NSA (or similar) "approval" required?

Discussion in 'Other Ghost Security Software' started by spy1, Feb 1, 2004.

Thread Status:
Not open for further replies.
  1. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    After reading this article:

    http://www.cnn.com/TECH/computing/9807/27/security.idg/

    I am very concerned and curious as to what - exactly - DCS had to do (or agree to do) in order to get authorization to start exporting CryptoSuite.

    Flat-out questions and all I need is a simple "Yes" or "No" answer directly from DCS itself:

    (1) Does CryptoSuite contain - in any shape, fashion or form - a "backdoor" that allows the NSA (or ANY government agency from ANY country) to totally circumvent the programs' encryption, thus defeating the entire goal/purpose of the program (SECURE data encryption)?

    (2) If DCS were approached for information regarding or access to ANYONE'S keys - would they provide it?

    Under what circumstances? A simple verbal request from an agency of government? A written request? A court order?

    Are you REQUIRED to give out such information as part of the "approval" process for exporting the program?

    (3) WHAT did you have to agree to, program-wise, to get the program approved for export?


    I'm totally certain that everyone who's considering purchasing (or has already purchased) the program has a vital stake in the answers to the above questions.

    I'm not interested in "cheerleading" from users - this is directed squarely at the makers/owners of CryptoSuite. Pete
     
  2. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    may be a part of your answers are there : http://www.wilderssecurity.com/showthread.php?t=18925
     
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Look for the www.wassenaar.org arrangement, where it is all online.
    All answers on your questions are "negative" "none" etc as DCS would not have produced it if there would be any obliged security issue/backdoor, whatever in it. What can they give what they don't have themselves? As long as you don't write with a marker your keys on your system don't blame them when forgetting them, as they have no ways to help you unveiling your keys, let alone to anybody else.
    They're in another country, remember, and the Wassenaar arrangement is signed by most countries.
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Pete, I think Jason answered your question in the other thread shown above.
    Also your link article was very dated 1998 :)
    While I am sure some ppl would like to think that governments have control of encryption I, for one, am glad they do not. :D
     
  5. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    gkweb - The post you link to is informative in its' own way, but does not answer the specific questions I asked.

    Jooske - Thank you for your input.

    Pilli - I know what the date of the article was, thank you.

    And no the thread linked to in the second post didn't answer the specific questions I posed in my first post.

    All - In case it's un-clear, I'm looking for a clear-cut response to my original questions from Wayne Langlois, Gavin Coe and Jason Annice - period. Pete
     
  6. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    why to be so aggressive o_O

    you will have your answer on monday, don't worry :)
     
  7. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    Pete, DCS have indeed already clearly answered your questions ;):

    http://www.diamondcs.com.au/forum/showpost.php?p=18713&postcount=13

    http://www.diamondcs.com.au/forum/showpost.php?p=18724&postcount=19

    http://www.diamondcs.com.au/forum/showpost.php?p=18729&postcount=21

    http://www.diamondcs.com.au/forum/showpost.php?p=18743&postcount=25

    http://www.efa.org.au/Issues/Crypto/cryptfaq.html Australian Crypto FAQ.

    Regards,
    Jade :).
     
  8. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    gk - That was aggressive?? My goodness no. (I put my "aggressive mode" away - um - last week! :D )

    Bowserman - Thank you for the links (albeit I'm not sure you're supposed to be quoting directly from the TDS "Private" forum, are you?). Liked that last one about the Australian Crypto Fact, though!

    All I want here is to have the same kinds of statements from the developers here, in the public CryptoSuite forum where all can see the direct responses of the developers addressing this.

    No hidden agendas, no aggression, no accusations - just simple statements like the ones attributed to the "Private" TDS forum.

    Actually, if it were me putting out the program, I would put those statements directly into the "ReadMe" of the program itself (and on the d/l, and FAQ's page.

    (Sigh) Am I the only one here who realizes the impact (both consumer confidence-wise and sales-wise) these kinds of statements would have on the programs' distribution? Pete
     
  9. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    Actually, you can't view my links to the private forum unless you are a licensed user ;).

    Regards,
    Jade.
     
  10. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Since we are in Australia, no, the NSA or USA has nothing to do with us.

    That article was also published in 1998, since then, the USA has loosened up quite a bit in regards to crypto export (what this actually means I'll let the conspiracy theorists decide ;) ).

    So :-

    1) No, we would not release CryptoSuite if it could be broken by anyone, and if there was a law forced upon us to do so from this country, there are alternative ways to distribute software to get around them.

    2 and 3) Yes, if they request the information we have, which admittably is very small, regarding possible terrorists we have sold something to we must comply. This is true with nearly every business/company, not just companies selling crypto stuff.

    So unless your name is on some known terrorist list, which if it is you will have bigger issues than the Australian government asking us for your registration details, then I don't think there will be any issue.


    -Jason-
     
  11. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    See? That wasn't so hard, was it? (Not nearly as hard as watching the Panthers lose just now, anyway).

    Thanks Jason! Pete
     
  12. northstar51

    northstar51 Registered Member

    Joined:
    Feb 5, 2004
    Posts:
    49
    Hello: i have a question very similar to spy1's. i have been told by some who claim to know, that ANY 128,256, 512bit encryption can be decrypted by--for example--an nsa supercomputer in a matter of at most 4-5 hours. true? i for one am not convinced that any computer is capable of doing an decryption task in so short of a time...and thank you once again for your patience...ns51
     
  13. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Quoting Jason
    clear enough?
     
  14. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    I have also heard this claim from many people, all the time. Basically it goes - "My friend who likes to remain anonymous says xxxx bit encryption has/can been broken by the NSA/FBI/Osama Bin Laden".

    Until you see a lot of "trusted" people and sites saying the same thing with some actual proof just nod your head and move along. :)

    -Jason-
     
  15. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    lol with me they know better

    no links for me it just be straight out
    1no.
    2no
    3no
    4no
    5no

    simply cause they know geting all fancy mancy and long explinations just make me loss i have short atintion span lol
     
Thread Status:
Not open for further replies.