> . Tethys SYSTEM ADMIN X wrote:
> >
> > >I see the situation like this: Linus can't code any crypto himself, since
> > >that would, in effect, be exporting the code in a computer readable
> > >format. I don't see, however, how they could prevent him from applying
> > >a ready-made patch to a kernel residing in Finland, since in that case,
> > >no crypto code would flow from the US. Viewing and downloading the patch
> > >would also be allowed since AFAIK there are no import restrictions...
> >
> > Technically, you're right, but you haven't thought of the implications.
> Maybe he just doesn't find these little things quite so terrifying as
> you do:
>
> > Yes, the patch could be written in Finland (for example), then legally
> > imported into the US, and applied by Linus to the rest of the kernel.
> > That would then prevent the kernel itself from being exported from the
> > US. If the kernel is to be maintained in the states, it will have to be
> > distributed without crypto. Users outside the US would then have to
> > obtain the crypto patches and apply then to the kernel source themselves.
> Ooh, I quake in terror at the day I might have to get _two_ files to
> update my kernel. Really, even assuming the strong-crypt module gets
> changed every version, that's not the biggie it seems. The
> 6-megs-compressed-and-growing main kernel could've used a split about 3
> megs ago... I can definitely see a case for splitting off the SCSI
> drivers, the ethernet drivers, and the highly miscellaneous (bus mouse,
> proprietary CD-ROM, funky multi-port serial) drivers...
I truly believe that when it comes to providing encription within software
to support an existing standard, the United States Federal Government
will back off and allow it. What one needs to do is provide the necessary
information to a U.S. Congressman (Congress-person??).
The existing "cripto" laws were written in the 1930s to help protect
the US Security when communications to military commanders was via
Morse Code. When Teletype was invented, encription-wheels and other
such devices were developed to prevent security from being breached.
The laws were expanded to cover such "new" devices.
In spite of the fact that internet communications are monitored by
the United States Government for "security" reasons, the laws were
not made to provide this capability. It is just something with which
the Government has been getting away.
In the 1960's the FEDs were rummaging through garbage cans on college
campases to try to find "security breaches". Now they can find all the
garbage on the Internet so they don't have to do this. When all data
and communications becomes encripted, the FEDS will have to return to
the garbage cans.
FYI there is an entire complex in Kansas City, Kansas (not Missouri)
that is dedicated to doing key-word searches on all communications
automatically.... If things like "President" or "kill" are found within
the same data-stream, these data are saved and eventually reviewed by
humans. Otherwise, the data is never observed because there is just
too much of it. You get personal security statistically because of
the sheer volume available.
The FEDs got all bent-out-of-shape when the PGP sources were published,
not because of security issues, but because, if implemented worldwide,
it would obsolete a lot of equipment and put a lot of people out-of-work.
So, we have to get Congress to put these people out-of-work. That will
fix the problem.
Cheers,
Dick Johnson
Richard B. Johnson
Project Engineer
Analogic Corporation
(508) 977-3000 ext. 3754
rjohnson@analogic.com
Beware the penguin, Linux version 2.1.6 on an i586 machine.