Under the guise of international security, thirty-three countries have tightened their control of the world's population. This ploy, implemented and led by the United States, is the Wassenaar Arrangement, which is basically an agreement between the thirty-three signature countries to control the import and export of munitions. It should be noted from the outset that any part of the Wassenaar Arrangement must be backed up by legislation within each individual country for the agreements made to be effective in that country. The Arrangement, however, makes it easier for a single standard to be implemented across the globe, a standard set almost entirely by the United States.
The munitions list itself is an interesting document for, contrary to popular belief, it lists more than simply weapons and military technology, it also lists what is referred to as "dual use" technology. Basically this is defined as any technology or innovation, regardless of any other purpose it may have, which can be utilized or easily adapted for use in a military, or similar, action. Most often this is taken, especially in the general media, to be nuclear technology; such as that which might be intended to build a nuclear power station, but could be easily converted to manufacture nuclear weaponry. There is also considerable concern regarding technology, especially pharmaceutical technology, which can be used to create other weapons of mass destruction like chemical and biological weapons. For both their own security and the power gained by maintaining a monopoly on conflict, the governments of the world, in particular these thirty-three signature states, considerable attention has been directed towards the rigid control of the transport and flow of applicable technology and knowledge around the globe. This is what Wassenaar is working towards, since real global peace is unlikely (and unprofitable) then this seems to be both a useful and public relations-friendly goal for the states involved.
"The Wassenaar Arrangement has been established in order to contribute to regional and international security and stability, by promoting transparency and greater responsibility in transfers of conventional arms and dual-use goods and technologies, thus preventing destabilising accumulations. Participating States will seek, through their national policies, to ensure that transfers of these items do not contribute to the development or enhancement of military capabilities which undermine these goals, and are not diverted to support such capabilities."[1]Still it is inevitable that the munitions list, which contains nine separate categories; Advanced Materials (c1), Materials Processing (c2), Electronics (c3), Computers (c4), Telecommunications (c5-p1), Information Security (c5-p2), Sensors & Lasers (c6), Navigation & Avionics (c7), Marine (c8) and Propulsion (c9), also lists things which are often used by regular people (i.e. non-military, non-terrorist, non-criminal, etc.). For this reason a number of the countries involved do not have heavy restrictions on a number of the things on the munitions list, or at least they don't yet. Some countries also provide limited or restricted access to some of the items on their own restricted goods lists through liscensing. There is, however, often a considerable cost attributed to the application for such liscenses, not to mention stringent requirements for qualification for such liscenses. Thus those with munitions liscenses tend to be those with considerable resources, are already connected to the military industry and/or the government, and are few enough to be monitored as deemed necessary.
One issue which this seriously affected by the Wassenaar Arrangement is that of privacy and cryptography. As part of the restrictions on dual use technology good cryptography, and the privacy which it grants to those who utilise it, has effectively been banned according to Wassenaar. For while provisions have been made to provide some level of cryptography to the general public, presumably for the appropriate commercial applications, this is a limited form which has been proven to be not effective in keeping out the prying eyes of a well-resourced organisation, such as the United States' National Security Agency (NSA). The limitations placed on cryptography by the Wassenaar Arrangement do include restricting the level of security provided by one of the most popular freeware encryption packages available, Pretty Good Privacy (PGP). This restriction is due to the fact that the symmetric algorithm employed by PGP is in excess of 64-bits (IDEA = 128-bit effective key size, CAST = 128-bit effective key size and Triple-DES = 112-bit effective key size). Consider also that a 128-bit key is not simply twice as strong as a 64-bit key, each bit increase doubles the effective security of a key; a 65-bit key would be twice as strong as a 64-bit key, a 66-bit key would be twice as strong as a 65-bit key and four times as strong as a 64-bit key, and so this exponential increase in cryptographic strength continues. Other restrictions also stem from the use of the RSA and Diffie-Hellman asymmetric algorithms employed by the commercial and freeware versions of PGP and PGPi.
As yet, though, attempts restrict the availability have not been made due to the incompatibility of legislation within many of the current Wassenaar member states. Only the United States has such stringent export controls on cryptography to prevent PGP from being legally exported beyond its borders. It is for this reason that the PGPi project began in order to provide legal, free, PGP-compatible, public key encryption to the rest of the world. Should the other member states, however, alter their existing legislation regarding cryptography in accordance with the limitations made by Wassenaar then legal, effective encryption will become a thing of the past. It's not so much that privacy will be outlawed, but that the ability to protect one's self and one's communications from anyone willing to put in a little bit of effort to intercept and breach one's privacy will be outlawed. Should the Wassenaar Arrangement be effectively implemented around the world then the net result will be that only outlaws will have any real access to privacy of communication.
To many the question of privacy and free availability of cryptography
is usually countered with the response, "what do you have to hide?"
To which the obvious counter is "from whom?" The usual assumption
by many, of course, is that someone employing encryption is trying to hide
something from the government. People who make this assumption might,
for a moment, wish to consider which government (domestic or foreign)
and whether or not those agencies charged with the task of monitoring communications
are entirely honest and legitimate in the carrying out of these tasks.
They might also wish to consider that whilst it might take the resources
of a government agency (many governments' agencies) to monitor massive
amounts of, for example, Internet e-mail communication, it would not take
nearly so much effort for an organisation to employ similar methods against
all e-mail passing through its servers. It's no longer simply a matter
of "what do you have to hide from the government?", now it's: "what do
you have to hide from any government or agency?", "what do you have to
hide from your employer?", "what do you have to hide from your ISP?", "what
do you have to hide from the anyone with root access (System Administrator)
to a computer through which your e-mail might pass?" and "what do you have
to hide from anyone willing and able to compromise the security of any
of these systems?"
Monday February 1st, 1999
Copyright © Benjamin D. McGinnes,
1999
Copyright © Benjamin D. McGinnes, 1998-2005