Previous Politech message: "CSIS' James Lewis replies to Politech on WH cybersecurity report" http://www.politechbot.com/p-04008.html -Declan --- Date: Sat, 21 Sep 2002 00:42:15 -0700 From: John Gilmore <gnuat_private> To: declanat_private, gnuat_private Cc: JALewisat_private Subject: Re: FC: CSIS' James Lewis replies to Politech on WH cybersecurity report In-reply-to: <5.1.1.6.0.20020920073027.01a88cb0at_private> Jim Lewis said: > Declan: I actually think the National Strategy is very strong, but I > question the heavy reliance on voluntary action and self-regulation. Don't forget that Jim Lewis is the guy who headed the Bureau of Export Administration sub-department that wrote and enforced the unconstitutional regulations that prevented people from building good security into their computer and communications products. Perhaps he has learned just how much cyber security his previous regime's censorship cost the US (and world society). It took a six-year court case, Bernstein v. US, that cost us (private sector security & privacy activists) millions of dollars of work, to get him to stop. So that we in the private sector could merely be LEGALLY ABLE to build decent security into our products, without being thrown in prison for our efforts. The case is still going on, because the last regulations Jim promulgated before decamping to CSIS are STILL torturous and unconstitutional. See http://www.eff.org/bernstein/ and http://cr.yp.to/export.html. Hugh Daniel and I personally appealed a particular export decision, in a room full of Commerce Dept lawyers and him. Jim had decided that it was illegal for Hugh to ship software for AUTHENTICATION -- proving who you are, or that you are authentic -- because somebody, someday, maybe, could potentially modify that software to hide information. (Better Authentication is much of what we need to improve cyber security.) Jim's decision flew in the face of the explicit regulations, that for many years had exempted Authentication software from the controls that he was enforcing. We argued to them that if they made totally arbitrary decisions that ignored the printed regulations, nobody would even bother to submit crypto products to them -- we might as well ask for foregiveness as permission, if both are arbitrary. I think the phrase "Rule of Law" was uttered at least once. They ultimately ignored us, and (months later) told us we couldn't export it anyway. Hugh and I were trying to make the Domain Name System secure, an effort that has still never been accomplished, thanks to the opposition from Jim, and from a few other people with their own crazy axes to grind. Building even the half-decent level of computer security we have today took thousands of other peoples' work too. Phil Zimmermann's courageous activism, in the face of Jim's attempt to indict him on Federal crimes. Millions spent on lobbying by commercial firms who merely wanted to ship secure computer products. The Netscape crew put strong crypto into their product, navigating the perilous export bureacracy so that we U.S. customers could actually get a copy of it, thus bringing us secure web transactions instead of the bogus security that prevails to this day in telephony (including cellular) and wireless (including 802.11 WiFi). Many foreigners, from Australia to Finland and everywhere in between, contributed working crypto that has become the backbone of security on the Internet. All of this happened DESPITE Mr. Lewis's fervent opposition. [Of course, the reason Jim Lewis opposed all of this good security is because his collaborators in the NSA and FBI wanted the physical capability to wiretap *everyone* illegally. In the last year even the secret FISA wiretap court has thrown up its hands, tossed aside its 20+ years of secrecy, and announced, "These guys are totally blowing the Constitution." See http://www.aclu.org/issues/privacy/FISA_feature.html and http://www.eff.org/Privacy/Surveillance/20020919_eff_FISCR.html ] I wouldn't put much faith in what Mr. Lewis has to say on the topic of cyber security. He knows how to drive us, with the biggest whips possible, in the exact wrong direction. John Gilmore ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ ------------------------------------------------------------------------- Like Politech? Make a donation here: http://www.politechbot.com/donate/ Recent CNET News.com articles: http://news.search.com/search?q=declan CNET Radio 9:40 am ET weekdays: http://cnet.com/broadband/0-7227152.html -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sat Sep 21 2002 - 09:14:59 PDT