force was working on a Cyber Command back in 2008, and the Navy and others are getting in on the action as well. Everyone has hackers. There are guys in Africa with cantennas out in the Seringety with probably souped up one laptop per child they've stolen or reversed engineered for all we know, trying to get into satellites or sending out scams like the Nigerians or stealing their ideas as well. Same for other parts. It's not only the info age, it's the info warfare age whether it's a virus or misinformation. Encryption is only one small step for mankind. If you're going to go that route, maybe references to security sites that are white hat and thorough, and also some specifically suited for beginners in the security arena, even if just to make sure their homework isn't deleted someday when a term paper they've worked on for 4 months is suddenly gone before they got a chance to print it.

On Wed, Nov 25, 2009 at 11:53 PM, Aaron Toponce <aaron....@gmail.com> wrote:

What are your thoughts about Free Software that relies on encryption algorithms, and the laws regarding exporting cryptographic software outside of the United States? Have we as developers, Free Software advocates and operating system vendors not paid attention to this detail? Are there any legal consequences that the Free Software projects could face? What about the developers? I thought about this on my way home from work yesterday, and I guess I'm unclear where and how all of this fits together. I'm interested in your feedback and opinions regarding this.

-Aaron

--
Site: http://www.oalug.com
Mailing list: http://groups.google.com/group/oalug
IRC: #oalug on irc.freenode.net