"Perry E. Metzger" writes: : : Thaddeus J. Beier writes: : > So, if this person was sending cryptographics codes from Switzerland : > to Israel, the code would have been imported to the US, then exported : > by UUNET. They can't do that, can they? Probably nobody would prosecute, : > but it might be something to threaten UUNET with if one of their Northern : > Virginia neighbors ever wanted something the couldn't get otherwise. : : It isn't clear that telecoms treaties don't implicitly make this legal : in spite of the export regulations. Once again, what the ITAR forbid is the disclosure of cryptographic software to a foreign person within or without the United States, so it does not make any difference whether the message containing the code passes through the United States or not. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger@pdj2-ra.f-remote.cwru.edu junger@samsara.law.cwru.edu
"Peter D. Junger" writes:
"Perry E. Metzger" writes:
: : Thaddeus J. Beier writes: : > So, if this person was sending cryptographics codes from Switzerland : > to Israel, the code would have been imported to the US, then exported : > by UUNET. They can't do that, can they? Probably nobody would prosecute, : > but it might be something to threaten UUNET with if one of their Northern : > Virginia neighbors ever wanted something the couldn't get otherwise. : : It isn't clear that telecoms treaties don't implicitly make this legal : in spite of the export regulations.
Once again, what the ITAR forbid is the disclosure of cryptographic software to a foreign person within or without the United States, so it does not make any difference whether the message containing the code passes through the United States or not.
OTOH, the ITAR explicitly permits "temporarily imported" munitions to be re-exported. Those clauses should entirely eliminate the issue of whether UUNET could be held liable under ITAR. ITAR says otherwise -- see section 120.18.
"Peter D. Junger" writes:
"Perry E. Metzger" writes: : It isn't clear that telecoms treaties don't implicitly make this legal : in spite of the export regulations.
Once again, what the ITAR forbid is the disclosure of cryptographic software to a foreign person within or without the United States, so it does not make any difference whether the message containing the code passes through the United States or not.
I understand that you are a lawyer and I'm not, but it is my understanding that international treaties come in to play on this sort of thing. For instance, in international shipments, you can transship items and substances that are illegal to possess in a country through its ports provided that the materials do not originate or terminate their shipment in the country and remain sealed in their containers throughout. It is also my understanding that items like mail and phone calls that happen to transit a country are not necessarily subject to that nations laws provided that the nation is not a terminal point for the mail or call or what have you. Treaties on this subject would quite clearly superseed any federal laws under the supremacy clause of the constitution. I am not absolutely sure of this, but I'm fairly sure that there are already rules on all of this. Perry
"Perry E. Metzger" writes: : : "Peter D. Junger" writes: : > "Perry E. Metzger" writes: : > : It isn't clear that telecoms treaties don't implicitly make this legal : > : in spite of the export regulations. : > : > Once again, what the ITAR forbid is the disclosure of cryptographic : > software to a foreign person within or without the United States, so : > it does not make any difference whether the message containing the : > code passes through the United States or not. : : I understand that you are a lawyer and I'm not, but it is my : understanding that international treaties come in to play on this sort : of thing. For instance, in international shipments, you can transship : items and substances that are illegal to possess in a country through : its ports provided that the materials do not originate or terminate : their shipment in the country and remain sealed in their containers : throughout. It is also my understanding that items like mail and phone : calls that happen to transit a country are not necessarily subject to : that nations laws provided that the nation is not a terminal point for : the mail or call or what have you. The trouble is that the ITAR's definition of export that is relevant to cryptographic software has nothing to do with exporting in the normal sense, and therefore it has nothing to do with transhipments. The definition of export that is relevant simply makes it a felony to disclose technical data, which is defined as including cryptographic software, to a foreign person within or without the United States. Thus I cannot disclose my materials for my course in Computers and the Law, which include some cryptographic software, to a Canadian student in the United States without getting a license, event though there is an exception which would allow me to export the software to Canada. It doesn't make any difference whether the disclosure--or the message that makes the disclosure possible--passes through a foreign jurisdiction or not. It is the disclosure, and only the disclosure, that requires the license. Not the transmission of the message. Don't blame this on my being a lawyer; blame it on some very sick people in the Office of Defense Trade Controls and in the NSA. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger@pdj2-ra.f-remote.cwru.edu junger@samsara.law.cwru.edu
"Peter D. Junger" writes:
: I understand that you are a lawyer and I'm not, but it is my : understanding that international treaties come in to play on this sort : of thing. For instance, in international shipments, you can transship : items and substances that are illegal to possess in a country through : its ports provided that the materials do not originate or terminate : their shipment in the country and remain sealed in their containers : throughout. It is also my understanding that items like mail and phone : calls that happen to transit a country are not necessarily subject to : that nations laws provided that the nation is not a terminal point for : the mail or call or what have you.
The trouble is that the ITAR's definition of export that is relevant to cryptographic software has nothing to do with exporting in the normal sense, and therefore it has nothing to do with transhipments.
I am starting to have trouble believing you are a lawyer. Are you actually telling me that treaties which explicitly indemnify transshipment customers against local laws are superceeded by lower level laws, in spite of the supremecy clause of the constitution? That might be what the state department would tell you, but I'd have trouble believing even a lobotomized mongoloid judge would let that stand. Treaties are treaties, period. Perry
Perry chips in :
"Peter D. Junger" writes:
The trouble is that the ITAR's definition of export that is relevant to cryptographic software has nothing to do with exporting in the normal sense, and therefore it has nothing to do with transhipments.
I am starting to have trouble believing you are a lawyer. Are you actually telling me that treaties which explicitly indemnify transshipment customers against local laws are superceeded by lower level laws, in spite of the supremecy clause of the constitution? That might be what the state department would tell you, but I'd have trouble believing even a lobotomized mongoloid judge would let that stand. Treaties are treaties, period.
Actually there are exclusion clauses in most international trade treaties to exclude items such as arms and drugs from transhipment clauses. There are also various treaties to control trafic in arms and drugs whose provisions may have precedence. The US is not known for sticking to the narrow wording of an international treaty in such cases. Panama was invaded for alledged transhipment of drugs after all. I doubt anyone would seriously attempt to find a justification for that act in international law. One of the many problems in Perry's approach is that an international treaty is in essence a contract between governments. If the governments chose to interpret a contract in a particular way they may not consider it any of your buisness as a third party. They are after all always free to negotiate a new treaty. Perry's somewhat offensive language is not a substitute for an argument. Treaties certainly arn't "treaties period" otherwise the profession of law would be a somewhat less skilled one. There is clearly considerable complexity in the interpretation of treaties and in determining the scope of their application, the various remedies they provide for and so on. I think I would take Perry's disbelief that a person is a lawyer becuse he disagrees with him as reflecting more on Perry than anyone else. All contrary views are rejected... hmm... Phill
hallam@w3.org writes:
One of the many problems in Perry's approach is that an international treaty is in essence a contract between governments.
Were that the case, citizens couldn't sue to have provisions impacting them enforced, but the fact of the matter is that they can.
Perry's somewhat offensive language is not a substitute for an argument.
Thank you for the ad hominem.
I think I would take Perry's disbelief that a person is a lawyer becuse he disagrees with him as reflecting more on Perry than anyone else.
I'm not entirely sure that the international telecoms treaties cover this, but both the gentleman I was conversing with and I appeared to have assumed for purposes of discussion that they did. Given that, the notion that international telecoms treaties are superceeded by the ITARs does indeed give one pause to wonder. Perry
Were that the case, citizens couldn't sue to have provisions impacting them enforced, but the fact of the matter is that they can.
Various treaties provide that various privilleges will be granted to various citizens of the countries concerned. Do the treaties grant such privilleges in this case? Just because there is a treaty on nuclear disarmament between the US and the USSR does not mean that you as a private citizen can press for enforcement through the courts if you think that the USSR is not performing.
Perry's somewhat offensive language is not a substitute for an argument.
Thank you for the ad hominem.
Perry used the phrase "lobotomized mongoloid judge" I think that this type of language is offensive and unnecessary. Ad hominem is a perfectly valid form of argument where one is considering the reputation of the person making the statement. I don't think that the type of language and tactics Perry uses reflect well upon him. What is "I am starting to have trouble believing you are a lawyer." if not ad hominem in any case?
hallam@w3.org writes:
Were that the case, citizens couldn't sue to have provisions impacting them enforced, but the fact of the matter is that they can.
Various treaties provide that various privilleges will be granted to various citizens of the countries concerned. Do the treaties grant such privilleges in this case? Just because there is a treaty on nuclear disarmament between the US and the USSR does not mean that you as a private citizen can press for enforcement through the courts if you think that the USSR is not performing.
No, but treaties permitting citizens of Canada to work in the U.S. are enforceable in U.S. courts, and other similar treaties that have personal impact are enforceable in court, such as tax treaties. In the case of a treaty saying "you aren't breaking a third country's laws if you transmit something that wouldn't be legal to say in that country over its telecom lines", its a personal rather than a national impact and it could be enforced in a U.S. court.
Perry's somewhat offensive language is not a substitute for an argument.
Thank you for the ad hominem.
Perry used the phrase "lobotomized mongoloid judge" I think that this type of language is offensive and unnecessary.
To whom was I being offensive, Mr. Hallam, given that I was refering to a theoretical non-extant personage? Or are you a charter member of "lobotomized mongoloids for equal justice" or some such.
Ad hominem is a perfectly valid form of argument where one is considering the reputation of the person making the statement.
Yes, but my reputation is irrelevant to whether or not you can be prosecuted as a foreigner for the act of handing another foreigner cryptographic software outside the U.S. Perry
"Perry E. Metzger" writes: : I am starting to have trouble believing you are a lawyer. Are you : actually telling me that treaties which explicitly indemnify : transshipment customers against local laws are superceeded by lower : level laws, in spite of the supremecy clause of the constitution? That : might be what the state department would tell you, but I'd have : trouble believing even a lobotomized mongoloid judge would let that : stand. Treaties are treaties, period. What I am telling you, if you would pay attention, is that there is no transhipment involved. The violation of the ITAR consists of disclosing information, not shipment. And that is pretty clearly unconstitutional because it violates the first amendment, but it has nothing whatsoever to do with any treaties--certainly nothing to do with treaties about transhipment. If a Frenchman on vacation in the Riviera shows a copy of PGP sourcecode to a German businessman there, that is literally a violation of the ITAR. If the disclosure is made by sending a copy of the software from one hotel room to another, and if that message happens to get routed through the United States, that is still a violation. The fact that the message went through the United States is irrelevant. Don't expect the ITAR to make any sense. And don't think that you can apply logic to the ITAR and get logical results. It doesn't work that way. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger@pdj2-ra.f-remote.cwru.edu junger@samsara.law.cwru.edu
"Peter D. Junger" writes:
"Perry E. Metzger" writes:
: I am starting to have trouble believing you are a lawyer. Are you : actually telling me that treaties which explicitly indemnify : transshipment customers against local laws are superceeded by lower : level laws, in spite of the supremecy clause of the constitution? That : might be what the state department would tell you, but I'd have : trouble believing even a lobotomized mongoloid judge would let that : stand. Treaties are treaties, period.
What I am telling you, if you would pay attention, is that there is no transhipment involved. The violation of the ITAR consists of disclosing information, not shipment.
Given that it is a non-U.S. national disclosing information to a non-U.S. national, both being outside the U.S.'s borders, with their only involvement with the U.S. being an incidental traversal of their communications via U.S. telecoms networks, I would say that it would be a case where the telecoms treaties would come into play.
If a Frenchman on vacation in the Riviera shows a copy of PGP sourcecode to a German businessman there, that is literally a violation of the ITAR.
Where the hell did you get that idea? The ITAR clearly does not apply to foreigners disclosing things to each other outside the United States. I've read it and I can't see how it could possibly be so interpreted. I'm not a lawyer, but this interpretation is so bizarre as to be almost untenable. I can clearly see that a U.S. person talking about DES to a foreign person can be a violation under the language in the regulations, but there is no way on earth to interpret the regulations as applying to foreigners abroad talking to other foreigners outside the U.S.
Don't expect the ITAR to make any sense. And don't think that you can apply logic to the ITAR and get logical results. It doesn't work that way.
I was under the impression, though, that the words meant what they said. Perry
"Perry E. Metzger" writes: : "Peter D. Junger" writes: : : > If a Frenchman on vacation in the Riviera shows a copy of PGP sourcecode : > to a German businessman there, that is literally a violation of the : > ITAR. : : Where the hell did you get that idea?
From Section 120.17 of the ITAR which provides:
_Export_ means: . . . . (4) Disclosing (including oral or visual disclosure) or transfering technical data to a foreign person, whether in the United States or abroad . . . . (And technical data is (baroquely) defined in Section 120.10 as including certain software, including crytographic software.) : The ITAR clearly does not apply : to foreigners disclosing things to each other outside the United : States. Where the hell did you get that idea? : I've read it and I can't see how it could possibly be so : interpreted. I'm not a lawyer, but this interpretation is so bizarre : as to be almost untenable. I can clearly see that a U.S. person : talking about DES to a foreign person can be a violation under the : language in the regulations, but there is no way on earth to interpret : the regulations as applying to foreigners abroad talking to other : foreigners outside the U.S. Go read the section that I quoted again. Where is there an exception for foreign persons who happen to be abroad? : > Don't expect the ITAR to make any sense. And don't think that you can : > apply logic to the ITAR and get logical results. It doesn't work that : > way. : I was under the impression, though, that the words meant what they : said. When did you change your mind? -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger@pdj2-ra.f-remote.cwru.edu junger@samsara.law.cwru.edu
On Tue, 7 Nov 1995, Peter D. Junger wrote:
From Section 120.17 of the ITAR which provides:
_Export_ means: . . . . (4) Disclosing (including oral or visual disclosure) or transfering technical data to a foreign person, whether in the United States or abroad . . . .
The ITAR is U.S.-Law. This only applies (by definition) to US-citizens or persons in the U.S.! I think it's a common mistake of many Americans that they believe creating law means creating law for the whole world!
Go read the section that I quoted again. Where is there an exception for foreign persons who happen to be abroad?
It's inherent. You simply can't apply US-law to non-US-citizens outside the U.S.! oli.
On Tue, 7 Nov 1995, Oliver Huf wrote:
It's inherent. You simply can't apply US-law to non-US-citizens outside the U.S.!
Well, also (?) the Exxon bill tries to do just that. If you put up 'indecent' material at your .de site that persons in the US can ftp or browse or whatever, and the Exxon bill passes, you can be sentenced to (at least) 2 years jail in the US. Presumably, since they don't think you are as important as the infamous ex Panama president, they won't come and get you, but might meet you at the airport if you ever plan to visit the US. (They will not try to get you sentenced in a German court since you haven't committed any crime in Germany, and the German Government will probably not extradite you - I'm not familiar with German extradition laws, though.) With only one military superpower left we can expect it's jurisdiction to expand as it seems fit. Mats
Oliver Huf writes: : : : On Tue, 7 Nov 1995, Peter D. Junger wrote: : : > >From Section 120.17 of the ITAR which provides: : > : > _Export_ means: : > . . . . : > (4) Disclosing (including oral or visual disclosure) or transfering : > technical data to a foreign person, whether in the United States or : > abroad . . . . : : The ITAR is U.S.-Law. This only applies (by definition) to US-citizens : or persons in the U.S.! Go tell that to General Noriega. I don't know what definition you are talking about, but it is not one recognized by the American Courts. : I think it's a common mistake of many Americans that they believe : creating law means creating law for the whole world! : > Go read the section that I quoted again. Where is there an exception : > for foreign persons who happen to be abroad? : It's inherent. You simply can't apply US-law to non-US-citizens outside : the U.S.! The American courts will apply American laws to non-US-citizens who violate American laws outside the United States, if they can catch them. The fact that they may be in the United States because they were kidnapped or because they were captured outside the United States in an agressive war that quite clearly violated international law won't stop them for a moment. And lord help the foreigner who has violated US law outside the US and then tries to immigrate to the United States. And the United States is not alone in this. Look what Israel did to Eichman. And didn't Denmark just allow Germany to extradite an American citizen for nasty things that he wrote and said in the United States? -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger@pdj2-ra.f-remote.cwru.edu junger@samsara.law.cwru.edu
On Tue, 7 Nov 1995 14:52:33 +0100 (GMT+0100), you wrote:
On Tue, 7 Nov 1995, Peter D. Junger wrote:
From Section 120.17 of the ITAR which provides:
_Export_ means: . . . . (4) Disclosing (including oral or visual disclosure) or transfering technical data to a foreign person, whether in the United States or abroad . . . .
The ITAR is U.S.-Law. This only applies (by definition) to US-citizens or persons in the U.S.!
I think it's a common mistake of many Americans that they believe creating law means creating law for the whole world!
The what U.S. law says and what U.S. officials can enforce are two different things. You are in violation of ITAR if you send crypto software from Mexico to Europe over the INTERNET if it is routed through the U.S.. Think of it like drugs being shipped through the U.S., the drug lord that sent it throught is just as guilt under U.S. law as the mule that is carrying it. The problem is that ITAR was not writen to take the current situation into consideration. It is writen to deal with physical equipment and concepts that only a small number of people understand. Given those perameters ITAR would work, but given the current climate of readily available crypto software and wide spread understanding of crypto technologies ITAR cannot do what it was designed to do.
Go read the section that I quoted again. Where is there an exception for foreign persons who happen to be abroad?
It's inherent. You simply can't apply US-law to non-US-citizens outside the U.S.!
Quite to the contrary, U.S. law applies whereever the U.S. can enforce it. Their are many U.S. laws that the U.S. attempts to enforce outside the U.S.. One example is that the U.S. law allows the abduction of those who have murdered U.S. citizens outside the United States. This law is in place in an attempt to protect U.S. citizens from terorism. If you do not believe me just ask Manuel Noriega (sp?). Dan Weinstein djw@pdcorp.com http://www.earthlink.net/~danjw PGP public key is available from my Home Page. All opinions expressed above are mine. "I understand by 'freedom of Spirit' something quite definite - the unconditional will to say No, where it is dangerous to say No. Friedrich Nietzsche
Where can one get a copy of ITAR ? Secondly , has anyone written any books on the subject and if so who and what? Thanks in advance, Deirdre
On Thu, 9 Nov 1995, Moroni wrote:
Where can one get a copy of ITAR ? Secondly , has anyone written any books on the subject and if so who and what?
I believe ITAR is 22 USC $ 2278 and environs, which should be at http://www.law.cornell.edu/uscode/22/2778.html. I can't quote from it right this second because there seems to be a routing problem inside sprintlink (must be SAIC censoring us). Books, I dunno. -rich
Adam Shostack <adam@lighthouse.homeport.org> said: AS> Thus, if the user in Italy has no reason to expect that their AS> mail to Germany will traverse the US, then I suspect that the US AS> would have a hard time proving any criminal act. Doesn't a criminal AS> act require intent of some type? If IP routing, in conjunction with AS> SMTP, beyond the control of the users, ships packets through the US, AS> I have a hard time believing that that makes those users criminals. IANAL, but if they have the intent to transfer cryptographic software, and can 'reasonably' (wonderful precision there) be expected to know that there is the potential for portions of the transfer to be routed through US systems, then I'm guessing that it could be construed that they had the intent to commit a crime. -- #include <disclaimer.h> /* Sten Drescher */ To get my PGP public key, send me email with your public key and Subject: PGP key exchange Key fingerprint = 90 5F 1D FD A6 7C 84 5E A9 D3 90 16 B2 44 C4 F3
Since the size of the net is more than doubling each year, over half the people online at any given time are newbies.* It is not reasonable to expect a newbie to understand IP routing. Neither IP routing nor the design of the backbone is intuitively obvious. Therefore, it is not reasonable to assume that a user in Italy or Germany has any idea that their packets might travel through the United States. Nor is it reasonable to assume that a user outside the US is familiar with the ITARs. They're an obscure set of regulations, on the surface contrary to the First Amendment, and not even well known within the United States. I find it hard to believe that given the obscurity of IP routing, the backbone design, and the obscurity of the ITAR that a jury would find a foreign person guilty of unknowingly violations of the ITAR. Any comment on this line of reasoning from our lawyer friends? Adam Sten Drescher wrote: | Adam Shostack <adam@lighthouse.homeport.org> said: | | AS> Thus, if the user in Italy has no reason to expect that their | AS> mail to Germany will traverse the US, then I suspect that the US | AS> would have a hard time proving any criminal act. Doesn't a criminal | AS> act require intent of some type? If IP routing, in conjunction with | AS> SMTP, beyond the control of the users, ships packets through the US, | AS> I have a hard time believing that that makes those users criminals. | | IANAL, but if they have the intent to transfer cryptographic | software, and can 'reasonably' (wonderful precision there) be expected | to know that there is the potential for portions of the transfer to be | routed through US systems, then I'm guessing that it could be construed | that they had the intent to commit a crime. -- "It is seldom that liberty of any kind is lost all at once." -Hume
Dan Weinstein wrote: | The what U.S. law says and what U.S. officials can enforce are two | different things. You are in violation of ITAR if you send crypto | software from Mexico to Europe over the INTERNET if it is routed | through the U.S.. Think of it like drugs being shipped through the | U.S., the drug lord that sent it throught is just as guilt under U.S. Its worth noting that IP is a packet routing system. It does not use paths or virtual circuits, like ATM or X.25. This means that it is not always possible to predict what route packets will follow. This is especially true of non-interactive protocols like SMTP. I can traceroute to get a good idea of where my ftp packets are going right now, but between the time I do the traceroute, send a mail message, and it actually gets transmitted, a router somewhere along my old path might have died, and my packets, unbeknownst to me, are taking a new path. Thus, if the user in Italy has no reason to expect that their mail to Germany will traverse the US, then I suspect that the US would have a hard time proving any criminal act. Doesn't a criminal act require intent of some type? If IP routing, in conjunction with SMTP, beyond the control of the users, ships packets through the US, I have a hard time believing that that makes those users criminals. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
I am delighted to discover that there is a person in this world who reads the ITAR more broadly than I do. I can see how the ITAR could be read to reach a Frenchman who sends crypto via email to a German that happens, through no fault of his own, to be routed via New York; we might have to talk about whether the scienter requirment would mean that M. Frenchman knew or should have known about the routing. [NB "could be read" does not equal "should be read".] Not even I, however, would imagine that any court anywhere, could read the ITAR or the legislation authorizing it (which is more to the point) as reaching two foreigners talking abroad, neither of whom is a US person. Not only does the US lack the jursidction to make such a rule, it has never sought to make such a rule in any context I am aware of (no, foreign wars don't count). Not even in anti-trust or securities, where the extraterritorial jurisdictional assertions are premised on the effects of the foreign act to the US market... A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin@law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's warm here.
Michael Froomkin writes: : I am delighted to discover that there is a person in this world who reads : the ITAR more broadly than I do. I can see how the ITAR could be read to : reach a Frenchman who sends crypto via email to a German that happens, : through no fault of his own, to be routed via New York; we might have to : talk about whether the scienter requirment would mean that M. Frenchman : knew or should have known about the routing. [NB "could be read" does : not equal "should be read".] : : Not even I, however, would imagine that any court anywhere, could read : the ITAR or the legislation authorizing it (which is more to the point) : as reaching two foreigners talking abroad, neither of whom is a US person. I quite agree that no one can read the Arms Control Export Act as authorizing the definition of export in the ITAR that requires, among other things, that a foreign person get a license that the ACEA says that he can't get, before discloing cryptographic software to another foreign person ``in the United States or abroad''. The ITAR violates not only the first amendment to the United States Constitution, it also violates the separation of powers doctrine. But it still says what it says. (And that is why it is unconstitutional.) -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger@pdj2-ra.f-remote.cwru.edu junger@samsara.law.cwru.edu
On Tue, 7 Nov 1995, Peter D. Junger wrote:
I quite agree that no one can read the Arms Control Export Act as authorizing the definition of export in the ITAR that requires, among other things, that a foreign person get a license that the ACEA says that he can't get, before discloing cryptographic software to another foreign person ``in the United States or abroad''.
The ITAR violates not only the first amendment to the United States Constitution, it also violates the separation of powers doctrine. But it still says what it says. (And that is why it is unconstitutional.) >
[Note that this small disagreement between PDJ and me should not obscure our larger areas of agreement...] To reiterate my point in legalese: any court construing the ACEA would inevitably read the prohibition on "exporting" to a foreign person as not applying where the nation lacks jurisdiction. This is not even a case of applying a construction to save the constitutionality of the statute (since it could well take a narrower construction to do that). It's just common sense, which courts actually resort to on occasion. In short, in this particular case the ACEA, and by extention the ITAR, doesn't "say what it says" it "says what it must mean". This is an important way in which legal parsing differs from compiling... ,,,,, I'd be interested in hearing more about why you say the ITAR violates separation of powers: because it gives the executive branch too much power to define the elements of a criminal offense? A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin@law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's warm here.
Michael Froomkin writes: : On Tue, 7 Nov 1995, Peter D. Junger wrote: : : > I quite agree that no one can read the Arms Control Export Act as : >authorizing the definition of export in the ITAR that requires, among : >other things, that a foreign person get a license that the ACEA says : >that he can't get, before discloing cryptographic software to another : >foreign person ``in the United States or abroad''. : > : > The ITAR violates not only the first amendment to the United States : > Constitution, it also violates the separation of powers doctrine. But : > it still says what it says. (And that is why it is unconstitutional.) > : : [Note that this small disagreement between PDJ and me should not obscure : our larger areas of agreement...] : : To reiterate my point in legalese: any court construing the ACEA would : inevitably read the prohibition on "exporting" to a foreign person as not : applying where the nation lacks jurisdiction. This is not even a case of : applying a construction to save the constitutionality of the statute : (since it could well take a narrower construction to do that). It's just : common sense, which courts actually resort to on occasion. I would admit that a court might do this in an effort to hold the statute constitutional, but a court might also hold the regulations unconstitutional because they are overbroad. Remember, the first amendment is the one area where one has standing to raise facial constitutonal claims even though one's own constitutional rights are not infringed. Consider the case where a foreigner in the United States discloses to another foreigner, and is then prosecuted. Couldn't he raise the point in his defense? (But of course the ITAR as applied to cryptographic software--and that is all that I am talking about--are so unconstitutional in so many different ways that nothing is going to turn on that one issue.) But the real problem--to the extent that there is a real problem--is a more practical one. What happens when some foreign person who has set up a large on-line archive of cryptographic software, in part just to twit the Americans, tries to immigrate to the United States? If he is excluded because he violated the export control laws, is he even going to get a court hearing? And if by some miracle he does get a court hearing, isn't the government going to (i) argue that he was conspiring with some Americans--which would make him indistinguishable from Noriega--and (ii) argue that he has to be covered, because one cannot distinguish his case from that of a foreign person who disclosed cryptographic software within the United States to another foreign person. (Remember, the regulation says ``within the United States or abroad''?) : In short, in this particular case the ACEA, and by extention the ITAR, : doesn't "say what it says" it "says what it must mean". This is an : important way in which legal parsing differs from compiling... : ,,,,, : : I'd be interested in hearing more about why you say the ITAR violates : separation of powers: because it gives the executive branch too much power : to define the elements of a criminal offense? Not that. My point most simply is that the AECA does not say what the ITAR says, and that that is why the language of the ITAR violates the doctrine of separation of powers. Your argument--as I understand it--is that the courts will not construe the ACEA as authorizing the weird and unconstitutional definitions in the ITAR. My point is that the ACEA doesn't authorize the ITAR and that therefore the ITAR is unenforceable on separation of powers grounds. I wrote an article about this twenty-five years ago arguing that the Pentagon Papers case can best be explained as a separation of powers case. In the opinions in that case, Near v. Minnesotta was the most cited case, but Youngstown Sheet and Tube v. Sawyer came in a close second. My conclusion was that when a court is confronted with a hard constitutional issue, the better part of valor is to decide the case on separation of powers grounds, if possible. In Pentagon Papers there was no congressional authority for the injunction sought; in the case of the ITAR there is no congressional authority for the definition of export as it applies to software (as opposed to hardware). -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger@pdj2-ra.f-remote.cwru.edu junger@samsara.law.cwru.edu
[much trimmed in various places] On Tue, 7 Nov 1995, Peter D. Junger wrote:
Michael Froomkin writes: : To reiterate my point in legalese: any court construing the ACEA would : inevitably read the prohibition on "exporting" to a foreign person as not : applying where the nation lacks jurisdiction. This is not even a case of : applying a construction to save the constitutionality of the statute : (since it could well take a narrower construction to do that). It's just : common sense, which courts actually resort to on occasion. I would admit that a court might do this in an effort to hold the statute constitutional, but a court might also hold the regulations unconstitutional because they are overbroad. Remember, the first
Technically, this is holding the regulations ultra vires, not unconsitutional; the difference matters.
amendment is the one area where one has standing to raise facial constitutonal claims even though one's own constitutional rights are not infringed. Consider the case where a foreigner in the United States discloses to another foreigner, and is then prosecuted. Couldn't he raise the point in his defense?
Note the change in fact pattern: now both foreigners are IN the US where indeed they are subject to US law. My bet: the court has no trouble applying the ITAR to these facts and convicting. I agree this is a little silly; but not silly enough to stop it. [The government will argue, and win, as follows: suppose there is no law against murder in either of the nations they come from. Does that mean they can kill each other here?]
(But of course the ITAR as applied to cryptographic software--and that is all that I am talking about--are so unconstitutional in so many different ways that nothing is going to turn on that one issue.)
This issue is now in front of two district judges.
But the real problem--to the extent that there is a real problem--is a more practical one. What happens when some foreign person who has set up a large on-line archive of cryptographic software, in part just to twit the Americans, tries to immigrate to the United States? If he is excluded because he violated the export control laws, is he even going to get a court hearing? And if by some miracle he does get a court
Won't need it. He has committed no offense. If his petition is turned down, he has a right of action.
hearing, isn't the government going to (i) argue that he was conspiring with some Americans--which would make him indistinguishable
Without evidence, they will lose. Even with evidence, not obvious he has done anything wrong.
from Noriega--and (ii) argue that he has to be covered, because one cannot distinguish his case from that of a foreign person who disclosed cryptographic software within the United States to another foreign person. (Remember, the regulation says ``within the United States or abroad''?)
They lose. You distinguish it easily ("Now where exactly was the defendant at the time, Mr. US Atty? Germany? Case dismissed.")
: I'd be interested in hearing more about why you say the ITAR violates : separation of powers: because it gives the executive branch too much power : to define the elements of a criminal offense?
Not that. My point most simply is that the AECA does not say what the ITAR says, and that that is why the language of the ITAR violates the doctrine of separation of powers. Your argument--as I understand
Ah. Terminological confusion. That's not a constitutional violation. It's an agency misconstruing a statute, renderinig the regulations invalid. See the Administrative Procedures Act....
it--is that the courts will not construe the ACEA as authorizing the weird and unconstitutional definitions in the ITAR. My point is that the ACEA doesn't authorize the ITAR and that therefore the ITAR is unenforceable on separation of powers grounds.
I wrote an article about this twenty-five years ago arguing that the Pentagon Papers case can best be explained as a separation of powers case. In the opinions in that case, Near v. Minnesotta was the most cited case, but Youngstown Sheet and Tube v. Sawyer came in a close second. My conclusion was that when a court is confronted with a hard constitutional issue, the better part of valor is to decide the case on separation of powers grounds, if possible. In Pentagon Papers there was
It's too far off topic to pursue any further, but I must take exception to the suggestion that we are well served by separation of powers intruding into other legal domains. Bowsher tells us that causation principles go out the window in SOP cases. That alone makes it radioactive.
no congressional authority for the injunction sought; in the case of the ITAR there is no congressional authority for the definition of export as it applies to software (as opposed to hardware).
A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin@law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's warm here.
I would admit that a court might do this in an effort to hold the statute constitutional, but a court might also hold the regulations unconstitutional because they are overbroad. Remember, the first
Technically, this is holding the regulations ultra vires, not unconsitutional; the difference matters.
I thought Peter was arguing that the separation of powers would be affected? Surely this would be a constitutional question? On the strict ultra-vires question and enforcement on non US citizens may I sugest two hypotheticals? Hyptotheical A: I develop a crypoto system in Geneva and pass the source code to my co-worker. Neither of us have export certificates. Hypothetical B: I set up an anonymous FTP site to recieve PGP from abroad. It arrives and I hand it over to Fred who has agreed to distribute any material. It seems to me that in Hypothetical B I am certainly acting in a manner which a US court might consider to be something the US government might seek to prevent. Effectively I would be trafficing. The fact that I only hand the goods over to non-US citizens would appear to be irrelevant. Defining the precise distinction between what is covered and what is not is difficult. It is easier to draw the boundaries broadly and let the courts decide what is clearly outside the scope. it is not necessarily in the governments interests to have sharply defined lines Phill
On Tue, 7 Nov 1995 hallam@w3.org wrote:
I would admit that a court might do this in an effort to hold the statute constitutional, but a court might also hold the regulations unconstitutional because they are overbroad. Remember, the first
Technically, this is holding the regulations ultra vires, not unconsitutional; the difference matters.
I thought Peter was arguing that the separation of powers would be affected? Surely this would be a constitutional question?
Yes, that's what he said; I don't agree.
On the strict ultra-vires question and enforcement on non US citizens may I sugest two hypotheticals?
Hyptotheical A:
I develop a crypoto system in Geneva and pass the source code to my co-worker. Neither of us have export certificates.
No problem if neither of you are US persons (citizen/green card holder)
Hypothetical B:
I set up an anonymous FTP site to recieve PGP from abroad. It arrives and I hand it over to Fred who has agreed to distribute any material.
No problem if you and fred are non-US persons abroad. Big problem if Fred is in the US...
It seems to me that in Hypothetical B I am certainly acting in a manner which a US court might consider to be something the US government might seek to prevent. Effectively I would be trafficing. The fact that I only hand the goods over to non-US citizens would appear to be irrelevant.
No, even our government doesn't seek to regulate crypto transfers between two foreign persons living outside the US! (It might attempt to get a foreign government to do something, but that's different.) A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin@law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's warm here.
"Peter D. Junger" writes:
: Where the hell did you get that idea? [that the ITAR applies to : foreigners abroad].
From Section 120.17 of the ITAR which provides:
_Export_ means:
. . . .
(4) Disclosing (including oral or visual disclosure) or transfering technical data to a foreign person, whether in the United States or abroad . . . .
That can't possibly be considered under U.S. law to apply to foreigners talking to foreigners abroad, and if you are really a lawyer you should know that the mere fact that the law doesn't mention its jurisdiction doesn't make it unlimited. The statutes of New York State say that I can be prosecuted for running a red light. No where at all do they say that the red light must be in New York State, but I suspect that it would be completely impossible for the NY State attorney general to get any court, in New York State or elsewhere, to hear a case that I violated New York law by running a light in Turkmenistan.
Go read the section that I quoted again. Where is there an exception for foreign persons who happen to be abroad?
Do you actually call yourself a lawyer? You appear to be ignorant of the most basic facts of our legal system -- knowledge that I, as a complete layman, am completely comfortable with. I wouldn't pretend to be able to practice law, but even I can smell utterly insane readings of the regulations. Perry
On Mon, 6 Nov 1995, Peter D. Junger wrote:
Don't blame this on my being a lawyer; blame it on some very sick people in the Office of Defense Trade Controls and in the NSA.
I think it's unfair to call the people at the ODTC and the NSA sick; during the cold war, such restrictions did make some sense; in particular, controlling the export of high-performance encryption hardware does make it harder for other countries to deploy ubiquitous strong encryption, particularly in the less developed countries, and particulalry for chips that required exotic fabrication (the soviet union never had really good mass-production facilities). Controlling software encryption without controlling publication never seemed to make that much sense, except that the lack of ubiquitous encryption probably allowed for lots of realatively non-sensitive intercepts that might otherwise have been impossible, and which may have been useful fuel for analysts. However, now that the cold war is over, and now that fab plants are sprouting up all over the world, these restrictions make a lot less sense than they used to. Their main consequence is to restrict the deployment of strong cryptography world wide, including the United States. Strangely enough this would seem to hurt, not help, the NSA in the most important part of their current mission, which is to help protect US industry against industrial espionage and virtual terrorism, which is a far more pressing threat. It's time for the policy makers at the NSA and GCHQ to realise that they won the war, give the appropriate people OBEs and knighthoods, allow the GCHQ to rejoin the civil service unions and apologise for the insult to their patriotism of their forcible de-unionisation, and above all, concentrate on fighting the real enemy - The French :-) Simon // Wow! Did I really just write all that. Next thing you know, all // be saying sometime nice about Netscape. p.s. I would expect the incoming Labour government to remove the ban on Union membership at GCHQ, with the old guaranteed non-strike agreement. I wonder how many other similar organisations allow employees to belong to unions? I'd guess that the Israeli ones would, mainly because I can't imagine any major Israeli organisation not being unionised :-); I can't picture the CIA or NSA allowing collective bargaining ("America works best when you say Union 0w98bvchgfwer097").
Simon Spero writes: : On Mon, 6 Nov 1995, Peter D. Junger wrote: : : > : > Don't blame this on my being a lawyer; blame it on some very sick : > people in the Office of Defense Trade Controls and in the NSA. : : I think it's unfair to call the people at the ODTC and the NSA sick; : during the cold war, such restrictions did make some sense; in : particular, controlling the export of high-performance encryption : hardware does make it harder for other countries to deploy ubiquitous : strong encryption, particularly in the less developed countries, and : particulalry for chips that required exotic fabrication (the soviet union : never had really good mass-production facilities). The ones I was suggesting are sick are the ones who drafted the definition of ``export'' and of ``technical data'' in the ITAR. Would you consider it more appropriate if I called them perverse? -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger@pdj2-ra.f-remote.cwru.edu junger@samsara.law.cwru.edu
participants (13)
-
Adam Shostack -
djw@pdcorp.com -
hallam@w3.org -
Mats Bergstrom -
Michael Froomkin -
Moroni -
Oliver Huf -
Perry E. Metzger -
Peter D. Junger -
Rich Graves -
Scott Brickner -
Simon Spero -
Sten Drescher