Looks like the stalling tactics have begun. I just got a phone call from "Susan Shea" from the National Security Agency. She said that to "make a better determination" she would need a copy of the diskette. I explained (as I had in my written request) that the diskette in question contained exactly the same source code as was printed in Part 5 of the book Applied Cryptography, byte for byte. But she claimed that as she did not have a copy of that, she would still need the diskette. Right. The NSA doesn't have a copy of Applied Cryptography, and has never seen one. Yet, apparently, they signed off on my original CJ request to export the printed book (the State letter mentions comments from the Department of Defense, which is always a code phrase for the NSA in such situations). It's not that ``NSA'' doesn't have the book; it's that that office may not. Or at least, making that claim isn't totally beyond the realm of possibility. As for the original request -- they *don't* want to rule that a book needs a license, of any sort; it opens them up to judges who understand books but not floppies. (Let me commend to this audience Kenneth Pierce's paper ``Public Cryptography, Arms Export Controls, and the First Amendment: A Need for Legislation'', Cornell International Law Journal vol. 17, 1984, pp. 197--236 -- it's a very good summary of the legal issues. Though the details of the ITAR have changed, the underlying legal theories have not.) Sigh. I will send it off to them. This should buy them about two days, unless I get really extravagant and switch from Priority Mail to Express Mail... Phil PS. Does anybody consider it odd that someone from the NSA would actually identify themselves as such? My impression is that they've realized that that game is a bit stupid at this point, and that they're giving up on unnecessary secrecy.