Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Thursday April 23 2015, @10:06AM   Printer-friendly
from the try-try-try-and-try-again dept.

Ripping a morsel of a meal from the talons of El Reg, we end up with something indigestible.

Rapid7, the flingers of the exploitation / testing framework that is Metasploit have revealed the effect of recent US regulatory changes via their blog.

A snippet:

Due to changes in regulatory requirements that are applicable to Metasploit (Pro and Community) and similar products, as of Sunday, April 19, 2015, individuals outside of the US and Canada who would like to use Metasploit Pro or the Metasploit Community Edition will need to request a licence and provide additional information regarding themselves or their organization designation.

In accordance with the new requirements, the request will be reviewed by Rapid7 and, unless the user is a non-US or non-Canadian government agency (or is otherwise ineligible to receive the products without approval from the US Department of Commerce), the request will be fulfilled.

This affects licence requests made through Rapid7.com as well as any third party sites that currently offer Metasploit Pro or Community products for download.

It seems we are yet again on the Magic Roundabout of encryption export controls and Clipper chip madness... who knows, maybe this time around it will be effective.

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Interesting) by bradley13 on Thursday April 23 2015, @11:12AM

    by bradley13 (3053) on Thursday April 23 2015, @11:12AM (#174243) Homepage Journal

    The US is just determined to shoot it's tech industry in both feet, not to mention in the heart and the head.

    It wasn't enough that the NSA has been intercepting shipments of network equipment and installing backdoors. It isn't enough that they have been spying on essentially everyone, with no legal justification. It isn't enough that they are crying for new backdoors in encryption, because you can surely trust the US government. So now it's back to the bad-old-days of export restrictions on encryption, because no one else in the world is capable of encrypting things?

    This is yet another project that needs to move itself outside the US.

    Then they can consider whether or not they wish to deal with US customers. Back when I was running a small tech company, our attorney advised us not to - in his opinion, it just wasn't worth the hassle and the legal risks. The one time we made an exception, he was proven right: the customer promptly tried to sue us; her attorney clearly figured she could get a default judgement, because we wouldn't have access to US legal representation. Surprise, surprise. But we certainly never repeated the mistake of taking an American customer.

    --
    Everyone is somebody else's weirdo.
    Starting Score:    1  point
    Moderation   +4  
       Insightful=1, Interesting=3, Total=4
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 5, Funny) by MrNemesis on Thursday April 23 2015, @02:53PM

    by MrNemesis (1582) on Thursday April 23 2015, @02:53PM (#174312)

    So now it's back to the bad-old-days of export restrictions on encryption, because no one else in the world is capable of encrypting things?

    What they're setting out to do really isn't difficult - encryption requires math in order to function, but most other countries can't even dream of having access to it; in the UK they only have MATHS (completely unrelated to math despite the similar-looking name - it actually stands for Mathematical Anti-Telharsic Harfatum Septomin), in france they use "LE math" (Light Edition math which doesn't support the advanced functions used in encryption routines and only works in metric and doesn't work at all in august), russians use математика, the chinese use 数学 - these last two don't even use proper letters and as such make algebra (a key component of advanced math) impossible. As such it's a doddle to just put a ban on exporting math (or more specifically just the bits of math that are used in encryption or security) and the rest of the world will no longer be able to use it even if they make their own hardware.

    Obviously, currently the US has a fairly relaxed attitude to the dissemination of math (you can find it in most arithmetic textbooks for example) but as one of the few nations in the world that still makes and exports its own math, it's easy for them to stop other people exploiting it. Sure, other countries could try and reverse engineer the math system but they'd be at least a decade behind cutting edge math. Basically, since the US invented computing using its own math and then showed everyone else how to make the US style of computers using the US style of math - and everyone else copied them for the reasons stated above since their own math was unsuitable - it'll be literally impossible for anyone else in the world to echo a Hello World without access to US math. This'll kill two birds with one stone - namely helping to boost the economy by charging an arm and a leg for exports of proper math to allied countries and making modern high-security computing impossible for anyone without access to a plentiful supply of compatible numbers.

    --
    "To paraphrase Nietzsche, I have looked into the abyss and been sick in it."
  • (Score: 2) by wantkitteh on Thursday April 23 2015, @03:05PM

    by wantkitteh (3362) on Thursday April 23 2015, @03:05PM (#174317) Homepage Journal

    There is the possibility of a major issue arising in EU/US business relations. EU data protection regulations require that any customer information moved outside the EEA can only do so if the jurisdiction it's sent to provides equal or better data protection legislation. The US solution to this problem has been self-certification under the DMCA Safe Harbor regulations. The European Court of Justice has been pondering whether to continue to consider the DMCA-SH sufficient for quite some time now, and a case was recently heard [cjicl.org.uk] asking exactly that - result expected June 24.

    An NGO called "Europe v Facebook" [europe-v-facebook.org] is trying to get Facebook to conform to EU data protection regs. It's objectives list quite a number of ways in which Facebook's practices don't meet the requirements of operating in the EU, but I can't help but worry that, if they do win, there may be a transatlantic balkanisation of Internet.

  • (Score: 2) by frojack on Thursday April 23 2015, @05:03PM

    by frojack (1554) on Thursday April 23 2015, @05:03PM (#174355) Journal

    o now it's back to the bad-old-days of export restrictions on encryption,

    Except that there haven't been any changes in the restrictions for a long time. So why now? you might ask.

    This whole situation seems like an overblown (politicized) reaction, probably in sympathy with big corporate pushback against government snooping. A reaction guaranteed to fail. (How hard would it be to find someone in the US or Canada to get the licence for you?).

    --
    No, you are mistaken. I've always had this sig.