[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] (Fwd) FC: So far, I think Mr. Aarons' Wassenaar statement

------- Forwarded Message Follows -------
Date:          Fri, 04 Dec 1998 15:29:29 -0500
To:            politech@vorlon.mit.edu
From:          Declan McCullagh <declan@well.com>
Subject:       FC: So far, I think Mr. Aarons' Wassenaar statement is
Reply-to:      declan@well.com

[John is basing his analysis below on what's been posted on the
Wassenaar site so far, and these kinds of documents aren't always put
online immediately. That said, if Ambassador Aaron is talking about
the online documents and John's analysis is correct, the Clinton
administration is going beyond mere spin: it is trying to deliberately
deceive. --Declan]


Subject: So far, I think Mr. Aarons' Wassenaar statement is

Date: Fri, 04 Dec 1998 10:55:00 -0800 
From: John Gilmore <gnu@toad.com> 

I have not found a single confirmation of the Aarons statement that
the 33 Wassenaar countries have agreed to change the exemption for
mass market crypto software.  (The NY Times and Reuters stories both
quote Ambassador Aarons.)

This lack of confirmation includes the Wassenaar Arrangement statement
itself, which merely says:

 The amendments to the lists included elimination of coverage of
 commonly available civil telecommunications equipment as well
 as the modernisation of encryption controls to keep pace with
 developing technology and electronic commerce, while also being
 mindful of security interests.


The Wassenaar Arrangement works by consensus; any member can block the
adoption of any item merely by voting against it.  The policy Aarons
announced is directly contradictory to the recently reaffirmed
government policies of Finland and Ireland.  In addition, Canada and
Germany have recently stated strong pro-crypto positions (while
waffling on the particular issue of the treatment of PD and MM

The Wassenaar Arrangement also states:

 This arrangement will not be directed against
 any state or group of states and will not impede
 bona fide civil transactions.

To the extent that there is any attempt in the Agreement to control
mass market or public domain crypto software, such a provision would
clearly contradict this limitation written into the Arrangement. The
Arrangement is for military goods -- not for civilian goods. PGP and
other civilian crypto tools are not military by any stretch of the
imagination.  It's hard to imagine that all 33 countries would ignore
this obvious problem, especially when it was pointed out to them by
concerted lobbying over the last several months.

I also note that none of the statements are clear about exactly what
is affected.  PGP, SSH, SSLEAY, Linux IPSEC, and many other crypto
tools are "public domain" rather than "mass market" software.  The
General Software Note (originally from COCOM, and adopted bodily by
Wassenaar when it was formed) exempted both "public domain" and "mass
market" software from all controls.

Finally, a companion paper released from Wassenaar yesterday shows a
clear concern by the body for human rights and fundamental freedoms:

 e.  Is there a clearly identifiable risk that the weapons might
 be used for the violation and suppression of human rights and
 fundamental freedoms?

(In this case if the the Aarons statement was true, Wassenaar itself
would be used for the violation and suppression of human rights and
fundamental freedoms.  It's hard to see that the delegates would also
ignore this and vote to suppress human rights and freedoms.)

So, I see two major probabilities here:

 *  Either Aarons is lying, to see how much trouble this stirs up.
 This would be taking a page from FBI Director Freeh, who
 announced FBI support for domestic controls on crypto last year, 
 and was then disavowed by the Administration when a ruckus 

 *  Or the NSA has cut a deal with these countries.  Then the
 question is:  what did NSA offer in return?  The usual trade
 has been access to the flow of wiretaps (as in the UKUSA
 agreement that gives Britain, NZ, Australia, and Canada access
 to Echelon -- look who the strongest supporters of the US position
 are).  Another alternative is that they used wiretaps to
 blackmail senior politicians in the recalcitrant countries.
 (It happened in the US by J. Edgar Hoover for many years.)

Do either of you have any info that would tend to confirm or deny one
of these theories?

EFF and the GILC members are checking with various governments to
start to flesh out what *actually* happened.

I should also note that developments like this are rather expectable.
Every time crypto policies get decided in a closed-door meeting where
the US government is invited, they get worse.  Whenever crypto
policies are set in open meetings where the public and the press are
able to watch -- or even, god forbid, participate -- they get better.
The OECD meetings of a few years ago were intended to be the first,
but citizens and journalists swarmed the meeting site, buttonholed
delegates as they entered and left, and turned it into the second.  We
should've done the same with this Wassenaar meeting.

US civil libertarians are prying crypto policy decisions into the
light of day via the courts and the Freedom of Information Act.
Classified NSA/FBI testimony to Congress is getting declassified, and
then its obvious lies are easily rebutted by the public.

The natural response of a bureacracy that is more concerned with its
own power to wiretap, than with making the right decisions for its
citizens, is to move its crypto maneuvering overseas into "diplomatic
meetings", held under cover of diplomatic secrecy, where they can lie
and twist arms with impunity.


---- POLITECH -- the moderated mailing list of politics and technology
To subscribe: send a message to majordomo@vorlon.mit.edu with this
text: subscribe politech More information is at