In message <20010727015656.A22910@cluebot.com>, Declan McCullagh writes:
One of those -- and you can thank groups like ACM for this, if my legislative memory is correct -- explicitly permits encryption research. You can argue fairly persuasively that it's not broad enough, and certainly 2600 found in the DeCSS case that the judge wasn't convinced by their arguments, but at least it's a shield of sorts. See below.
It's certainly not broad enough -- it protects "encryption" research, and the definition of "encryption" in the law is meant to cover just that, not "cryptography". And the good-faith effort to get permission is really an invitation to harrassment, since you don't have to actually get permission, merely seek it. --Steve Bellovin, http://www.research.att.com/~smb