I have two pet issues: 1. Who Owns Cryptography? David Kahn's "The Codebreakers" shows that strong cryptography (as strong as that used by the military of the time) has almost always been invented by and used by private individuals, throughout history. The US Gov't (especially the NSA) has been trying to give the impression that it owns cryptography. The case needs to be made that cryptography inventions occur spontaneously in the minds of individuals and that cryptography is used to guard privacy (of both files and conversations) in a way the government: a. could not control if it tried, short of "1984" style room bugging, informants, ... b. should not control because of the 4000 year history of private ownership of cryptography. 2. Export Laws for Cryptography -- There are three classes of cryptography, logically: i. Munitions ii. Commercial iii. Public Domain Munitions cryptography would include systems using government classified algorithms or incorporated in physical hardware which has been hardened for battlefield use. Commercial would include systems which are proprietary to some company and sold by that company. Public domain would include systems which have been fully published (DES, RSA, DH, IDEA, <many older systems>, ...), have been implemented from those publications and which are effectively already in the hands of any interested high school kid. These are often available on public BBSs, worldwide. (PGP, for example) It makes sense to control munitions via ITAR and commercial systems via the commerce department, while leaving public domain systems uncontrolled c/o freedom of speech. What can be done to make these points? If these are not law review issues, what can I do as a private citizen to put these forth? - Carl