Please make stable NON-US homes for strong crypto projects
I'm usually not forwarding messages from cryptography@ here, but this one is an exception. ---------- Forwarded message ---------- Date: Sat, 15 Sep 2001 00:32:12 -0700 From: John Gilmore <gnu@toad.com> To: cryptography@wasabisystems.com, gnu@toad.com Subject: Please make stable NON-US homes for strong crypto projects It's clear that the US administration is putting out feelers to again ban publication of strong encryption. See: http://www.wired.com/news/politics/0,1283,46816,00.html The evil gnomes who keep advancing unconstitutional US anti-crypto policies know that the current hysteria in Congress and the Administration will not last forever. So they will probably move very quickly -- within a week is my guess -- to re-control encryption, either by a unilateral action of the Administration (by amending the Export Administration Regulations), or by stuffing a rider onto some so-called "emergency" bill in Congress. They maneuvered very carefully in the Bernstein case such that there is no outstanding injunction against violating the Constitution this way -- and even no binding 9th-Circuit precedent that tells them it's unconstitutional to do so. They know in their hearts that numerous judges have found it unconstitutional, but they have proven throughout the seven-year history of the case that they don't give a damn about the Constitution. Which means it may take weeks, months or years for civil liberties workers to get a judge to roll back any such action. Not just days. We won the case, but they squirmed out of any permanent restrictions -- so far. The US government has a new mania for wiretapping everyone in case they might be a terrorist. There's already two bills in Congress to make it trivial for them to wiretap anybody on flimsy excuses, and to retroactively justify their precipitous act of rolling Carnivore boxes into major ISPs this week and demanding, without legal authority, that they be put at the heart of the networks. See: http://www.politechbot.com/docs/cta.091401.html Even more than before, we will need good encryption tools, merely to maintain privacy for law-abiding citizens, political activists, and human rights workers. (In the current hysteria, mere messages advocating peace or Constitutional rights might best be encrypted.) The European Parliament also recently recommended that European communications be routinely encrypted to protect them from pervasive US Echelon wiretaps. Some US developers, who thought such a reversal would never happen, have built or maintained a number of good open source encryption tools in the United States, and may not have lined up solid foreign maintainers or home sites. LET'S FIX THAT! We need volunteers in many countries to mirror current distributions, CVS trees, etc. We need volunteers to also act as maintainers, accepting patches and integrating them into solid releases. (Note that too many countries have pledged to stand toe-to-toe with the US while they march off to make war on somebody they can't figure out who it is yet. If you live in one of those countries, you may suddenly find that your own crypto regs have been sneakily altered. Take care that each useful package has maintainers and distribution points in diverse countries.) I haven't kept close track of which packages are in danger. I suggest that people nominate packages on this mailing list, and that others immediately grab mirror copies of them as they are nominated. And that some of those who mirror them keep quiet, in case hysterical governments make a concerted effort to stamp out all copies and/or all major distribution sites. If you aren't the quiet type, then *AFTER* IMMEDIATELY PULLING A COPY OF THE CODE OUTSIDE US JURISDICTION, announce your mirror on this mailing list. We freedom-loving US citizens have had to rely on the freedom-loving citizens of saner countries, to do the work of making strong encryption, for many years. We had a brief respite, which we will eventually resume for good. In the meantime, please let me apologize for my countrymen and for my government, for asking you to shoulder most of the burden again. Thank you so much. John Gilmore PS: Companies with proprietary encryption packages might consider immediately open-sourcing and exporting their encryption add-ins, so their customers can still get them from overseas archives. Or taking other actions to safeguard the privacy and integrity of their customers' data and their society's infrastructure. I also advise that they lobby like hell to keep privacy and integrity legal in the US. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
participants (1)
-
Eugene Leitl