Borders *are* transparent
At 5:51 AM 7/18/96, snow wrote:
On Tue, 16 Jul 1996, David Sternlight wrote:
At 04:18 PM 7/15/96 -0700, sameer wrote:
Not like that's tough to figure out. Congrats. It's cool to actually be able to connect to my webserver using real encryption. Glad the lawyers don't think Barksdale is going to jail anymore. I'm glad too. So how many minutes did it take to leak overseas? It doesn't "leak overseas" as if there were some regrettable lapse in the
At 3:36 AM -0700 7/16/96, Duncan Frissell wrote: plumbing. Someone has to commit a felony violation of Federal law.
No they don't. If they are French, Russian, English, Greek, etc. They _may_ be violating their countries laws, but they are not necessarily violating ours.
This is a terribly important point: if a citizen of Foobaria succeeds in connecting to the Netscape site--perhaps by experimenting with various combinations of domain names and submitted address/zipcode combinations--and Netscape sends him the file, he has not committed a crime in his own country. (Unless they have their own laws....) Ironically, under the ITARs, as I understand them, a citizen of Foobaria who "exports" (= retrieves from Netscape's site) such materials actually *has* violated our ITARs. (It is possible for persons outside the U.S. to violate U.S. laws, of course. You can all imagine examples.) Prosecuting a person in Foobaria for violating U.S. ITAR regs would of course be problematic, and unlikely. Likewise, much "export-controlled" software is freely purchasable without any form of identification or proof of citizenship/residency in any of thousands of U.S. software stores. (I don't know if the copies of Netscape Navigator on the shelves in U.S. stores are now the "U.S." version, as opposed to be a somwhat-crippled version, but I sure do know that a *lot* of nominally-export-controlled software _is_ freely purchasable.) Much of this software goes out of the country in luggage. In my various flights out of the U.S. over the years, never have my bags been so much as glanced at, except presumably for bombs with sniffers, scanners, etc. Further, I have mailed optical disks out of the country--a single one of these can store a whole lot of stuff. (As I said in a 1992 interview, a DAT is like a shoulder-fired Stinger missile.) On a trip to France and Monaco last year, I deliberately carried several optical cartridges and couple of DATs, all crammed with software, PGP, RSADSI's MailSafe, Mathematica, etc. To make a point, and as props for my talk on crypto anarchy. Certainly there was no checking on the way out at SFO, and no checking whatsoever at Charles de Gaulle in Paris. (On my return trip, the bored inspector in San Francisco asked what my purpose in being overseas has been. Had I said "tourism" I would've been waved through. Instead, for interest, I said "Meeting with Russian cryptographers in Monte Carlo," just to see what would happen. He asked me what "cryptographers" are or do... "They make secret codes." He then waved me through. Sigh.) None of this is surprising, of course. Borders _are_ transparent. There are so _many_ degrees of freedom for getting stuff across borders. The hope that a bunch of *bits* can be stopped in ludicrous. _This_ is why I expect the Netscape beta to arrive overseas pretty soon. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
At 11:24 AM -0700 7/18/96, Timothy C. May wrote:
This is a terribly important point: if a citizen of Foobaria succeeds in connecting to the Netscape site--perhaps by experimenting with various combinations of domain names and submitted address/zipcode combinations--and Netscape sends him the file, he has not committed a crime in his own country. (Unless they have their own laws....)
Incorrect. Netscape Navigator is as much commercial software as Microsoft Word, It is NOT freeware and if he pirates it without permission he's at least in violation of copyright which almost every country is a signatory to. Where I come from we call that "theft". Your ethics may vary in California.
Likewise, much "export-controlled" software is freely purchasable without any form of identification or proof of citizenship/residency in any of thousands of U.S. software stores.
True, but you have to agree to the licensing warning on the box (and let's not do the tired shrink-wrap licensing argument again, please--it's on the outside of the box).
(I don't know if the copies of Netscape Navigator on the shelves in U.S. stores are now the "U.S." version,
Yes.
as opposed to be a somwhat-crippled version, but I sure do know that a *lot* of nominally-export-controlled software _is_ freely purchasable.)
That no more gives you the legal right to violate ITAR after purchasing, or violate the license terms, than buying fertilizer gives you the legal right to make bombs in violation of the AT&F code. (No wise-guy complaints about how software isn't a bomb--though some I've bought clearly is :-). It's an analogy about principles, not function.)
Much of this software goes out of the country in luggage. In my various flights out of the U.S. over the years, never have my bags been so much as glanced at, except presumably for bombs with sniffers, scanners, etc. Further, I have mailed optical disks out of the country--a single one of these can store a whole lot of stuff.
I didn't say you couldn't do it. In fact I said the opposite--that I had no doubt it would leak. My point was that it wouldn't become mass-market software overseas because the leakers would be violating ITAR or copyright, or licensing and thus couldn't get away with selling or giving away the result at scale overseas. As Jeff pointed out, getting a licensed copy of Navigator does NOT include redistribution rights (unless you buy a site license directly from them--and they won't sell a site license for the US version for overseas use in violation of ITAR). In this respect it is significantly different from PGP or RSAREF. for which there ARE at least some redistribution rights under the license.
On a trip to France and Monaco last year, I deliberately carried several optical cartridges and couple of DATs, all crammed with software, PGP, RSADSI's MailSafe, Mathematica, etc. To make a point, and as props for my talk on crypto anarchy. Certainly there was no checking on the way out at SFO, and no checking whatsoever at Charles de Gaulle in Paris.
"Nyaah, nyaah, you can't catch me" doesn't mean that if they do they won't prosecute. Your waving around that stuff in France is not only juvenile, but also may put you in violation of French crypto law. That you can get away with 80 in a 55 mile zone until the cops see you doesn't mean 80 is legal nor that everyone else can do it with impunity.
(On my return trip, the bored inspector in San Francisco asked what my purpose in being overseas has been. Had I said "tourism" I would've been waved through. Instead, for interest, I said "Meeting with Russian cryptographers in Monte Carlo," just to see what would happen. He asked me what "cryptographers" are or do... "They make secret codes." He then waved me through. Sigh.)
There's no law against meeting, and customs inspectors aren't expected to launch interrogations to see what you told them if you're not on some watch list. Like many laws, this one might be used if something egregious happens. If the Russian got caught later with US Netscape by French authorities, and it came to the attention of US authorities that he said "Tim May gave it to me", THEN you might expect to "assist the police with their enquiries".
None of this is surprising, of course. Borders _are_ transparent. There are so _many_ degrees of freedom for getting stuff across borders. The hope that a bunch of *bits* can be stopped in ludicrous.
Again you make the long-discredited straw man argument that the purpose of ITAR is to hermetically seal. It is not. It is to keep legitimate US mass market purveyors from selling strong crypto overseas, and to provide a means to punish those who are caught violating it. I'm sure there are lots of tax cheaters. That doesn't mean the IRS code should be abolished (though I'd like to see massive simplification for other reasons). I'm sure there are still thieves. That doesn't mean we should make theft legal. I'm sure there are still those who cannot read. That doesn't mean teaching reading is useless or silly or should be stopped.
_This_ is why I expect the Netscape beta to arrive overseas pretty soon.
Nobody disputes that. It won't be readily available though, except for those who have no compunctions about software piracy. David
Timothy C. May wrote:
Likewise, much "export-controlled" software is freely purchasable without any form of identification or proof of citizenship/residency in any of thousands of U.S. software stores. (I don't know if the copies of Netscape Navigator on the shelves in U.S. stores are now the "U.S." version, as opposed to be a somwhat-crippled version, but I sure do know that a *lot* of nominally-export-controlled software _is_ freely purchasable.)
The retail version of Netscape Navigator sold in US stores has been the US version for almost a year now. The first run were the export version, because the marketing people thought it would be easier. When I explained the issue, they made the change to the stronger US version immediately. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
participants (3)
-
David Sternlight -
Jeff Weinstein -
tcmay@got.net