Scott Brickner <sjb@universe.digex.net> writes:
Dan Weinstein writes: [unknown writes:]
If anyone from MIT is reading this, it would be a real public service to put on a web site (a) what the system used for the release of PGP is exactly and (b) what assurances (oral, written, names & dates) was received from State/Commerce that this was legal.
You are assuming that because the government has chosen not to prosecute MIT that they will not prosecute anyone else. This is a faulty assumption, laws are not invalidated if they are not enforced, only if they are repealed or overturned.
IANAL, but this seems implausible. If MIT has received assurances (written or oral) from the DoJ that indicate that their scheme is adequate, then another organization prosecuted while following an identical scheme can admit this as evidence.
There isn't, to my knowledge, a specific law which defines the act of export over the 'net. The DoJ, in effect, determines the definition by their actions. Failure to prosecute MIT should lead a responsible judge to dismiss actions against a subsequent defendant that follows the same practice.
It is also worth noting that the ITAR violation is worded somewhat differently from some laws, requiring "willful" violation, a "specific intent" to break the law. In this situation, good faith efforts to apply with what the law appears to be would seem to me to be a strong defense. See <URL:http://www.portal.com/~hfinney/cryp_export1.html> for a writeup I did on this a couple of years ago. An excerpt, from U.S. v Lizarraga-Lizarraga (541 F2d 826): "Accordingly, we hold that in order for a defendant to be found guilty of exporting under 22 U.S.C. 1934, the government must prove that the defendant voluntarily and intentionally violated a known legal duty not to export the proscribed articles, and the jury should be so instructed." I am not a lawyer, however. It would be interesting to hear what our legal exports think of this argument. Hal