Pop Quiz: If you are a citizen of the U.S., prove it. At 11:33 PM 11/4/95, Simon Spero wrote:
On Sat, 4 Nov 1995, Derek Atkins wrote:
student from coming to the US. By allowing the student into the US, the gov't is implicitly giving them the right to use PGP within the US.
This is kind of a risky policy to take. The general feeling I get that allowing non green-card holders access to strong cryptography is sort of decriminalised, in that the police aren't likely to break down your door and have your AFS server accidentaly fall down stairs. However, it is still against the law, and could be used against the university in other unrelated circumstances.
It seems that licences allowing foreign nationals access to cryptographic software within the US are pretty easy to get, and especially for something like PGP on a central machine.
We really need to put this one to bed. As has been said several times recently, for the purposes of law, non-U.S. citizens who reside in the U.S are effectively "U.S. persons." Subject to U.S. law and generally having the same legal rights. (Can't vote. Can be drafted. Must pay taxes. Must have a SSN. Must obey traffic laws. Must not discriminate against the differently clued, etc.) All of the nonsense about wearing a "munitions shirt" in front of a "foreigner" seems to miss this essential point. Ditto for PGP use. Consider this: most people in the U.S. do not have a "credential" that shows them to be U.S. citizens. (Hint: most people in the U.S. do not have passports.) They have driver's licenses, which say nothing about citizenship (at least California and Virgina licenses do not). Social Security cards are the same. (Second hint: most people are hard-pressed to locate a birth certificate for themselves. Many people take the easy way out and simply buy a new one for the $25 a good one costs.) Therefore, there are few ways that citizenship can be "checked." Period. A foreigner who wishes to "prove" his non-U.S. status could, of course, show his green card. But this is different from proving citizenship. As to the USF--or was it SFSU?--student worried about "allowing" PGP to be used...I despair at this outlook. Why not simply ignore the issue, not "give" them PGP, but instead have a few pointers to where PGP may be gotten. As to the point about students impersonating faculty, if the faculty starts signing their messages (doubtful), then no one can impersonate _them_. (Except that it sounds like all this PGP stuff is to happen on campus computers, in which case there are several ways their private keys and passphrases can be snarfed.) The issue of a "credential" for faculty members, something that says "This person is a member of the Foo U. faculty," well, this is a different kettle of fish; such credentials are not part of the PGP system, though webs of trust could in principle be used in a klugey kind of way. --Tim May Views here are not the views of my Internet Service Provider or Government. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway."