FTP site for complete ITAR is: ripem.msu.edu:/pub/crypt/docs/itar-july-93.txt. sci.crypt archives are there also. Thanks to M. Riordan for this valuable service. I also understand that D. Bernstein may have helped in getting the ITAR on specifically. Both are sci.crypt FAQ contributors & maintainers. * * * greg@ideath.goldenbear.com (Greg Broiles) quotes an *extremely* interesting section of the ITAR, perhaps the *critical section* for this issue at hand. But he seemed to skip right over a critical piece. The thread, as it stands: we have seen the ITAR sections that bar disclosure (export) of `technical data' to `foreign nationals' and sections that state that anything illegally exported cannot be legally imported, and now we find technical data defined as: $120.21 Technical data. Technical data means, for purposes of this subchapter: (a) Classified information relating to defense articles and defense services; (b) Information covered by an invention secrecy order; (c) Information, in any form, which is directly related to the design, engineering, development, production, processing, manufacture, use, operation, overhaul, repair, maintenance, modification, or reconstruction of defense articles. This includes, for example, information in the form of blueprints, drawings, 1 photographs, plans, instructions, computer software, 1 and documentation. This also includes information which advances the state of the art of articles on 2 the U.S. Munitions List. This definition does not 2 include information concerning general scientific, 2 mathematical, or engineering principles commonly 2 taught in academia. It also does not include basic marketing information or general system descriptions of defense articles. *wow* -- we find that (1) `computer software and documentation' `related to [verb1,verb2,verb3 ad infinitum] of defense articles' is *banned*. but in the same paragraph, (2) `general scientific or commonly taught mathematical or engineering principles' are *not* banned. Surely, (1) is the clause that Bidzos would claim applies -- restricting the export of technical data in the form of software. The $64K Question: Is PGP `computer software related to defense' or `technical documentation encompassing general scientific & engineering principles'? so, likely, that paragraph will be the focus of attention, and perhaps the fulcrum of the case, for both the prosecution and defense, of a hypothetical trial. another point to make: the naive prejudices of those who crafted this list are apparent as being from the agency-which-will-remain-anonymous-but-has-the-initials-NSA. They seem to think that `defense articles' and `general scientific, mathematical, and engineering principles' are mutually exclusive. Hee, hee. They might as well just have a law that bans `everything we don't approve of' with no loss of ambiguity. G.B. again
The definitions of export that I've seen have concerned transferring information or physical things, or providing services to, persons, corporations, or nations which are not U.S. citizens. They have not addressed placing these things where "foreign persons" might conceivably get them.
another *very* critical aspect of the case, noted also by H. Finney and others. I have a theory about this (surprise! :) Bidzos indicated how the ITAR is very recent. It appears to be being updated all the time. This is a bit scary how easy it is for `the powers that be' (the most verminous expression, hence my use) to slip in to modifications to the ITAR. I wonder how much these various paragraphs have changed between versions of the ITAR -- I suspect that if we looked at it in a linear historical progression, we would find an increasing desperation in the writing, representing the futile attempt to encompass all the data leaking all over cyberspace, like trying to hold onto a handful of greased vibrating marbles, or chain down electrons. This is another `conspicuous omission' that suggests the likelihood that it is `in the works' to get in clauses that *specifically address* the concept of `broadcast' of information similar to an FTP site, perhaps even underway at this moment in the labyrinthine catacombs of our government. * * * My sincere thanks to everyone who has contributed to the ITAR analysis associated with the case dispassionately. We shouldn't delude ourselves in thinking all this is happening in anything other than a mailing list vacuum, and the EFF/PRZ laywers (`the Professionals') surely have entirely different perspectives on the matter, but for me at least I find it extraordinarily educational and intellectually stimulating -- in a sort of depraved way. On the other hand, reading between the lines of our comments, the ITAR itself is probably close to the most totalitarian document our country has yet produced. It is sort of like `constitutional antimatter'. Look at how pliant this enterprise-constricting law is to burdensome and insideous modifications, in total defiance of open and public legislative procedure! The people that are *experts* on it can't keep up with all the shadowy knob-twiddling. In restricting *technical data* to `foreign nationals' (the latter phrase a rather atrocious coinage in itself) we seem to find the same institutionalized paranoia against the spread of simple *information* that was associated with copier machines in the cold-war-era Soviet Union. The irony is that to a totalitarian state, that paranoia is not comical -- it is entirely justified and critical to its self preservation.