Re: Exports and criminalizing crypto
From: Adam Back <aba@dcs.ex.ac.uk> John Smith <jsmith58@hotmail.com> writes:
Getting rid of these export restrictions would produce an explosion of Cypherpunk style crypto software. It is a big win.
I disagree.
Cypherpunk (freeware) crypto isn't hardly hindered at all by EAR export nonsense.
You reference Ian Goldberg claiming to have to work on crypto during trips to Canada. I think he was just trying to make a political point. I submit that he could write and publish all the crypto he wants in the US (on one of those "export controlled" sites). It will get illegally exported in no time at all. Where's the problem?
That's easy for you to say, there in England. You don't have these export controls, right? How can you say what Ian Goldberg should do. I think he was not just making a political point. From what he said, he really does not release crypto from inside the US. Only when he goes to Canada, which isn't that often. I'll bet he could be releasing 3x more crypto if we didn't have the export laws. Is he on this list? Let's hear what he has to say.
William Geiger has PGP on a non-export controlled site, and the export bods haven't said a word, so it's not even clear that they care about freeware at this point.
PGP is a special case because it is already out there everywhere. Still the example of Phil Zimmerman is a good one. Even though he got away with it eventually, they showed how they can make your life hard. Probably the only reason he didn't get charged was because they couldn't prove anything. Not many people are going to be willing to take that chance. William Geiger and a few others may be exceptions, but most people won't openly break a law which has strong penalties like this. There is nothing to stop te authorities from prosecuting William Geiger and even threatening him with jail. There is no guarantee that he will become another Zimmerman and get all kinds of donations and support. A lot of hackers thought they'd be heros but ended up doing time. Read that letter from Jim Bell if you want to see how different things look once the government comes down on you.
Also your claim that the FBI is defeated, and that safe is a good idea. Disagree also.
1) SAFE has lots more hurdles to pass before it gets to be law.
Yes, I said that. It probably won't go anywhere this term. The big question will be what happens next year. But after all the opposition which came out, from practically every interest group there is, I am sure that there is no way domestic controls on crypto are going to pass. Even with the CDA there was not this much united opposition. Car companies and phone companies didn't fight the CDA. Religious right didn't fight the CDA. CDA passed, remember? FBI's bill did not. And all the opposition came together in a few days. Nobody was ready for this. Next year there will be more time to organize, and the opposition should be even stronger.
2) If it does get to be law, you won't like the modifications that are made to it by that stage.
That depends. The law may still be good. Who cares about this crypto center. That's just another boondoggle. The main thing is getting the export laws changed.
3) Crypto-in-a-crime US domestic restrictions are a _bad thing
Stupid, yes, but not that big a deal. Everyone will have crypto so every crime will use it. Wouldn't it be better to have a world where every phone was encrypted? So what if they add crypto-in-a- crime to every crime where somebody used a phone to plan it. It's not like people aren't going to use phones, or they're going to turn off the crypto. It really won't have any effect on anybody, except maybe make some prison terms longer. That's not my issue, how long prison terms should be. I want to be able to use crypto. I hope this stupid mailer doesn't chop off my message again. "John ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
John Smith <jsmith58@hotmail.com> writes:
Adam Back <aba@dcs.ex.ac.uk> writes:
You reference Ian Goldberg claiming to have to work on crypto during trips to Canada. I think he was just trying to make a political point. I submit that he could write and publish all the crypto he wants in the US (on one of those "export controlled" sites). It will get illegally exported in no time at all. Where's the problem?
That's easy for you to say, there in England. You don't have these export controls, right?
We have different export controls. You can export what you want electronically right now. And, so I hear, the exporter is defined as the person who downloads from your web site, so lots of hits from Iraq is no problem. Start to talk about tangible things and you require a license. You can get export licenses for strong crypto, 128 bit etc, just the spooks like to know what's going on, who you're selling to etc. I think it probably depends who you're exporting to, etc, etc. Ie I don't know that the results are publically published, nor reasons for rejections, etc. so I don't really know how it works out in practice. Interestingly perhaps all the T-shirts with the .sig on them I have been exporting to Russia, France, Peru, Brazil, etc. (could someone from Iraq order one -- that'd be fun) are probably export violations from the UK too. I mean it has crypto on it, and it is tangible, and I haven't asked for permission. (I'm sure they would grant permission, but I guess technically I'm supposed to ask them).
How can you say what Ian Goldberg should do.
Does do. He wrote a loop back crypto driver for linux. It's available on the cypherpunks ftp site at berkeley. It's also available at the Italian crypto ftp site. I was presuming he wrote it in the US, as his instructions include a for export version with the crypto chopped out and instructions on how to put it back in. Anyway, let's see. Other people write crypto code in the US. They set up a revolving directory or some other check. MPJ had such a site. People do this with no legal problems, even Netscape does it with US government official approval. So clearly it's not illegal. Anyway, for freeware crypto, it gets illegally exported (presumably by third parties) and openly mirrored outside the US. So where is the problem that is holding up freeware crypto? Actually there are less direct problems, such as loss of interactive collaboration from non-US contributors, etc. But you see my point I hope.
William Geiger has PGP on a non-export controlled site, and the export bods haven't said a word, so it's not even clear that they care about freeware at this point.
PGP is a special case because it is already out there everywhere.
So you're going to export it too?
Still the example of Phil Zimmerman is a good one. Even though he got away with it eventually, they showed how they can make your life hard. Probably the only reason he didn't get charged was because they couldn't prove anything.
I think it most likely that it was because it wouldn't have been in their interests due to negative publicity, Zimmermann was a folk hero by then. Course nobody knows the official reason, not even Zimmermann himself. His lawyer knows, but the condition of knowing is not being allowed to tell other people the reason, so PRZ chose not to know.
Not many people are going to be willing to take that chance. William Geiger and a few others may be exceptions, but most people won't openly break a law which has strong penalties like this.
No? This program is officially not exportable according to USG. Prof Peter Junger obtained a written decision stating this to be non-exportable: #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/) I've seen lots of people export it. Actually the export rate has picked up a bit since Junger obtained that excellent result.
A lot of hackers thought they'd be heros but ended up doing time. Read that letter from Jim Bell if you want to see how different things look once the government comes down on you.
Really I agree. Jim Bell is a different case, possibly more to do with these common law courts he was apparently involved in, and various IRS arguments, but perhaps also to do with his essays describing betting pools to remove congress-critters. I wasn't suggesting Ian should violate the export regulations. Rather that it's not a problem because interesting software invariably gets exported anyway. So let someone else do the exporting, or importing, or whatever happens..
But after all the opposition which came out, from practically every interest group there is, I am sure that there is no way domestic controls on crypto are going to pass.
Could be. Hope you're right. The other less favourable example is the phone tapping regs they bought in, and the clipper chip. Clipper chip was the classic, they all voted against it, so Klinton brought it in as a government standard by presidential decree. Adam -- Now officially an EAR violation... Have *you* violated EAR today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
At 14:54 -0700 9/25/97, John Smith wrote:
passed, remember? FBI's bill did not. And all the opposition came together in a few days. Nobody was ready for this. Next year there will be more time to organize, and the opposition should be even stronger.
Of course the CDA was not necessary for national security. It would not prevent the U.S. Capitol building from being blown up.
That depends. The law may still be good. Who cares about this crypto center. That's just another boondoggle. The main thing is getting the export laws changed.
The main thing is preserving freedoms, both to use and export crypto. Restrictions on use are not reasonable tradeoffs for relaxation of export ctrls. Also the coalition that came together can be fragmented if the domestic restrictions are more subtle or go after individuals instead of businesses. Your blind faith in the U.S. Congress is touching, but hardly realistic. -Declan
On Thu, 25 Sep 1997, John Smith wrote:
From: Adam Back <aba@dcs.ex.ac.uk> John Smith <jsmith58@hotmail.com> writes:
Getting rid of these export restrictions would produce an explosion of Cypherpunk style crypto software. It is a big win.
I disagree.
Cypherpunk (freeware) crypto isn't hardly hindered at all by EAR export nonsense.
At some point it isn't hindered. But the process is complex since if the export can be traced, the exporter can be harrassed. How much crypto did Phil Zimmerman write while he was under investigation? And why didn't a pgp 5.0 come out from outside of the US since the 2.6.2 base was already there? It is in no one's interest to become the victim of a governmental investigation (even Bernstein sued *before* publishing). All the free crypto "leaks" out because of the impossibility of control. But it is a hinderance since I can't simply place code on my web page and point everyone at it. As to SAFE, whether it will pass and in what form, I can't be sure. I also can't be sure that a domestic crypto ban would have been introduced without SAFE being there (though I suspect the FBI already had something - there was no anti-CALEA bill before CALEA). As far as interpretations go, the courts often tend to the bizzare, so I can't be sure what they would uphold. Taking the most pessimistic view would have predicted Bernstein would have lost. --- reply to tzeruch - at - ceddec - dot - com ---
participants (4)
-
Adam Back -
Declan McCullagh -
John Smith -
nospam-seesignature@ceddec.com