Re: Spam the Sign!
Jeff Simmons <jsimmons@goblin.punk.net> said...
Then suppose you hand software to MIT to put on its export-controlled ftp site (which would seem to follow your requirements to take reasonable precautions to observe the ITAR, etc.) and you don't do the nudge, nudge, wink, wink - BUT you know that it's going to be available on major ftp sites in Europe within a few hours anyway. The intent to export isn't there, but the export occurs anyway. Is it the intent, or the knowledge that's important?
Obviously the intent, or the MIT server would be in jail.
So I demonstrate lack of intent to export, by following MIT's model when I set up my own 'export controlled' ftp server. Am I safe? Or do I need a note from the NSA or somebody to do this? And if I do need somebody or something's 'permission', and they refuse to give it, aren't they using ITAR to restrict the distribution domestically? Do I have any options in this case other than to give up?
Or, to bring it down to a practical question, what's stopping Netscape? How does Netscape setting up an 'export controlled' ftp site based on the MIT version lead to one of their executives going to jail?
I have the feeling that we're talking about two different things here - the law as it's practiced in the courtroom and the law as it's practiced on the 'streets'. Obviously, the fact that I feel I'm doing something 'legal' won't help much if the government decides to do a Phil Zimmerman on me. But I would be interested in your comments.
I very much agree with the direction you appear to be headed in. It seems to me that Netscape should have no problem devising some sort of scenario in which such a program eventually gets onto the nets, but in a way that is squeaky clean, at least for THEM. In addition, why should they even need to write the encrytion part of their software IN the US? It occurs to me that one way to do this might be to send one of their programmers to a conveniently-located place, such as Vancouver BC , Montreal Canada, or a few other nearby places, with a great deal of fanfare, and tell him to "write some crypto." He does, and brings it back into the US with him, leaving a copy of it "outside" the country for international distribution.
Jeff Simmons <jsimmons@goblin.punk.net> said...
Then suppose you hand software to MIT to put on its export-controlled ftp site (which would seem to follow your requirements to take reasonable precautions to observe the ITAR, etc.) and you don't do the nudge, nudge, wink, wink - BUT you know that it's going to be available on major ftp sites in Europe within a few hours anyway. The intent to export isn't there, but the export occurs anyway. Is it the intent, or the knowledge that's important?
What's important to the government is that the crypto not be exported. If Netscape did this, the government might try to take them to court to make an example of them, or might leave them alone to support the information superhighway, or might refuse to ever buy any Netscape, or whatever. The point for Netscape is than none of these are good for the corporation.
Or, to bring it down to a practical question, what's stopping Netscape? How does Netscape setting up an 'export controlled' ftp site based on the MIT version lead to one of their executives going to jail?
Maybe their executives don't want to deal with the possibility of going to jail and are staying far from the edge of the law. Maybe they are too busy trying to find some way to make money.
I very much agree with the direction you appear to be headed in. It seems to me that Netscape should have no problem devising some sort of scenario in which such a program eventually gets onto the nets, but in a way that is squeaky clean, at least for THEM.
But why would they want to risk this? As squeeky clean as it is, we now all know that they know that making it available this way is exporting it. It's also possible that one of the people who took part in it would turn State's evidence, or that this would result in a loss of shareholder confidence, or that the people running Netscape support the government position, or even that they just don't want the controversey.
In addition, why should they even need to write the encrytion part of their software IN the US? It occurs to me that one way to do this might be to send one of their programmers to a conveniently-located place, such as Vancouver BC , Montreal Canada, or a few other nearby places, with a great deal of fanfare, and tell him to "write some crypto." He does, and brings it back into the US with him, leaving a copy of it "outside" the country for international distribution.
This is illegal as well. The programmer is exporting the cryptosystem, and may even be guilty of treason (probably not). If you really want strong crypto, just buy it fom one of the hundreds of legitimate overseas suppliers. If you want to export strong crypto Netscape, rewrite Netscape outside the US. It's not that complex a program. -- -> See: Info-Sec Heaven at URL http://all.net/ Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
On Thu, 23 Nov 1995, jim bell wrote:
deal of fanfare, and tell him to "write some crypto." He does, and brings it back into the US with him, leaving a copy of it "outside" the country for international distribution. As long as the programmer's not American. They could contract it to a Canadian though. We don't have freeware export restrictions on non-US crypto, but I'm none too clear about everything else. All the same why not contract it to Eric Young or whoever it is who's doing an independent version of SSL (or whatever it's called) Down Under (was it Australia or NZ?) ? I don't see why geography's a problem.
On Thu, 23 Nov 1995, jim bell wrote:
Jeff Simmons <jsimmons@goblin.punk.net> said...
[SNIP]
I have the feeling that we're talking about two different things here - the law as it's practiced in the courtroom and the law as it's practiced on the 'streets'. Obviously, the fact that I feel I'm doing something 'legal' won't help much if the government decides to do a Phil Zimmerman on me. But I would be interested in your comments.
On Thu, 23 Nov 1995, jim bell wrote:
I very much agree with the direction you appear to be headed in. It seems to me that Netscape should have no problem devising some sort of scenario in which such a program eventually gets onto the nets, but in a way that is squeaky clean, at least for THEM.
In addition, why should they even need to write the encrytion part of their software IN the US? It occurs to me that one way to do this might be to send one of their programmers to a conveniently-located place, such as Vancouver BC , Montreal Canada, or a few other nearby places, with a great deal of fanfare, and tell him to "write some crypto." He does, and brings it back into the US with him, leaving a copy of it "outside" the country for international distribution.
<attila sez> I think they have that one covered --not only is it violation of ITAR's intent to send a programmer out of the U.S., but is illegal to hire a foreign national to program for your non-U.S. products. the test is going to be with someone like Sun who "bought" a group of Russian crypto programmers and left them in Russia. Now, the problem with ITAR is that if you import that code, you can not then export the code since it is now covered by ITAR. secondly, it appears there is a move afoot to make it an ITAR violation to hire the foreign nationals to circumvent ITAR --basically, the Feds want to stop cryptography _everywhere_, including telling Russians they can not work for U.S. companies! Just where do they think they are getting off? then, when ALL hitech moves out of the U.S. and the DoD needs us, we will not be here, will we?
On Fri, 24 Nov 1995, attila wrote: [....]
the test is going to be with someone like Sun who "bought" a group of Russian crypto programmers and left them in Russia. Now, the problem with ITAR is that if you import that code, you can not then export the code since it is now covered by ITAR.
[....] I've heard this story several times from many different people. Anyone have any evidence that it's true? (My friends at Sun say they haven't heard the story, but don't work in the parts that would have necessarily heard it.) A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin@law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's warm here.
On Fri, 24 Nov 1995, Michael Froomkin wrote:
I've heard this story several times from many different people. Anyone have any evidence that it's true? (My friends at Sun say they haven't heard the story, but don't work in the parts that would have necessarily heard it.)
It sounds like something I heard from John Gage, though the rumors may be getting conflated with Suns purchace of the entire Soviet super-computer industry in (I think) '92.
participants (6)
-
attila -
fc@all.net -
jimbell@pacifier.com -
Michael Froomkin -
s1113645@tesla.cc.uottawa.ca -
Simon Spero