Re: Crippled Notes export encryption

Dan Weinstein writes:
m5@dev.tivoli.com (Mike McNally) Wrote:
Dan Weinstein writes:
By the way, I really think Netscape should simply ship Jeff and other people to the Amsterdam office...
Wrong, this would be a violation of ITAR.
I don't understand; are you saying Jeff's brain is a munition under the ITAR?
I forget how it is termed in ITAR, but expertise can't be exported either.
Uhh, I'd like a second opinion please doc. Are you suggesting that whenever anybody with cryptographic expertise (like, maybe, anybody on this mailing list) leaves the country we're in violation of munitions export laws? Is somebody who knows how to build a rocket in the same boat?
like I suggested before any programers who gained their knowledge of crypto programing in the U.S. and then went abroad and developed crypto software would be in danger of prosecution under ITAR if they ever returned to the U.S..
This sounds fishy to me. I don't recall reading anything to suggest that export of cryptographic software (or any other munition) requires that the stuff be *used* outside the US for an offense to be committed; why should export of a cryptographer's wetware be any different? Either the expertise leaves the country or it doesn't, I'd think. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mike McNally writes: : Uhh, I'd like a second opinion please doc. Are you suggesting that : whenever anybody with cryptographic expertise (like, maybe, anybody on : this mailing list) leaves the country we're in violation of munitions : export laws? No, but only because there is an express exception in the ITAR: Section 120.17 of the ITAR provides: _Export_ means: (1) Sending or taking a defense article out of the United States in any manner, except by mere travel outside the United States by a person whose personal knowledge includes technical data; . . . . : Is somebody who knows how to build a rocket in the same boat? Yes. But in one way the case may be worse for you cryptographers if you actually carry source code--or machine code--around inside your head. For in the _Karn_ case the government has argued that source and machine code are _not_ technical data, but are defense articles. So, unless you first erase that portion of your memory that contains the C code for implementing the RSA algorithm, you commit a felony--a million dollar fine and ten years in jail max--if you step outside the United States without first obtaining a license from the Office of Defense Trade Controls. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger@pdj2-ra.f-remote.cwru.edu junger@samsara.law.cwru.edu

Peter D. Junger writes:
But in one way the case may be worse for you cryptographers if you actually carry source code--or machine code--around inside your head. ... So, unless you first erase that portion of your memory that contains the C code for implementing the RSA algorithm ...
No problem. I can drink myself into a stupor, kill the brain cells, and then be happily assured that I can just flip open the copy of Schneier I'll carry openly under my arm and recall the algorithms from there. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
participants (2)
-
m5@dev.tivoli.com
-
Peter D. Junger