On Wed, 24 Jan 1996, Timothy C. May wrote: [...]
Specifically, I believe--though obviously cannot prove, given the nature of time--that a cryptographically strong version of Netscape developed outside the borders of the U.S. would not be freely importable into the U.S. I
Nope. Nope. Nope. Nope. Donuts to dollars that it's freely importable. Now, whether you could freely use it becomes another version of the "could they ban strong crypto for domestic use" issue. I don't think so. Why? See my articles on my homepage, www.law.miami.edu/~froomkin I also (to pick on Tim's excellent "you got to think like them" thread) don't really see why they need to expend massive energies fighting this battle once it looks lost (I do see why they would want to fight and have fought delaying actions; every delay is a win in that mindset). A cryptographically strong browser isn't such a threat to policy, except that you get more encrypted traffic messing up traffic analysis, and that's happening gradually anyway. Not to mention that traffic volumes going up must strain some capacity somewhere. No, the real threats to LEAs/traditional ways of doing things are more likely to be anonymity and anonymous cash. And these are things that may well be within the power of governments to at least make difficult if not eliminate for some time. "Chokepoints" is indeed the key word here, with banks and remailer operators as chokees. If you are a government strategist, you might think, Why not make people strictly liable for, e.g., any crimes planned with their remailers? And make ISPs strictly liable for crimes panned or executed on their systems? Those things stand more chance of being upheld than a ban on domestic use of strong crypto, whether foreign or domestic coded. I won't go so far as to say "would be upheld" but it's much easier for me to imagine than a ban on importing or using strong crypto. I'm going to expand on this in the next draft of my "oceans" paper; the draft currently on the web page does not really do these issues much justice.
don't know what form such a law would take, to answer the point raised in another post by Peter Junger. Nor am I saying either State or NSA passes the laws...the ITARs have worked largely because they have never been challenged; if they were to be successfully challenged and stricken, as even some folks inside the NSA think is likely if tested in a proper case, then a Four Horseman-scared Congress will likely step in with some restrictions. [...]
OK, Tim, what am I missing? How will Enhanced-crypto-Netscape match remailers for their ability to keep TLAs up at night? A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin@law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's warm here.