-----BEGIN PGP SIGNED MESSAGE----- "Experience keeps a dear school, but fools will learn in no other." --Benjamin Franklin IM[NSH]O, we need a test case that _differentiates_ between hardware encryption engines and _software_for_encryption (not to be confused with firmware). Patel rendered an important decision, but she refrained from establishing national jurisdiction; our only hope in this instance is further citations as to relevance. If it can be established, by extension of Patel's ruling that software is _always_ protected under the First Amendment (despite our government's well established track record of trying to kill free speech, or at least ignore it), the mere fact that it runs on a hardware engine --any engine, should be irrelevant. Carrying the argument to its absurd extreme, should we ban gasoline since it powers automobiles? --or even ban the publication of information on refueling an automobile? when confronted by fools {Clinton, et al], one must emphasize the absurdity, even inanity, of their foolishness. The whole argument must be expressed in terms which Judge Marilyn Patel found endearing. write the encryption software in Java which is [generally] a platform independent and portable human readable language. Perl, for instance the 3 line RSA algorithm for DC, is not exactly readable. Why not construct an SBC with extended memory, small hard disk, an O/S which supports Java, and I/O means --then, apply for an export permit for the hardware, the Java encryption/decryption software, and the combined unit? If the burrowcrats at Commerce respond in typical fashion, file in SF Federal Court; if they procrastinate and obfuscate to avoid the inevitable, file in SF to pry it out of their grubby hands and get on with it. The criminals in Congress always pass the right way in public, then hose us over with manager's marks and all that falderol in reconciliation, justifying their position that they have given the Congress a choice [between good and evil? --no, between worse and worst]. Therefore, let's present the Court with the two [or three] part challenge --and make sure the hardware, the combined hardware and software, and the software alone, are distinct claims so that even if the justices choose to classify the hardware/software "package" as a munition, the standalone software will fall under Patel's ruling (more like guidance). The Feds will look pretty stupid ruling a general purpose Java enabled SBC black box a munition.... let's go get the bastards using their own techniques. TAKE THE WAR HOME TO THEM, on their own turf! until Bernstein, all of our actions have been essentially defensive (Junger non-withstanding). Issues must be reduced to the lowest common denominator --let's teach that class of misfits, the ship of fools. ______________________________________________________________________ "attila" 1024/C20B6905/23 D0 FA 7F 6A 8F 60 66 BC AF AE 56 98 C0 D7 B0 on or about 970826:1008 John Young <jya@pipeline.com> expostulated: +Declan wrote: +>I think that's about right. One of the important questions was how broadly +>Patel would rule, whether her ruling would apply just to Bernstein & +>associates or whether she would enjoin the government from enforcing +>ITAR/EAR at all. +> +>Unfortunately, she chose the former. But look on the bright side: her +>narrow decision may be less likely to be reversed, no? +Does this not shift now to Peter Junger's suit: same issues, broader +challenge, same opposing arguments? Did Patel rule narrowly in +Bernstein to set the stage for the broader case in the works? +BTW, is there a suit being readied to follow Peter's? Karn II? PRZ 6.0? +What say, Peter, Lee, Cindy, Phil, Phil, Anthony et al? -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 Comment: No safety this side of the grave. Never was; never will be iQCVAwUBNAL7/L04kQrCC2kFAQGh9wP/ZC3mSfm3l1FPRsejYimfXaZeLu7KcDuF Evfe40TrCRSSe+ZBfduuSlBxslCTAWtTcdYn+uc+JelyDJ0kysZKge7OUG5HEnHO 1U0P1gqP/rY0OnQf9Z0Zr4xEQlsIzNRTYp/bLPYtcBGF7i1pg5/2mU8bbObrs7Wr d6sA4IhN8as= =CwjL -----END PGP SIGNATURE-----

At 03:50 PM 8/26/97 +0000, Attila T. Hun wrote:

IM[NSH]O, we need a test case that _differentiates_ between hardware encryption engines and _software_for_encryption (not to be confused with firmware). Patel rendered an important decision, but she refrained from establishing national jurisdiction; our only hope in this instance is further citations as to relevance.

I disagree. We'd lose, and setting bad precedent is worse than none or weak precedents. The important conclusion Judge Patel drew was that source code is clearly speech (yay! and blatantly obvious, as well :-) The next obvious directions to go, after we win the appeal, are to solidify the judgement with more source code (and deal with the fact that they'll keep changing the regulations), especially if we can do a source code in an interpreted language like perl, and then maybe go after binary code as speech. We'll also need to do something about the Karn case, since the difference between source code on paper and source code on a floppy is obviously not a legitimate one. If you do hardware, they'll say "Hardware isn't speech, it's stuff, and exporting stuff is commerce, and we can regulate commerce and exports", and they'll be right constitutionally if not morally. Exporting the detailed plans for encryption hardware might be fun, especially if the hardware is very generic (say, a speech card for a Nintendoid with some crypto firmware for the Nintendoid's CPU, or a cellphone-modem with crypto pumpware.) About the only Real Hardware I can see having a chance is some sort of ASIC-based device like a pocket organizer or cashcard that does encryption as an incidental part of some other function, such as an authentication protocol. But if it's a cash card, the rules have been flexible enough to handle permits for banking-only devices, and you don't get an interesting Constitutional case about being wrongly denied an export permit when they give you a permit, or at least give out permits for functionally similar products. I suppose there'd be some hack value in exporting a smart-cellphone with downloadable firmware/javaware (e.g. for multiple language support) with all the right export permits, and then releasing the crypto code from replay or kremvax or www.hongkong.cn , and using it as precedent for your application for exporting the crypto-equipped version. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list or news, please Cc: me on replies. Thanks.)