Articles / Please Make Stable NON-US H…

Please Make Stable NON-US Homes for Strong Crypto Projects

"We freedom-loving U.S. citizens have had to rely on the freedom-loving citizens of saner countries to do the work of making strong encryption for many years. We had a brief respite, which we will eventually resume for good. In the meantime, please let me apologize for my countrymen and for my government for asking you to shoulder most of the burden again..."

It's clear that the U.S. administration is putting out feelers to again ban publication of strong encryption. See,1283,46816,00.html.

The evil gnomes who keep advancing unconstitutional U.S. anti-crypto policies know that the current hysteria in Congress and the Administration will not last forever, so they will probably move very quickly -- within a week is my guess -- to re-control encryption, either by a unilateral action of the Administration (by amending the Export Administration Regulations), or by stuffing a rider onto some so-called "emergency" bill in Congress.

They maneuvered very carefully in the Bernstein case, so that there is no outstanding injunction against violating the Constitution this way -- and even no binding 9th-Circuit precedent that tells them it's unconstitutional to do so. They know in their hearts that numerous judges have found it unconstitutional, but they have proven throughout the seven-year history of the case that they don't give a damn about the Constitution. That means it may take weeks, months, or years for civil liberties workers to get a judge to roll back any such action. Not just days. We won the case, but they squirmed out of any permanent restrictions -- so far.

The U.S. government has a new mania for wiretapping everyone in case he might be a terrorist. There are already two bills in Congress to make it trivial for them to wiretap anybody on flimsy excuses, and to retroactively justify their precipitous act of rolling Carnivore boxes into major ISPs this week and demanding, without legal authority, that they be put at the heart of the networks (see

Even more than before, we will need good encryption tools, merely to maintain privacy for law-abiding citizens, political activists, and human rights workers. (In the current hysteria, mere messages advocating peace or Constitutional rights might best be encrypted.) The European Parliament also recently recommended that European communications be routinely encrypted to protect them from pervasive U.S. Echelon wiretaps.

Some U.S. developers, who thought such a reversal would never happen, have built or maintained a number of good Open Source encryption tools in the United States, and may not have lined up solid foreign maintainers or home sites.

LET'S FIX THAT! We need volunteers in many countries to mirror current distributions, CVS trees, etc. We need volunteers to also act as maintainers, accepting patches and integrating them into solid releases.

(Note that too many countries have pledged to stand toe-to-toe with the U.S. while they march off to make war on somebody, though they can't figure out who it is yet. If you live in one of those countries, you may suddenly find that your own crypto regs have been sneakily altered. Take care that each useful package has maintainers and distribution points in diverse countries.)

I haven't kept close track of which packages are in danger. I suggest that people nominate packages, that others immediately grab mirror copies of them as they are nominated, and that some of those who mirror them keep quiet, in case hysterical governments make a concerted effort to stamp out all copies and/or all major distribution sites. If you aren't the quiet type, then AFTER immediately pulling a copy of the code outside U.S. jurisdiction, announce your mirror.

We freedom-loving U.S. citizens have had to rely on the freedom-loving citizens of saner countries to do the work of making strong encryption for many years. We had a brief respite, which we will eventually resume for good. In the meantime, please let me apologize for my countrymen and for my government for asking you to shoulder most of the burden again. Thank you so much.

P.S.: Companies with proprietary encryption packages might consider immediately Open Sourcing and exporting their encryption add-ins, so their customers can still get them from overseas archives, or taking other actions to safeguard the privacy and integrity of their customers' data and their society's infrastructure. I also advise that they lobby like hell to keep privacy and integrity legal in the U.S.

Recent comments

26 Oct 2001 21:29 Avatar cappicard

Re: freedom

> freedom for all...

I am appalled by my own Senator from Kansas (Sam Brownback). He supports another bill that would give large corporations the power to monopolize certain industries. I do not know the exact bill number, but I have put my response to this atrocious attack on OpenSource and computer security at my page (

The Computer Securities Act (the latest episode)will hurt many computer programmers that program under Linux and other open OS's. This will virtually make crypography illegal within the U.S.

This is clearly in strong violation of the Constitution. This can possibly violate the 1st (Cryptography is cosidered free speech in my opinion) and 5th (Potentially incriminating oneself even if innocent-- that be the 4th Amendment though) Amendments.

I urge everyone to contact their Congressmen to bring this bill down.

Thank you for your time.

30 Sep 2001 19:38 Avatar Caglios

Democratic society?
I always found it amusing when I'd walk into my local technical bookshop and see a whole shelf on crypto cracking with huge yellow stickers on the front reading, 'Banned by US censors'. Now I know they were serious.
I picked up technical schematics for the AT&T attempt to build a machine which would crack the DES algorithm (also banned by US censors) and the most amusing thing was that after spending a quarter mil, the thing still didn't work. Got the feeling congress isn't so much politically motivated to stamping out cryptography as it is towards preserving the bottom line; And given that i've spent good last 5 years at university studying cryptographic techniques, i'd like to think I could come out with a job at the end.
I'll be your mirror man. :)

29 Sep 2001 12:54 Avatar ucs

Re: Don't re-elect our politicians

> % We live in the U.S. where our
> % politicians are elected.
> Really? As I recall, the majority of
> you voted for Gore, not for
> George Double-U. He got president
> because of an extremely outdated
> election system and because of a strong
> army of lawyers behind him and because
> of a lot of money to pay them (and the
> campaign).That is not what I consider a
> democratic election.Greetings from
> Germany,  -
> Stephan.

Sure the election system in the US is somewhat
outdated and IMHO urgently needs an overhaul, but
the german system isn't better either. There you can
only vote for a party and they can post anyone they
like to be "president". So the names on the vote are
the party designated candidates, but no law is there if
the parties changed their minds after the election.
That isn't democratic either. The best out there seems
to be switzerland - the people vote and elect directly.
There are even votes for governement decisions to be
made, i.e. for cryptographics - they let the people vote
and the outcome is done. Now that's democratic.



27 Sep 2001 00:11 Avatar sfeil

Re: Have you guys lost your minds?
When it comes to betting on whether the legislature would comprehend why these laws would be ineffective I would say that the dump legislature would be a safe bet.

I recently changed my jurisdiction for the US house of representatives. I believe my previous representative would understand the issues involved, and would possibly be sympathetic to the cause of keeping strong encryption available. However my current representative is as dumb as a box of rocks when It comes to technology, I'm sure is long as he can "sell it" to the masses as something that will "stamp out" terrorist or law-brakers it will get his rubber stamp no matter how ineffective or ill-conceived. (I voted for his opponent in the last election, even thought he was not much better)

PS. I'm thinking about sending a letter to my old representative, I'm not sure if I should put the return address for my old address or my new one.

> Do you really think this would happen?
> Do you think Americans are that dumb?
> Do you think banks and finance
> institutions would let that happen. Do
> you forget IBM has just put Linux on the
> NYSE? I'm almost embarrassed, I can't
> believe you guy listen to one dumb ass
> about crypto. Do you think the US
> government doesn't know by changing a
> law isn't gonna make everyone just quit
> using crypto, especially criminals?
> Geeze, do I belong to a cult?

24 Sep 2001 15:02 Avatar RoderickDhu

Stable NON-US Homes for Strong Crypto Projects
The big hole in the Administration's most recent campaign for e-snooping is that the attack was so low-tech it could have been stopped by 18th century defences. A good swordsman with a rapier (on each flight) could have made skewered the whole bunch, and without endangering passengers with bullets.


Project Spotlight

Kigo Video Converter Ultimate for Mac

A tool for converting and editing videos.


Project Spotlight


An efficient tagger for MP3, Ogg/Vorbis, and FLAC files.