Strike to protest Wassenaar!

Bob's usual web pages are temporarily unavailable. They will return after 14 December.
This is a global call for computer professionals to strike on Monday, 14 December, 1998 to protest the signing of the Wassenaar Arrangement, an international treaty that imposes new restrictions on cryptographic software technology. The strike is meant to raise awareness about the importance of cryptography, about the U.S. government's wrongheaded attempts to curtail its use, and about the strong-arm tactics used by the United States to pressure other countries into limiting their citizens' rights the way it has limited its own.

Background

For many years, a U.S. law known as ITAR regulating the export of munitions has been used by the government to prohibit the export not only of missiles and tanks but of cryptographic software as well ("crypto" for short).

Crypto is an essential technology for electronic commerce, online privacy, and computer security. Without it, malicious hackers can easily intercept credit card numbers and bank account data, read private e-mail and forge messages, and infiltrate computer networks. Crypto is also used to protect against unwanted information disclosure that's not malicious; for instance, to keep employees on a computer network from accidentally stumbling across a file full of salary information.

Most major software vendors require crypto capabilities in their products. For instance, Netscape Navigator contains crypto software from RSA for doing such things as secure credit card transactions.

The U.S. was alone among its major trading partners in imposing such restrictions on crypto export (France being a notable exception). In the mid-1990's, as the Internet began reaching the mainstream, software vendors began complaining that the export restrictions made it impossible for them to compete globally. They had to deliberately "cripple" their software, disabling crypto capabilities, before being allowed to export it. Their competitors overseas did not face this handicap. U.S. software vendors pleaded with the government for a level playing field.

Around the same time, various legal challenges to the export control of crypto were underway, notably Phil Karn's Applied Cryptography case and Dan Bernstein's Snuffle case. A ruling in the Snuffle case declared parts of ITAR to be unconstitutional. Meanwhile, Phil Zimmermann, author of the popular crypto program PGP, was the object of years of legal harassment by the government---harassment that was abruptly dropped when the government (apparently) realized they were on shaky legal ground. Similarly, attempts by the Clinton administration to place new domestic restraints on crypto---the so-called "Clipper chip" proposals, that would have required all encrypted data to be decipherable by the government---failed because of constitutionality concerns. Because of these and other developments, the days appeared to be numbered for laws restricting crypto technology.

Is your country among the Wassenaar signatories?

Argentina; Australia; Austria; Belgium; Bulgaria; Canada; Czech Republic; Denmark; Finland; France; Germany; Greece; Hungary; Ireland; Italy; Japan; Republic of Korea; Luxembourg; The Netherlands; New Zealand; Norway; Poland; Portugal; Romania; Russia; Slovakia; Spain; Sweden; Switzerland; Turkey; Ukraine; United Kingdom; United States.

If so, you've just lost some rights you may not have been aware of.

Then on 3 December 1998, 33 countries signed the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, whose noble purpose is to preserve international peace and stability by reducing the proliferation of offensive strategic weapons. Incredibly, though, crypto software is included in the treaty as an offensive strategic weapon! The U.S., under pressure from its high-tech sector to "create a level playing field," did just that---not by dropping the unreasonable restrictions on crypto export but by bullying its trading partners into adopting the same ones! This, despite the fact that they didn't want to, despite Europe's recent commitment to strong privacy laws, and despite mounting legal evidence that the crypto export laws are flawed.

Why does the government care?

Why does the U.S. government insist on treating crypto as munitions? After all, numerous citizens' and industry groups, including the American Civil Liberties Union, the Electronic Frontier Foundation, the Electronic Privacy Information Center, and some fifty other members of the Global Internet Liberty Campaign have denounced the government's position. Furthermore, there is other software not covered by export control laws that would seem to pose a greater military threat. Missile guidance software, for instance.

The answer is that the government wishes to control crypto to preserve its eavesdropping capabilities. (This intent was betrayed by the administration's failed Clipper chip proposals.) The position of the U.S. government is that crypto technology can be used by lawbreakers in maturing their felonious little plans, and law enforcement will have that much harder a time keeping up with them. International terrorists might use encrypted e-mail to plan some hideous act on American soil, and the FBI would be none the wiser.

This argument is specious for at least two reasons. First of all, high-quality crypto software has long been available outside the United States; just because the terrorists can't get their hands on American crypto software doesn't mean that they can't still conceal their activities using encryption.

The second reason is that this argument applies equally to such things as knives, locks, matches, power tools, the Interstate highway system, rope, and anything else that has a legitimate use but might also be used in a crime.

What will be the result?

After Wassenaar, the major industrialized nations will not be able to export cryptographic software. Each nation will have to develop its own software, or rely on exports from Third World countries (or others that aren't Wassenaar signatories). Since crypto software won't be shareable, it is likely that there will be interoperability problems; citizens of one country will be unable to exchange encrypted data with citizens of another.

On the other hand, countries can share crypto software---as long as it's not exported as software. The Applied Cryptography case, for example, highlights the fact that crypto programs, reproduced line-by-line in a printed book, are exportable, because they're "protected speech" under the First Amendment. This is why, when Phil Zimmermann wrote PGP, he published the program in book form so it could legally be shared with other nations despite ITAR. Now, it's a lot of work for someone overseas to get a copy of the book and transcribe its contents back into a computer, but it's certainly possible to do. It's even easier to scan the book with an OCR (optical character recognition) device, turning it back into digital form automatically. Furthermore, since the U.S. Supreme Court opined in ACLU vs. Reno that the Internet deserves the highest level of free-speech protection, it seems inevitable that the legal distinction between exporting a program in book form and exporting a program in digital form will soon evaporate.

In short, the law accomplishes nothing except to create an inconvenience for law-abiding users of cryptography and to set a bad precedent that will allow governments to impose further unwarranted restrictions on our freedoms in the future.

Not surprisingly, although Wassenaar blithely tramples the rights of individuals, it protects large corporations. Exempt from its cryptography restrictions are uses that protect intellectual property. So Sony Pictures can rest assured that its investment in Leonard Part 6 is safe 'cause no one can copy the DVD, whereas little old you can't be certain who'll see that embarrassing mash note you e-mailed to your sweetheart.

Call to action

If you are a computer professional, don't work on Monday, 14 December, 1998. Take the day off, and use part of that time to contact journalists, politicians, friends, and relatives, informing them of your displeasure with the big step backward represented by Wassenaar's crypto provisions.

Prior to that date, spread the news about this strike among colleagues and associates. Share the URL of this web page. Mirror it on your own web server if you can. Educate yourself about the issues. (Begin by following some of the links on this page.)

Why strike?

In democratic societies, citizens generally do not surrender their liberties without a compelling reason. But interested parties can sometimes take away liberties when the issues aren't well-understood.

In order to make its job easier, the American law-enforcement establishment is interested in taking away liberties that most people don't yet know to care about preserving. The purpose of this strike, therefore, is to raise public awareness, educating people about what's been taken away from them and what else they stand to lose.

It would make law enforcement's job easier if it could restrict travel between cities, too, or monitor private conversations at will, or fingerprint everybody, but we don't tolerate such intrusions. When technology advances, we insist that law enforcement update its methods to combat its occasional misuse, rather than deny us its benefits. So must we insist now.

I don't care

Maybe you don't plan to shop online, or if you do, you don't care if your credit card number is intercepted. Or maybe you don't plan to correspond with people electronically, or if you do, you don't care that your correspondence can be read by total strangers. Maybe cryptography just plain doesn't matter to you. But the law that governs it should matter to you, and here's why: it's based solely on the premise that cryptography tools can be used for illegal purposes. Some things, like lock-picking tools and nuclear weapons, are banned for the same reason, but only because they have no legitimate use. The uses of cryptographic software, on the other hand, are overwhelmingly legitimate. When the government deprives its citizens of useful rights simply to make the job of law enforcement easier, it is on the road to becoming a police state.

Can't happen here? It does seem unlikely---but only because we have the freedom to oppose such measures, a freedom that Americans have always used to ward off government abuses. If we don't use that freedom now, while it's still early enough to do some good, we may lose it altogether.


In 1996, Phil Zimmermann testified to the U.S. Senate about crypto export restrictions, saying in part that crypto is an essential tool used throughout the world to protect citizens against tyranny in government.


Golden Key Campaign

Copyright © 1998 by Bob Glickstein. The opinions expressed on this page are not necessarily those of Zanshin.

This page was created with Latte.