At 03:37 PM 10/16/96 -0800, Timothy C. May wrote:

...

A) This is not a change in the law. There is no law regarding export of encryption software. Congress has never passed any such law. These are State Department regulations, and presidential decrees. These regulations, which have the force of law to you and me, were never debated or voted upon by our elected representatives. They can be changed tomorrow the same way. In fact, they can be changed and the public need not even be notified.

Actually, as Greg Broiles pointed out in an article (on the Cypherpunks list) several weeks ago, Congress deliberately chooses to delegate much regulatory authority to other agencies. There just is not enough time or expertise for them to pass specific laws covering the number and size of trashcans in the national parks, the type of equipment to be used on Navy ships, and so on. The State Department--and soon to be transferred to Commerce--has the regulatory authority to decide which exports are covered by the International Trafficking in Arms Regulations, the ITARs. These rules effectively have the full force of law, as many tens of thousands of laws not specifically passed by Congress have.

I think this is more than a little misleading. While I don't recall the specific note from Greg Broiles you mention, as I recall from other sources so-called "government regulations" were not considered binding on ordinary citizens before the 1930's. The examples you gave ("number and size of trashcans in the national parks [public property], and type of equipment to be used on Navy ships...") are both issues of controlling the activities government employees and departments, not ordinary citizens! It's hard for me to imagine how anyone could consider this distinction sufficiently ignorable as to provide examples as if they were interchangeable. It seems pretty obvious that governments should be able to control their own employees and departments, at least while they're on the job, in the same way that essentially every other employer does. Yet, it is equally obvious that ordinary citizens aren't in the same position as government employees, and there is no reason to assume that the former are to be bound by rules which had applied only to the latter. For just one example, government employees can resign; citizens cannot. It will be claimed that citizens do have to obey the rules: Yes, but they're called "laws," they are passed by legislators who are voted in or out of office by the citizens. (And laws apply to government employees too, or at least they should...) Laws are also publicly debated before they are passed, generally. On the whole, I would say that there is an excellent reason for this healthy distinction between "laws" and "regulations." You stated that it would be difficult for Congress to debate a large number of rules, and you cited "national parks" and the Navy as examples. It wouldn't be easy for Congress to handle this. My answer is, yes, delegation of these matters is reasonable precisely because they are NOT binding on ordinary citizens. And further, I'd point out that assuming you have respect for freedom, you have every reason to fear allowing things with the force of laws to be passed as "easily" as regulations. Some people who say they are REAL LAWYERS (TM) will probably claim, as if on schedule, that I am re-writing the law. No, I am well aware that the SC may have, at some point, have disagreed. Rather, I think we should treat the Supreme Court, on this issue as well as many others, as we would a schizophrenic person that we happen to meet on a city street: We don't think his mumbling is making any sense, but we are well aware of the danger of provoking him so we hold our tongues while in his earshot. Nevertheless, we don't for a minute adopt the opinion that anything we've heard is somehow more worthy of belief, simply because we felt uncomfortable about expressing our opposition for a moment, which is analogous to the SC being able to temporarily enforce its opinion. I certainly sympathize with the REAL LAWYERS (TM). They are, in effect, chained 24 hours per day (so to speak) to that schizophrenic, and can never get away, so they've decided to make a virtue (and, in fact, a business) out of a necessity by adjusting their beliefs to correspond, continuously, to the ravings of that madman. Naturally, they pride themselves on being able to slowly, gently, carefuly change the opinions of that madman, and they succeed occasionally at this task.

(It is true that the ITARs may well end up being overturned by the courts, as the Bernstein and Junger cases proceed, but this could happen to laws passed by Congress, and does.) Also--and I am not an expert on this--some of the basis of the ITARs is closely related to the "Munitions Act," which was, I am almost certain, an actual Act of Congress, some decades back.

OTOH, one of the big complaints we have against ITAR is that it seems to be constantly re-interpreted. While I certainly won't claim that this is never true of Congress-made laws, it tends to be more difficult to pass a law, and once passed, to sneak a new interpretation in. Somehow, I don't think that it would have been possible to stretch a "Munitions Act" into a rule which would prohibit the export of a a Web-browser like Netscape that happens to have a hole in it for crypto.

Certainly Congress knows full well what the ITARs are about, and could change them if it thought the State Department or Commerce Department were overstepping their bounds. (As it may do, some day. Not this term, obviously. "Pro-Code" got tabled, so Congress effectively spoke.)

(Understand that I am not arguing in favor of the ITARs, nor their application to crypto, just taking issue with Marshall's opening point that the ITARs are not real laws. I mostly believed they were real laws before, but Greg Broiles' analysis several weeks ago cinched it for me.)

How did I miss that miraculous revelation? B^) Jim Bell jimbell@pacifier.com