NSA (or similar) "approval" required?

After reading this article:

http://www.cnn.com/TECH/computing/9807/27/security.idg/

I am very concerned and curious as to what - exactly - DCS had to do (or agree to do) in order to get authorization to start exporting CryptoSuite.

Flat-out questions and all I need is a simple "Yes" or "No" answer directly from DCS itself:

(1) Does CryptoSuite contain - in any shape, fashion or form - a "backdoor" that allows the NSA (or ANY government agency from ANY country) to totally circumvent the programs' encryption, thus defeating the entire goal/purpose of the program (SECURE data encryption)?

(2) If DCS were approached for information regarding or access to ANYONE'S keys - would they provide it?

Under what circumstances? A simple verbal request from an agency of government? A written request? A court order?

Are you REQUIRED to give out such information as part of the "approval" process for exporting the program?

(3) WHAT did you have to agree to, program-wise, to get the program approved for export?

I'm totally certain that everyone who's considering purchasing (or has already purchased) the program has a vital stake in the answers to the above questions.

I'm not interested in "cheerleading" from users - this is directed squarely at the makers/owners of CryptoSuite. Pete

 

may be a part of your answers are there : http://www.wilderssecurity.com/showthread.php?t=18925

 

Look for the www.wassenaar.org arrangement, where it is all online.
All answers on your questions are "negative" "none" etc as DCS would not have produced it if there would be any obliged security issue/backdoor, whatever in it. What can they give what they don't have themselves? As long as you don't write with a marker your keys on your system don't blame them when forgetting them, as they have no ways to help you unveiling your keys, let alone to anybody else.
They're in another country, remember, and the Wassenaar arrangement is signed by most countries.

 

Pete, I think Jason answered your question in the other thread shown above.
Also your link article was very dated 1998
While I am sure some ppl would like to think that governments have control of encryption I, for one, am glad they do not.

 

gkweb - The post you link to is informative in its' own way, but does not answer the specific questions I asked.

Jooske - Thank you for your input.

Pilli - I know what the date of the article was, thank you.

And no the thread linked to in the second post didn't answer the specific questions I posed in my first post.

All - In case it's un-clear, I'm looking for a clear-cut response to my original questions from Wayne Langlois, Gavin Coe and Jason Annice - period. Pete

 

why to be so aggressive

you will have your answer on monday, don't worry

 

Pete, DCS have indeed already clearly answered your questions :

http://www.diamondcs.com.au/forum/showpost.php?p=18713&postcount=13

http://www.diamondcs.com.au/forum/showpost.php?p=18724&postcount=19

http://www.diamondcs.com.au/forum/showpost.php?p=18729&postcount=21

http://www.diamondcs.com.au/forum/showpost.php?p=18743&postcount=25

http://www.efa.org.au/Issues/Crypto/cryptfaq.html Australian Crypto FAQ.

Regards,
Jade .

 

gk - That was aggressive?? My goodness no. (I put my "aggressive mode" away - um - last week! )

Bowserman - Thank you for the links (albeit I'm not sure you're supposed to be quoting directly from the TDS "Private" forum, are you?). Liked that last one about the Australian Crypto Fact, though!

All I want here is to have the same kinds of statements from the developers here, in the public CryptoSuite forum where all can see the direct responses of the developers addressing this.

No hidden agendas, no aggression, no accusations - just simple statements like the ones attributed to the "Private" TDS forum.

Actually, if it were me putting out the program, I would put those statements directly into the "ReadMe" of the program itself (and on the d/l, and FAQ's page.

(Sigh) Am I the only one here who realizes the impact (both consumer confidence-wise and sales-wise) these kinds of statements would have on the programs' distribution? Pete

 

Actually, you can't view my links to the private forum unless you are a licensed user .

Regards,
Jade.

 

Since we are in Australia, no, the NSA or USA has nothing to do with us.

That article was also published in 1998, since then, the USA has loosened up quite a bit in regards to crypto export (what this actually means I'll let the conspiracy theorists decide ).

So :-

1) No, we would not release CryptoSuite if it could be broken by anyone, and if there was a law forced upon us to do so from this country, there are alternative ways to distribute software to get around them.

2 and 3) Yes, if they request the information we have, which admittably is very small, regarding possible terrorists we have sold something to we must comply. This is true with nearly every business/company, not just companies selling crypto stuff.

So unless your name is on some known terrorist list, which if it is you will have bigger issues than the Australian government asking us for your registration details, then I don't think there will be any issue.


-Jason-

 

See? That wasn't so hard, was it? (Not nearly as hard as watching the Panthers lose just now, anyway).

Thanks Jason! Pete

 

Hello: i have a question very similar to spy1's. i have been told by some who claim to know, that ANY 128,256, 512bit encryption can be decrypted by--for example--an nsa supercomputer in a matter of at most 4-5 hours. true? i for one am not convinced that any computer is capable of doing an decryption task in so short of a time...and thank you once again for your patience...ns51

 

Quoting Jason

clear enough?

 

I have also heard this claim from many people, all the time. Basically it goes - "My friend who likes to remain anonymous says xxxx bit encryption has/can been broken by the NSA/FBI/Osama Bin Laden".

Until you see a lot of "trusted" people and sites saying the same thing with some actual proof just nod your head and move along.

-Jason-

 

lol with me they know better

no links for me it just be straight out
1no.
2no
3no
4no
5no

simply cause they know geting all fancy mancy and long explinations just make me loss i have short atintion span lol