At 01:10 PM 4/27/96 -0700, William Knowles wrote:

Yikes,

Tell me that conspiracy to break ITAR isn't grounds for becoming arms trafficker #1

I don't even have the latest version of the shortened Perl-RSA code back from the screenprinters.

I thought of a method of exporting encryption code that doesn't require an export license, but better yet makes some _deserving_ soul a criminal. (In hindsight, it seems obvious, although I don't recall seeing it discussed.) Basically, you take advantage of the fact that on the Internet, incorrectly-addressed email is often/usually returned to what appears to be the sender. For example, send PGP source, split into appropriately-sized chumks, to somebody like bigshot@nsa.com. Mis-spell his name, of course, and forge the note so that it appears to be coming from some out-of-country address. His ISP's system's email software sees the bad address, "returns" it, and it's sent to that out-of-US location. Keep the messages as evidence; forward them to the appropriate prosecutor, who is stuck between a rock and a hard place: Either he prosecutes a "good guy," or he fails to prosecute an unauthorized encryption exporter and thus sets up a bad precedent. Jim Bell jimbell@pacifier.com