Timothy C. May writes: : At 3:49 PM 9/20/95, Ian Goldberg wrote: : >So, Dave and I got free munitions shirts (they're different, though; : >the font is smaller and they have a bunch of X'd out Constitutional : >Amendments on the back; I think they ere designed by Joel Furr) for : >our bug find. : > : >So I'm wearing it today. The thing is, I live in International House, : >a residence that has 50% non-Americans. : > : >So, any consensus as to whether it's actually illegal to do so? I : >remember some disagreement a few weeks ago that AFAIK wasn't resolved. : : The _consensus_ here seems to be: "This t-shirt is illegal to wear in front : of non-Americans," judging by the comments here. Assuming that the International Traffic in Arms Regulations are the law (rather than the unconstitutional silliness that they actually are), this consensus is correct. The ITAR forbid the ``disclosure'' of cryptographic ``software''--very broadly defined--to ``foreign'' persons ``within or without the United States.'' It says nothing about the medium of the disclosure: whether it is a T-shirt or computer screen. : The _reality_ is quite different, I think, and the "this shirt is illegal" : hype is, in my opinion, just that, hyperbole. Even hyperbull, too. : : Books and written articles containing crypto algorithms are _not_ illegal : for "furriners" to look at. The t-shirt contains at most a fuzzy printing : of an algorithm that has been widely printed in various books and in : articles in mailing lists like ours. The fact that the government does not dare to try to enforce the ITAR against those who publish cryptographic software without a license (and the fact that the Office of Defense Trade Controls has waived its jurisdiction to require a license in one case for a book where it retained jurisdiction for a CDrom with the same information) does not mean that it is not a violation of the ITAR to publicly wear a T-shirt with cryptographic software on it; although it does strongly suggest that no one will be prosecuted for such violations. And that is just as well, since the posting on an anonymous FTP server of the C program that cracks the seed for the Netscape security routines is also a technical violation of the ITAR, as even Mr. May will perhaps concede. The fact that warning the world of this security breach is a violation of the ITAR simply shows how silly--and how dangerous--is the ITAR's licensing scheme for the publication of cryptographic software. : (I agree that there are some unresolved issues with ostensibly : machine-readable forms. The t-shirt is not machine-readable by any : plausible interpretation of machine-readable.) There is nothing in the ITAR that refers to ``machine-readable'' so there is no need to interpret that term. - -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger@pdj2-ra.f-remote.cwru.edu junger@samsara.law.cwru.edu