[Cryptography] On 40-bit encryption

Arnold Reinhold agr at me.com
Sun Aug 24 13:52:58 EDT 2014 

On Sat, 23 Aug 2014 11:04 Sandy Harris wrote:
> I'd say the main reason for the relaxation in the US was the Bernstein case
> Dan Bernstein (grad student at Berkeley, later prof at U Illinois), supported
> by the EFF, sued the US government arguing that, since code can be
> read and discussed by humans, it qualifies legally as speech, so export
> restrictions on source code are an unconstitutional restriction on free
> speech. He won in the first court & again on appeal. There is an archive
> of case documents with links to related cases:
> http://cr.yp.to/export.html
> 
> At that point, the government changed their regulations -- moved the
> controls from the State dep't to Commerce and allowed export of
> "public domain" code, provided the Commerce dep't is notified. As
> I see it, they were scrambling to salvage anything they could and
> desperately trying to avoid having the Bernstein case make it to
> the Supreme Court and perhaps overturn the regulations completely.
> 
> The EFF says the requirement for notification is still unconstitutional,
> but I have not heard of any court case over that.

The Bernstein case only affected the publication of source code as a form of speech, not the sale complete encryption products like browsers and operating systems. I doubt it was the only factor. The Clipper Chip gambit had failed, banks were starting to demand "128-bit browsers" and there were many voices calling for liberalization. The Cato Institute asked me to write a position paper, "Strong Cryptography: The Global Tide of Change," but it came out just days before the Clinton administration announced its new policy. Maybe the full story will come out some day in one of the NSA history series. My guess is that wiser heads at NSA, knowing from vast experience that strong ciphers were not in themselves enough to guarantee secure communications, began to realize what a bonanza the Internet could become for them and shifted gears to more subtle ways of insuring access to content while beefing up their collection, storage and traffic analysis capabilities.

Arnold Reinhold
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140824/34bed66e/attachment.html>

More information about the cryptography mailing list