Re: Kryptonite v2.0 Now Available!
Alan:
First:
Let me say that while I disagree with the current encryption export regs, I
do so not because I think they are wrong, but rather because I think they
are flawed. There is an inherent assumption that we (Americans) are the only
people capable of taking a well published algorithm (like Blowfish) and
converting it to executable code. This is pure folly. Quite frankly this
smells of quasi racial bigotry by implying that peoples of third world
countries are intellectual cripples compared to us.
Second:
I **STRONGLY** disagree with your decision to hand out this code
cart-blanche. Just because you disagree with a law does not give you the
right to ignore it. Civil disobedience is a powerful tool, but it must be
used with prudence. It should be noted that civil disobedience is only
acceptable when ALL other efforts to change the law have been fruitless.
That does not apply here. There are a number of lawsuits in action right now
to lift some or all export regs. Just because you are impatient is not
justification for breaking the law.
Third:
Current US law also allows for algorithms with 56-bit or smaller keys to be
exported. Can your algorithm be adapted to use these smaller key sizes? You
could then export a reasonable security software without breaking the law.
If and when the regs are lifted you could release the better code.
Finally
As to your statement "The author believes, however, that information
security is not a weapon ...". Are you really this naive or is this just
your way of trying to justify (to yourself?) your illegal activities?
Information is power and is most often used as either a tool or a weapon. In
this case it is a defensive weapon designed to defeat the offensive efforts
of whomever is seeking knowledge. Imagine Saddam knew all of our troop
movements & attack plans during the original Desert Storm... how effective
would we have been if he had detailed access to our information? Maybe you
should read the story of PURPLE too.
All forms of security are defensive weapons and defensive weapons are the
most effective (AND most non-violent) means to the end. Your car alarm
(physical security) is a defensive weapon against theft. Your insurance
policy (financial security) is a defensive weapon against debt. Your
encryption program (information security) **is** a defensive weapon against
invasions of privacy.
Should we be entitled to such privacy? Absolutely yes.
Should we break the law to get it? Not if we can change the law instead, and
we can.
|
Not Categorized, Please Help
|
|
