Dr Roberts writes:
Perhaps there is a way to turn the training on the trainers? Civil disobediance is the best way to do this. Were a relatively small number of people, a thousand for instance, to post the "RSA in 3 lines" code to the world, it would be highly unlikely that anybody at all would be prosecuted,
Many 1000s of people have exported it. See also Vince Cate's arms trafficker page. http://online.offshore.com.ai/arms-trafficker/ Around 3000 T-shirts were sold also. Guess there are a fair number of people practicing civil disobedience in the US as a result. They're still selling, see: http://www.dcs.ex.ac.uk/~aba/uk-shirt.html for order info. While it's probably technically illegal to export, it clearly doesn't get you in trouble to export it. Raph Levien sent off a Commodity Jurisdiction Request together with a sample T-shirt to ask permission to export the T-shirt under the ITAR regulations. They did not answer his request. I presume that they viewed either a "yes" or a "no" as a loose for them. If they say no, they open themselves for mockery in the press, if they say yes, we progress the situation. Export on paper? Floppy? Internet? Bigger programs. I'd guess the request is now outdated by the token change in export regulations (in reality mostly a name change) to EAR regulations which transferred jurisdiction to the commerce department. It might be interesting to ask them for permission to export it. If anyone wants to do this, I'll supply a sample T-shirt :-) Looks like the laws may make another token name change again, but remain the same again, with a SAFE, doubtless with key-escrow bolted on during the compromise with NSA and LE interests stage of negotiations.
particularly if a sizeable number of these people were professors, graduate students, professionals at well known companies, journalists, politicians?, or otherwise prominent people. The whole situation would be so absurd they would never dare take it to court.
I'd always hoped that someone could make a good PR job of ridiculing the export regulations with this. So far it never really got much further than the NSA/ODTC ignoring the CJR request of Raphs. Also, Duncan Frissell caused a bit of a stir at CFP a few years back with the program on labels which he handed to attenders. Vince Cate had a bit of success also. The shirts have been on French TV, which is significant also due to French crypto regulations which are worse than the US regulations.
The longer somebody waits, the less opportunity they have to tell their grandkids "I was the 500th person to publically export RSA back in the late 20th century. The government was actually trying to make math illegal!" Best of all, anybody "fortunate" enough to be a U.S. citizen can participate, even if they don't write code themselves.
A while back I did a cgi binary which exported the PGP.EXE out of pgp262i in uuencoded parts, 3 lines at a time. Came out at 713 parts. Maybe that would be more symbolic. People weren't so keen to export that as they were to export the perl rsa sig. When I announced the url, people posted "I got no 7, who got the 1st part?" etc. See: http://www.dcs.ex.ac.uk/~aba/export/ Of course this wasn't my idea, it had been discussed on the list several times before, I just took advantage of my position outside the crypto curtain to actually do it. It's a bit out of date - it's talking about ITAR, that should be EAR now.
Having established beyond any doubt that the export of RSA was possible without repercussions, the lesson will be driven home by group releases of successively longer mathematical works expressed in source code.
I think this has been established. Vince Cate's exporters page sends president@whitehouse.gov a protest letter together with the rsa sig. There is a log of exporters. Lots of names on it.
The first release will be the most challenging. In no time at all everybody - including everybody in the government - will find themselves accustomed to the idea that laws against mathematics are absurd. (Even Senators will be able to grasp this unchallenging concept.)
I think Vince says on his pages that he got a mention on CNN of his arms trafficker page. I'd encourage anyone to use the sig, or t-shirts, mailing labels or the guy with the tattoo of the .sig to cause all the embarrasment they can for the US government.
The way to get started is for people to pledge to post "RSA in 3 lines" if certain conditions are met. For instance, "I will post 'RSA in 3 lines' if 500 people promise to do it as well, among them being Michel Foucault, Jacob Bernoulli, and Blaise Pascal." No risk need be taken without allies!
Well, it does seem to me at times that people in the US are being too timid about the whole situation. I mean if everyone just openly ignored the stupid laws, you might think they would go away by default, just to catch up with reality. Much hand-wringing is spent putting no-export warnings on code, obfuscating the download process to discourage non-US people, and warning others not to export. Clearly for the individual there are few ill-effects from exporting the 3 lines of perl. (Actually 2 lines now see below). Probably nothing much would happen if you personally just uuencoded PGP and spammed USENET with it. I mean it would make not one iota of difference as it's already universally available on ftp sites and web pages. Phil Zimmermann and Kelly Goen were hassled over their export, but it's too late to worry about PGP now. Adam -- Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`