Cryptography regulations published

P

Peter7

Expert Member
Joined
Jun 13, 2005
Messages
1,005
Reaction score
1
http://www.itweb.co.za/sections/computing/2006/0603131100.asp?A=LEG&S=Legal View&O=FPIN

[Johannesburg, 13 March 2006] - As of Friday 10 March 2006, providers of cryptography products or services may not continue to operate unless they register certain information with the Department of Communications.

Failure to register could lead to fine or up to two years' imprisonment.
Click to expand...

One of the objectives of the Act is to enable authorities to determine which organisations could provide them with assistance in decrypting messages that have been intercepted under the Regulation of Interception of Communications Act (RICA) or obtained by other crime prevention laws, Mostert says.
Click to expand...

[sarcasim]
Very practical!
[/sarcasim]

ermm, doesn't decryption take like a super computer and then also a couple of months to decrypt?!

In order to qualify as a cryptography provider an organisation must own or have access to the source code, says Michael Silber, a consultant with Michalsons Attorneys. This poses a challenge to the open source movement, where code is regularly shared in order to develop programmes, he says.
Click to expand...

Silber notes that anyone who makes available open source programmes that have cryptography facilities on their Web sites needs to register with the department as a provider. He suggests that techies involved in the open source movement register their favourite encryption software. “They should flood the department with applications for registration,” he says.
Click to expand...

The minimal registration fee of R100 and the annual administration fee of R200 would not create a financial burden, he says.
Click to expand...

Maan, all these little R100s and R200s add up. There's a difference in not paying before and now having to fork out that amount. In a monopoly controlled environment over here, every cent nevermind a rand counts!


Can anybody please explain the benefits of this system? Or are they just paying for some massive interception system through this new tax, err sorry fee.
 
What utter bullsh1t3.

Who the hell came up with this?

Are these regd orgs going to be compelled to provide 'assistance' to the govt?

"He suggests that techies involved in the open source movement register their favourite encryption software." WTF!?

not to mention the SSL issue.

the madness simply continues.....
 
Last edited:
This is a prime example of a law that was nowhere close to being properly thought out. It will be almost impossible to enforce.
 
Just run it from overseas, register a company there. Thats what they, through telkom, want anyway.
 
I'll ignore this ... i'm not paying anybody anything .. it's my code and you can try to do whatever you like to me .. i am constitutionally protected ... it's my right to make a living, and my clients demand privacy so you can really not expect me to loose my entire client base because the governmint wants to know how i'm protecting my clients from the governmint. Lollies. Madness. Why not make a law that requires pidgeon owners to register their pidgeons cos they may be sneaking messages around ?
 
And what about students that are studying encryption techniques and creating their own...
 
ermmm, ull are taking this the wrong way.

this act is being implemented so that if a terrorist was caught, and all his stuff was encrypted, he could still be put in jail, even if he doesnt reveal what was encrypted. (simply for using a encryption standard that is'nt registered or refuses to decrypt)

this isnt aimed at the happy home user, AT ALL...

reason for registering an encryption technique is so that it can be decoded if it was say one company planning to black mail another,sabotage, espionage? u get the point.

DES,3DES was the prev outdated standard, then America standerdized AES as their encryption codec a long time ago (think late 90's), government here at least gives the company/user a choice of what encryption can be used, and doesnt force u to use their standard

AES has a lifespan of 40years, it would take a supercomputer a long time to decode it (years), the information being decoded would lose its value as it would be outdated by the time it is decoded.

if u study the field of encryption and look at what other countries have implemented and done, ull realize za isnt that bad by giving u a choice, for only R100...

anyway what if telkom encrypted data, that clearly stated plans to upset business with the SNO and purposely steal big clients, dont u think that would be data the people would want to be decrypted by law. and if they refuse, they still have to pay, they dont just walk away.

of course for the small business this could be a problem, the effects this can have are obvious.

just my 2c, but the guavamint doesnt care what u do at home, as long as ure not building bombs.
 
Gladiator: That's all well and good but all this does is add yet another layer of beurecratic red tape on businesses, especially in the IT sector.

Ask yourself do you really think a terrorist/blackmailer/etc is going to use crypto from a registered provider?

I predict that this will have almost no affect on any law enforcement and will just be another hassle and expense for both government and business.
 
Fuggem! Just another useless law for useless stuff that is administered by retards! Simply ignore them. We as consumers and service providers need to learn to smile, nodd and silently shuffle by the stupid laws our government sometimes conjures up.
 
More R100 and R200 notes for our totally capable and able Communications Department! This money will probably be spent on doughnuts and weekends at Sun Sity.
 
I have more chance of dying from falling coconuts hitting me on the head than the result of terrorist activities. Terrorist are the Emanuel Goldstein of the 20th century and appears to be a very convenient way for governments around the world to get laws passed which are generally unpalatable.

My guess is this new spy on everyone law is designed to simply to give SARS an extra tool in trying to extort money. To catch those who have earnings/investments outside the country and are not declaring them. Do not be fooled, our government cares nothing for your safety or well being, money and self enrichment on the other hand they have all the time in the world for.
 
re 'this isnt aimed at the happy home user, AT ALL...'
I would suggest that it actually is, under the guise of 'being there to help us catch the nasty terrorists' - the inference being that if you disagree, you must have something to hide.

As for unbreakable code - most commercial cryptography software has built in backdoors anyway, to allow NSA and other Government agencies easy access..
And I'm sure there's information sharing between Western intel agencies and their local counterparts - you have to search quite seriously to find products which are genuinely of any use. (The 'mom n pop' levels of cryto product are useless, as are most of the allegedly 'serious' products) - any local crypto folks with local made products, should quietly resist handing over any integral segments of their coding, or provide it with a few choice accidental 'mistakes' - and see if there's a come back at some point..
Handing over copies of your house keys to the State, in order to allegedly help them keep an eye on criminals, is a very Orwellian bit of doublespeak.
link for geeks, to a recent NSA crypto key patent:
http://patft.uspto.gov/netacgi/nph-...,993,136.WKU.&OS=PN/6,993,136&RS=PN/6,993,136
and some nice North Korean crypto and maths research papers:
http://cryptome.org/dprk/dprk-papers.htm

And you might want to read this NY Times article The Key Vanishes: Scientist Outlines Unbreakable Code
http://cryptome.org/key-poof.htm
(A computer science professor at Harvard says he has found a way to send coded messages that cannot be deciphered, even by an all-powerful adversary with unlimited computing power. And, he says, he can prove it...In essence, the researcher, Dr. Michael Rabin and his Ph.D. student Yan Zong Bing, have discovered a way to make a code based on a key that vanishes even as it is used. While they are not the first to have thought of such an idea, Dr. Rabin says that never before has anyone been able to make it both workable and to prove mathematically that the code cannot be broken...)
 
Last edited:
The US goverment was pretty annoyed with Mr Zimmerman who created PGP, in fact they opened a court case against him for exporting the code. If a goverment gets p!ssed off about something then you know it should be good.
 
re 'If a goverment gets p!ssed off about something then you know it should be good.'

not necessarily. Its worth it, cost wise, to create a false sense of security in PGP users, for the US Gov, to have gone through all the huffing and puffing of court action and newspaper reports - in order to create exactly the approach you suggest.

If I knew a supposedly 'unbreakable' code was easily stepped into, the perfect way of getting folks to unsuspectingly rely on it, and thus provide me with a much greater data flow, is to give the public impression that I am incredibly upset and angry over it.

Just because there's visible apparent signs that a State doesn't like X - does not therefore mean that X is 'good' - if anything, it's the perfect honeypot scenario to lure people into using it, precisely because they think the State can't access it, or doesn't like it.
 
LoneGunMan :

when America introduced AES, they did it competition style.
anyone around the world could enter the competition by providing an open source enryption program. they selected a few for analysis by the community.
everyone could get the source and analyze for for loopholes. some big names were in the finals like IBM and the likes.


Then the world got a chance to review the finalists security and basically check for backdoors. none of which could be found. the winning encryption technique was made by 2 dutchman.

basically what im trying to say is that there are no backdoors in the encryption that is being used as a standard today.

if the government forces me to use AES, i would happily do it, cos i know its more secure than using something old and free like DES.

though i do agree with antowan. this law will never be used in the correct context and will be misunderstood for centuries to come.
 
LoneGunman said:
(A computer science professor at Harvard says he has found a way to send coded messages that cannot be deciphered, even by an all-powerful adversary with unlimited computing power. And, he says, he can prove it...In essence, the researcher, Dr. Michael Rabin and his Ph.D. student Yan Zong Bing, have discovered a way to make a code based on a key that vanishes even as it is used. While they are not the first to have thought of such an idea, Dr. Rabin says that never before has anyone been able to make it both workable and to prove mathematically that the code cannot be broken...)
Click to expand...

Anybody read Digital Fortress by Dan Brown?
 
antowan said:
Anybody read Digital Fortress by Dan Brown?
Click to expand...
Just what I was thinking ...

But how does this effect OS technologies and the like - and what about oversease based technologies. For example am I right in thinking that the php encrytion techniques could be effected ... but then what about developers? wtf - I wonder if any of the people who made this law knew what they were doing, I don't think I do
 
Just because this law is unworkable and plain stupid doesn't mean the we should 'simply ignore' it - this law should be fought off . This kind of ambiguously worded and broadly reaching crap can be used by the gvt to 'get' YOU at a later stage. What a great tool for supression
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X