In A First, Commerce Department Fines Intel Subsidiary For Exporting Encryption
from the the-war-on-encryption dept
For those who lived through the late 90’s cryptowars, it’s beginning to feel like history is repeating itself. We’ve seen the series of recent stories about the US government’s misguided, FUD-based freakout over some recent moves to enhance privacy through more widely usable encryption, but now we’re reaching the stage of the game where the government also starts attacking the “export” of cryptography. If you don’t remember, a key part of the original cryptowars was over whether or not strong cryptography could be classified as a weapon, and subject to significant export controls. Thankfully, that idea was mostly scrapped, and encryption flourished, helping to make the internet and other technologies much safer.
However, it appears the government is back to going after the export of encryption, as the Department of Commerce recently fined Intel subsidiary Wind River Systems $750,000 for exporting products that included encryption to China, Hong Kong, Russia, Israel, South Africa, and South Korea. While most had recognized that sending encryption (or, well, just about anything) to places like Iran, Cuba and North Korea might be problematic, most people had assumed that other countries, like those on the list above were no big deal.
As the linked article (from law firm Goodwin Procter) points out:
We believe this to be the first penalty BIS has ever issued for the unlicensed export of encryption software that did not also involve comprehensively sanctioned countries (e.g., Cuba, Iran, North Korea, Sudan or Syria). This suggests a fundamental change in BIS?s treatment of violations of the encryption regulations.
Historically, BIS has resolved voluntarily disclosed violations of the encryption regulations with a warning letter but no material consequence, and has shown itself unlikely to pursue such violations that were not disclosed. This fine dramatically increases the compliance stakes for software companies ? a message that BIS seemed intent upon making in its announcement.
Furthermore, the report understates the simple fact that “encryption is ubiquitous in software products” these days. And that’s something that’s only growing (a trend that should continue as encryption is increasingly important). But if the Commerce Department has suddenly decided to pick a fight over this issue, it could create a real competitive disadvantage for American tech companies trying to offer products around the globe. So, not only has the US government undermined the US tech industry through surveillance and backdoors, now it’s looking to make it more difficult to build in encryption that better protects against such intrusions. It’s almost as if the government wants to cede technology leadership to other countries.
Filed Under: commerce department, cryptowars, encryption, fines
Companies: intel, wind river systems
Comments on “In A First, Commerce Department Fines Intel Subsidiary For Exporting Encryption”
Silver lining of sorts
On the one hand, sucks for US based companies. On the other hand, non-US companies are probably better off not using encryption developed by US companies, for obvious reasons, so it will probably work out better for them to look elsewhere anyway.
I do find it rather ‘funny’ that they flipped out over sending encryption software to Israel, as if memory serves the NSA has funneled non-minimized data collected on americans to them in the past. So they’re apparently ‘trustworthy’ enough to handle raw data on american citizens, but not trustworthy enough to be sold encryption software. Nice standards there.
Re: Silver lining of sorts
It’s one more way our security theater will end up putting US companies at a global competitive disadvantage.
Re: Re: Silver lining of sorts
Well. Perhaps it’ll offset the competitive advantage gained from corporate spying by the three-letter agencies.
Re: Re: Silver lining of sorts
Good thing almost none of those companies are “based” in the United States anymore. Woo, tax inversion ftw! ..wait..
Re: Re: Silver lining of sorts
Until the criminals in charge just decide to nationalize everything in the name of national security
Re: Silver lining of sorts
One of the results of the old, crypto-wars era prohibitions on cryptography exports from the US is that the US stopped being the nation where the real cutting-edge cryptography takes place. That’s still the case to this day — the best cryptography comes from elsewhere (often Israel). I guess the US wants it to stay that way.
Re: Silver lining of sorts
Really, even if all private crypto is stopped it’s somewhat better since companies NEED it and will actively help open-sourced initiatives, no?
Memories from the cryptowars
You could not export research or know how about cryptography. New algorithms. Etc. But especially source code.
(Is source code to a computer program a munition? Really? Does smoking marijuana one time really turn you into a deranged insane monster?)
A point of discussion was: could you travel out of the country with a book? What about a book about cryptography which contained printed source code in its pages? Does our democracy believe in open borders and freedom of travel? Is the government censoring books? Or restricting the reading of books to citizens of the US but others should not be permitted to read certain books or study certain technical subjects?
Here is one other thing from memory. The author of Applied Cryptography wrote something prophetic. Remember he’s writing this in the 1990’s. It’s on about page 99 or 100. (Sorry, this is purely from memory!) The author is discussing the restrictions on cryptography and expands on how the government could remove a lot of our freedoms. He speculates on how this could happen, for example, if there were a major attack, say, on New York. It’s not that it was so difficult to see that a terrorist attack could happen in New York. But to recognize how our freedoms could start being removed for false security was insightful, IMO. And actually just a bit unbelievable at the time.
Re: Memories from the cryptowars
I wish I still had my old PERL T-shirt…
If you don’t remember: http://www.zazzle.com/rsa_in_3_lines_of_perl_shirts-235546750490089316
Maybe I should pick another one up, considering how ridiculous this was and still is… TechDirt version maybe?
Re: Memories from the cryptowars
And furthering the kafkaesque bullshit wasn’t it perfectly legal to print out the source code into a book and export it but not the floppy?
Re: Memories from the cryptowars
This is a shot across the bow of Apple & Google
Just sending a little message after Google’s announcement yesterday that Android Lolipop will have encryption enabled by default.
Re: This is a shot across the bow of Apple & Google
It won’t really affect Google and Apple though — they’ll just develop and inject the cryptography offshore, prior to importing the hardware to the US.
It’s interesting; I remember all the hoops Phil Zimmerman had to go through back in the day with PGP and PGPi, and Debian STILL has its international repos for encryption.
At one point I actually had to get a CIA background check and become certified as a munitions importer/exporter… to ship SIM chips out of the country to place in phones and modems that were to be imported to the US, as assembly was done in Canada.
I was really hoping those idiotic days were behind us. Oh well.
Re: This is a shot across the bow of Apple & Google
That was precisely my first thought. Is the U.S. going to try to stop Apple and Google from doing business outside of U.S. borders? I don’t think the government will get very far!
Makes me happy for not being a USA citizen
It’s stories like these that make me happy for not having been born in the USA or to USA-citizen parents.
I’m free to write and export software with encryption as I please (and nowadays, writing network software without encryption is a sign of incompetence).
I don’t have to pay taxes to a country other than my country of residence.
I’m free, because I’m not a USA citizen.
Re: Makes me happy for not being a USA citizen
WE ARE THE USA. YOUR COUNTRY WILL BE ASSIMILATED. RESISTANCE IS FUTILE.
Re: Makes me happy for not being a USA citizen
As a U.S. citizen, you cannot possibly fathom how much I envy you.
Jesus, dude, that is a deep and depressing statement. Powerful..
Re: Makes me happy for not being a USA citizen
“I don’t have to pay taxes to a country other than my country of residence.”
double irish with a dutch sammich .. nom nom nom buuuuurp
Re: Re: Makes me happy for not being a USA citizen
There are only two countries in the whole world where taxation is based on citizenship instead of residence.
One of them is Eritrea, a tiny country in the northeast of Africa.
The other one is the United States of America.
Re: Re: Re: Makes me happy for not being a USA citizen
Wouldn’t it suck to be a dual-citizen of the USA and Eritrea?
… and BTW, it’s not just citizens. Non-citizen permanent residents (“green” card holders) pay taxes on their income in the USA as well as abroad.
A taste of ITAR
Maybe this will bring a little light on the insane monstrosity that is ITAR, the International Traffic in Arms Regulations, and it’s slightly less deranged sister the Export Administration Regulations.
Not only can you be arrested for exporting a chip containing strong encryption, you can be a criminal exporter for telling your neighbor about encryption, because he might tell two friends, who might tell two friends … who might tell a foreign person. And a foreign person is not necessarily a person in a foreign country, he might be your other neighbor, who lives and works in the United States!
I work in the space business, and while I primarily work on perfectly non-military science missions, I can’t tell anyone anything significant lest I run afoul of ITAR. It’s pretty much impossible not to, so it has become very much like in Atlas Shrugged (whether you like Ayn Rand or not is not important here) where everyone is a criminal, so the government gets to decide who to arrest.
I wonder what Wind River actually did to raise the ire of the Commerce Department. (Since it’s the Commerce Department involved it’s actually EAR that they’re going after here.)
Re: A taste of ITAR
Which sounds a lot like Romania under Ceacescu and the Securitate – you may have spoken to someone who is related to someone who gave brief directions to a foreigner… so report to the local office pronto!
What is this I don’t even
So it's the 90's again
Sure feels like it this morning, is the encryption 128 bit cause if its not why do we care if England has it?
Re: So it's the 90's again
128 bit encryption was pretty strong in the 90’s — I think DES (not 3DES) was the strongest thing you could export back then.
Re: Re: 128 bit encryption was pretty strong in the 90's
For secret-key encryption (e.g. AES), it’s still pretty strong. In fact, issues have been found with 256-bit AES that may make it safer to stick with 128 bits for now.
you’ll know we are really lost when we can’t IMPORT encryption software
Crypto export controlled by the US but not their stupidity
The control of ‘weapon’exports is controlled through a process called ITAR (international Traffic in Arms Regulations).
I have put quotation marks around weapons for those who may consider that a weapon consists of hand grenades or nuclear bombs and that encryption is just a bizarre abberation. Hell no. ITAR can affect just about anything that touches any military product. I personally designed an installation that used a radio that had crypto in it. Because the radio used an RS232 cable, the RS232 cable was classified ITAR. Even more bizzare, a battery charger that could charge batteries used by this ITAR radio, the charger was declared ITAR. Think about it for a minute, an RS232 cable and a battery charger have been declared to be ‘weapons’ by the US government.
The ITAR tentacles go even further than this. Has anyone ever wondered why some Japanese or German companies require you to declare that their products will never be used in any military application. Its not because they are pacifist, but because they do not want their products to be declared ITAR.
ITAR is just a joke the Americans have played on the rest of the world.
Re: Crypto export controlled by the US but not their stupidity
You think ITAR’s bad… EAR applies to SIM chips for cell phones and the chips inside all non-US credit cards. That’s right — every person who enters the US with an international credit card or cell phone and then leaves again becomes a criminal in the US. There are some personal use exemptions, but I’m sure if you used either “for business” the commerce department could find grounds to fine you.
And of course, if you touch anything related to the US Military, you get hit with ITAR.
Its a FREE NATION...
Until you do something that lets you know its damn sure is not.
Do you want to illegally invade America? Okay you are good to come, come right on over.
Want to ship some security protcols to another country? AH HELL NO!
The government spook’s loss of one type of information channel is vastly overshadowed by the loss of global trust in US products.
If America doesn’t watch it, nobody worthwhile will want to pick a fight – not because the US is a big badass but because it has become just another debt-ridden, mentally impoverished backwater.
Cynic
Someone cynical might say this fine wasn’t because they exported encryption, but because they neglected to include the NSA’s back door.
Total Power
“It’s almost as if the government wants to cede technology leadership to other countries.”
The government is willing to pay any price to gain totalitarian power.
Re: Total Power
This is the end result of any government that is left unchecked, or being checked by an ignorant electorate.
America is special because we have both issues… an ignorant electorate that is not even bothering to check the government.
It’s a my party guy versus your party guy and any negativity towards liberalism or the democrats is seen as one being a fundie conservative and vice versa.
If you hold to a party or dogma to a point that your own are allowed to be corupt but not the other is what is destroying us.
I guess we’ll have to start exporting our encryption libraries in text books again.
Re: Re:
still no good. i had to take a corporate training thing about ITAR and EAR; it’s truly crazy. Some of the things I remember:
– controlled items include but are not limited to hardware, software, services, or instructions pertaining to “arms”.
– services rendered: a US citizen cannot assist a foreigner with any controlled item; this also includes open-source, publicly available software or hardware that originated outside the USA and that the foreigner obtained without “going through” the USA.
– re-exportation is also illegal; even if the controlled item originated from outside the USA, if you have it you cannot “export” it. This facet is (from what I remember) unique to the USA’s version (ITAR and EAR) of these laws. It makes sense that if (for example) a German national downloads a “munition” from Sweden that is (legally by Sweden’s laws) available to anyone else in the world, that the German national would be able to host a mirror site. But if a US national mirrors the same “munition”, it is illegal.
there is an exception for clearly dual-use items (must have significant applicability to citizen’s lawful commerce), which is how openssl (and other publicly known cryptographic primitives and implementations) is allowed.
which makes me wonder what exactly whisper systems got hit with?
Seems like aipac is getting weaker and the government finally treats israel properly.
The genie is way way out of the bottle on encryption. Old people really need to pass before they wreck everything.
Maybe obamacare wasn’t a good idea.
well i guess you cant read the below then
3417D865B4D4D92F37C7CA7BD44591A3206115735DB53B8D3DC30099365CAAB1C37A4A7D2172C90F44AA4F5A8B041BFB
I feel like there is something more to this fine. Wind River is somehow involved with drones, perhaps that aspect might be involved?
Used against the NSA?
I wonder if this can be used against the NSA? fter all, they have freely published encryption standards, curves, and source code implementations for Suite B.
So then https is out, I guess. How the fuck do you do secure login to websites without encryption?
Question
Can we report to the Department of Commerce companies that export DVDs and Blu-Ray discs to China, Hong Kong, Russia, Israel, South Africa, and South Korea? After all, the DRM on those products is a form of encryption, amirite?
Re: Question
Two words: selective enforcement.
Request for a conference call
Dear Sir / Madam
Thanks for taking the time to go through our communications. We would like to know if there are any technological pain areas which we can solve by employing well thought upon mobile / web applications. As an IT consulting firm, Antier has helped Acuity Brands, world’s leading lighting control company, save over $5 million by developing for them a CRM solution for controlling their sales operations world over. In addition to it, we have also helped a leading automobile company to increase their turnover by four times through internet marketing.
We would highly appreciate if we you can have a look at our portfolio in the following link to give you an insight of our abilities:
http://www.antiersolutions.com/portfolio/index.html
We look forward to a short conference call with you to discuss more about how we can help you find sustainable and innovative solutions with our strengths and areas of specialization. Please advise a good time and number to call you at.
I look forward to hearing from you.
Thanks in advance.
Not American here but I wouldn’t assume sending encryption stuff to Israel is no big deal. *pushes the antisemitism alarm*
Have a look at the Boundless Informant map for more information(its a heat map right? looks like the NSA really loves spying “Country A”(you win an Internet if you get the reference)).
JdHC
JdHC.”))]'(“)
Cryptocurrency exchange software
Cryptocurrency exchange software is solution for trading of assets such as cryptocurrencies, tokens ,fiats other assets. Software has market making or liquidity options are provided.Codono supports All fiat currencies.so you can create market Between Fiat-Crypto, Fiat-Fiat, Crypto-Crypto.Moreover it supports almost any Coin/Token, ie Bitcoin[BTC,LTC,Doge] , Tron [Trc10+TRC20]*, Ethereum Based[ ETH -ERC20, BNB-BEP20, FTM, SOL, Private Networks], XRP, XMR, Waves ,Coinpayments, and many more.
Codono.com supports Auto detection of deposits , Each user is assigned with Unique deposit per coin. Deposits are detected instantly and credited to users. Withdrawals are automatic and manual approval too.Cryptocurrency exchange clone script is used to develop cryptocurrency exchanges so like binance, huobi, coinbase. Turnkey crypto trading script provides similar crypto trading features so you can start crypto exchange within a week.
Codono is developing crypto exchange software from 6 years suitable for small to enterprise scale firms.You can get cryptocurrency exchange development services like Web version or mobile app deploymentto allow users to trade easily.
Exchange is connected with various blockchain networks to provide wallet ,deposit and withdrawal like services.Software provides support and capable for Fiat gateway integration for Creditcard and Bank deposits.Fully Loaded API Endpoints and Documentation for quick integrations.
User to User orders matching using Orderbook and Trading Engine allows instant trading of assets.Dex module Allow users to Buy your Tokens using their metamask/trust wallet. They send/receive on same automatically. Users can Buy – sell crypto from customers using OTC module .
You can Earn your customers Loyalty and make to return to your exchange using Faucet module. With airdrop module on cryptocurrency exchange software allow users to hold and earn Incentives by airdropping. With Invest module involve users to invest in Great projects and allow them to earn interest over it.
Codono is different , we provide you complete software to host on your own server. No strings attached. It comes with Framework Documentation , Backend Tutorial, API Documentation, Sample Controller builder and many more development tools.
It is selfhosted solution ,where you control exchange and its hosted on your Own servers.If you plan to start bitcoin exchange platform , get in touch with our blockchain experts using support@codono.com or using live chat on https://codono.com to get guidance to build live crypto exchange , even receive crypto exchange services as you desire.
It’s integrated with nodes like
1. Btc type [BTC , BCH , LTC, DOGE , DASH , ZCASH, PivX, etc]
2. Eth erc20 [Ethereum and All erc20 tokens]
3. Waves and tokens
4. Xmr and cryptonote
5. BnB and bep20 tokens
6. XRP
7. Coinpayments[ 2000 + coins and tokens]
8. Tron+ TRC10+ TRC20 Support
Fiat Gateways
1.Bank deposit
2.Authorize.net
3.YocoPayments
4.Uganda Mobile payments
5.PaymentWall
Cryptocurrency exchange software
[https://codono.com Cryptocurrency exchange software] is solution for trading of assets such as cryptocurrencies, tokens ,fiats other assets. Software has market making or liquidity options are provided.Codono supports All fiat currencies.so you can create market Between Fiat-Crypto, Fiat-Fiat, Crypto-Crypto.Moreover it supports almost any Coin/Token, ie Bitcoin[BTC,LTC,Doge] , Tron [Trc10+TRC20]*, Ethereum Based[ ETH -ERC20, BNB-BEP20, FTM, SOL, Private Networks], XRP, XMR, Waves ,Coinpayments, and many more.
Codono.com supports Auto detection of deposits , Each user is assigned with Unique deposit per coin. Deposits are detected instantly and credited to users. Withdrawals are automatic and manual approval too.Cryptocurrency exchange clone script is used to develop cryptocurrency exchanges so like binance, huobi, coinbase. Turnkey crypto trading script provides similar crypto trading features so you can start crypto exchange within a week.
Codono is developing crypto exchange software from 6 years suitable for small to enterprise scale firms.You can get cryptocurrency exchange development services like Web version or mobile app deploymentto allow users to trade easily.
Exchange is connected with various blockchain networks to provide wallet ,deposit and withdrawal like services.Software provides support and capable for Fiat gateway integration for Creditcard and Bank deposits.Fully Loaded API Endpoints and Documentation for quick integrations.
User to User orders matching using Orderbook and Trading Engine allows instant trading of assets.Dex module Allow users to Buy your Tokens using their metamask/trust wallet. They send/receive on same automatically. Users can Buy – sell crypto from customers using OTC module .
You can Earn your customers Loyalty and make to return to your exchange using Faucet module. With airdrop module on cryptocurrency exchange software allow users to hold and earn Incentives by airdropping. With Invest module involve users to invest in Great projects and allow them to earn interest over it.
Codono is different , we provide you complete software to host on your own server. No strings attached. It comes with Framework Documentation , Backend Tutorial, API Documentation, Sample Controller builder and many more development tools.
It is selfhosted solution ,where you control exchange and its hosted on your Own servers.If you plan to start bitcoin exchange platform , get in touch with our blockchain experts using support@codono.com or using live chat on https://codono.com to get guidance to build live crypto exchange , even receive crypto exchange services as you desire.
It’s integrated with nodes like
1. Btc type [BTC , BCH , LTC, DOGE , DASH , ZCASH, PivX, etc]
2. Eth erc20 [Ethereum and All erc20 tokens]
3. Waves and tokens
4. Xmr and cryptonote
5. BnB and bep20 tokens
6. XRP
7. Coinpayments[ 2000 + coins and tokens]
8. Tron+ TRC10+ TRC20 Support
Fiat Gateways
1.Bank deposit
2.Authorize.net
3.YocoPayments
4.Uganda Mobile payments
5.PaymentWall