State Dept Response to my second CJ request
United States Department of State Bureau of Politico-Military Affairs Office of Defense Trade Controls Washington, DC 20522-0602 May 11, 1994 [stamped] In reply refer to ODTC Case: CJ 081-94 YOUR LETTER DATED: March 9, 1994 REQUEST FOR COMMODITY JURISDICTION DETERMINATION FOR: "Applied Cryptography Source Code Disk" Your commodity jurisdiction (CJ) request was referred to the Departments of Commerce and Defense and the National Security Agency for their review and recommendations. As a result, the Department of State has determined that the subject source code disk is subject to the licensing jurisdiction of the Department of State in accordance with the International Traffic in Arms Regulations (22 CFR 120 through 130). This article is designated as a defense article under category XIII(b)(1) of the United States Munitions List. Licenses issued by this office are required prior to export. The text files on the subject disk are not an exact representation of what is found in "Applied Cryptography." Each source code listing has been partitioned into its own file and has the capability of being easily compiled into an executable subroutine. The subject disk contains source code listings for each of the following cryptographic algorithms: Vigenere, Beauford, Enigma, DES, Lucifer, NewDES, FEAL-8, FEAL-NX, REDOC III, LOKI 91, IDEA, N-HASH, MD5, Secure Hash Algorithm (SHA), and Secret Sharing. Also, the subject disk contains source code listings for certain algorithms that would not be exportable if they were incorporated int a product. The intended use of this source code disk, as stated in your CJ request, is to provide code for those who wish to incorporate encryption into their applications. There are fourteen (14) separate source code files that amount to thousands of lines of easily executable code contained on the subject disk. This is certainly an added value to any end-user that wishes to incorporate encryption into a product. Should you require further assistance on this matter, please contact Tom Denner at (703) 875-7041. Sincerely, [signed] William B. Robinson Director Office of Defense Trade Controls Phil Karn 7431 Teasdale Ave San Diego, CA 92122
Phil Karn writes:
Bureau of Politico-Military Affairs
^^^^^^^^^^^^^^^^^^^^^^^^^^^^ I thought this was a joke at first!
Each source code listing has been partitioned into its own file and has the capability of being easily compiled into an executable subroutine.
So the only thing protecting our national security is the hurdle of typing ^X-W a few times? Oh boy.
The subject disk contains source code listings for each of the following cryptographic algorithms: Vigenere, Beauford...
Duhh. Looks like you gotta get up pretty early in the morning to fool these guys...
Also, the subject disk contains source code listings for certain algorithms that would not be exportable if they were incorporated int a product.
But they of course *would* be exportable if they were printed in a form ready to be scanned. Brilliant.
This is certainly an added value to any end-user that wishes to incorporate encryption into a product.
...and so of *course* we can't help them out. Better make them wait until somebody scans or manually types in exported printed versions the stuff and makes it available for ftp. That'll teach 'em to toy with Uncle Sam! -- | GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5@tivoli.com> | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |
Duncan Frissell says:
So obviously the next step is to put the source code in one big text file...
I'd say the obvious next step is a lawsuit -- at this point there is standing and little point in accomodating the clowns. I've already offered Phil a donation towards this suit, and if he chooses to pursue it I encourage others to donate money towards it as well. In my opinion there is no more important action this year in the area of cryptography than Phil's export license request. Perry
Carl Ellison says:
I'd donate toward a lawsuit. How much $$ is involved?
I think the question is premature, but the intention isn't. We ought to give Phil a few days to figure out what his future strategy is. Meanwhile, anyone with contacts at EFF ought to emphasize to Mike Godwin and others there the importance of this particular opening -- by potentially giving Phil standing to sue on the clearest conceivable case, in which their position is the most clearly indefensible, they've produced a clear opening to shatter export control over software published on the internet in court. Perry
I think the question is premature, but the intention isn't. We ought to give Phil a few days to figure out what his future strategy is.
What you said. Thanks for all the expressions of support. At this point the best thing to do is to talk to all the lawyers who know this stuff to decide what to do next. What may seem cut-and-dried to us laymen usually isn't to a lawyer. If you really want to contribute and can't wait, EFF already has a cryptography defense fund. I've given to it myself, and suggest that others do too. Phil
(as a quick asside, what are the current whereabouts of a public key server usable by someone in the US/PKP Empire?) Pot-fund for a lawsuit huh? :-) Seriously, what would the basis of a lawsuit be? I assume it would be the "Phils" (if Phil Karn were interested in perusing this) vs. U.S. with the general claim being that the U.S. govt. was unfairly restricting commerce and trade. Of course, their argument would be that it's a matter of national security. To this the counter argument would run along the lines of: "Exactly WHAT encryption algorithms, here, are not known and used, worldwide." Is this close to the mark? What holes are there in this case (other than the fact that THEY get to make the laws)? I would be very willing to contribute to such an effort if I felt that the goals were clear-cut and reasonably achievable -AJS Aaron Sherman I-Kinetics, Inc. Systems Engineer "Open Systems Stepstones" Voice: (617)661-8181 (x230) 19 Bishop Allen Dr. Fax: (617)661-8625 Cambridge, MA 02139 Pager: (508)545-0584 asherman@i-kinetics.com Key fingerprint = 62 6A 5E EB 6B 2A 46 48 3D 06 01 79 66 A2 87 0C
To this the counter argument would run along the lines of:
"Exactly WHAT encryption algorithms, here, are not known and used, worldwide."
Is this close to the mark? What holes are there in this case (other than the fact that THEY get to make the laws)?
Given that they already allowed the exact same information to be exported in print form, there is the question of whether it is constitutional to discriminate on the basis of the medium of expression. In other words, this case comes pretty close to what groups like EFF were originally created to protect. Phil
Does anyone think it would be worthwhile to go through the rigamarole of CJ requests for "intermediate" cases? Or is that just splitting hairs? I can think of a couple... though setting these up would, of course, require the cooperation of Bruce Schneier: - diskettes containing either all the source in one big file (with page breaks), or one file per "page" as found in the book. or - diskettes containing PostScript (or similar) source for the appendix (where one has to parse the PostScript to get the program text out) or even the whole book... (Bruce Schneier or his publisher might have a problem with this, though..). or - diskettes containing .TIFF or .GIF images of the pages from the appendix -- machine readable, but not easily compileable w/o character recognition software. I'm waiting for someone like Markoff to run a story with the headline "Goverment Agency Rules Only Americans Can Type". - Bill
Bill Sommerfeld: | Does anyone think it would be worthwhile to go through the rigamarole | of CJ requests for "intermediate" cases? Or is that just splitting | hairs? Actually, I was batting around the idea earlier of reading the code onto audio tape. Clear that, then clear a written transcript of the tape, then try to clear an electronic copy of the transcript. The audio tape would clearly not be 'easily compilable' which is the pseudo logic they provide for allowing the paper & not the disks. The written transcript is probably no different from the book. The interesting change, I think, comes from calling your listings a transcript of the spoken word. Adam -- Adam Shostack adam@bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker.
Adam Shostack says:
Bill Sommerfeld:
| Does anyone think it would be worthwhile to go through the rigamarole | of CJ requests for "intermediate" cases? Or is that just splitting | hairs?
Actually, I was batting around the idea earlier of reading the code onto audio tape.
Frankly, the case seems airtight right now. The government is contending that only Americans can type. The position is so idiotic as to be untenable. I don't think there is any need for additional rigamarole -- Phil should appeal the current ruling and then take them to court as is. Perry
"Perry E. Metzger" says:
Frankly, the case seems airtight right now. The government is contending that only Americans can type. The position is so idiotic as to be untenable. I don't think there is any need for additional rigamarole -- Phil should appeal the current ruling and then take them to court as is.
I realized that I sounded overoptimistic in what I just said. Let me clarify. Courts may of course find against us, but the case is as strong as it can possibly get right now -- no better opportunity is going to arise. Perry
"Perry E. Metzger" says:
Frankly, the case seems airtight right now. The government is contending that only Americans can type. The position is so idiotic as to be untenable. I don't think there is any need for additional rigamarole -- Phil should appeal the current ruling and then take them to court as is.
I realized that I sounded overoptimistic in what I just said. Let me clarify.
Courts may of course find against us, but the case is as strong as it can possibly get right now -- no better opportunity is going to arise.
Perry's right. Even articles in the popular press and telecommunications trade rags are questioning the policies of key escrow and cryptographic export policy. - paul
In message <9405121145.AA15394@snark.imsi.com>you write:
Frankly, the case seems airtight right now. The government is contending that only Americans can type. The position is so idiotic as to be untenable. I don't think there is any need for additional rigamarole -- Phil should appeal the current ruling and then take them
While the courts can always rule whatever they want to, there are hopeful signs. I was having dinner with a Federal Judge last weekend, who made the mistake of asking me "Just what is the internet I keep hearing about." By the end of the night we had covered everything through the ITAR. The classification of crypto as munitions struck him as absurd, he liked the cryptography as an envelope for email analogy, and volunteered that "people who think only those with something to hide need privacy are fools." Judges tend to have brains, and are educatable. This is where, ultimately, the battle for free crypto will be won or lost. Linn H. Stanton <stanton@acm.org> The above opinions are exclusively my own. If anyone else wants them, they can buy them from me. Easy terms can be arranged. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQBNAitK8+EAAAECALzK83DH79m7DLKBmZA2h9U33fBE80EwT4xRY05K7WRfxpO3 BmhPVBmes9h97odVZ0RxAFvinOl4wZGOb8pDclMABRG0IUxpbm4gSC4gU3RhbnRv biA8c3RhbnRvbkBhY20ub3JnPokAVQIFEC2u0NyIwD3rAd2buQEB4ggB/R72gmWG FJACaoxKijfLZYEiyGOZI3xB6oQSOsV4D1EZ1jVn7UV0Orh4hCbm/bcJbacA5qCh UkfTwFPq1qvM4mC0J0xpbm4gSC4gU3RhbnRvbiA8bHN0YW50b25Ac2hlYXJzb24u Y29tPg== =HQq9 -----END PGP PUBLIC KEY BLOCK-----
"Perry E. Metzger" says:
Duncan Frissell says:
So obviously the next step is to put the source code in one big text file..
I'd say the obvious next step is a lawsuit -- at this point there is standing and little point in accomodating the clowns.
Phil informs me that he has to go through the DTC administrative appeal process before suing. However, obviously after the appeal... Perry
participants (11)
-
Adam Shostack -
asherman@jacobi.i-kinetics.com -
Carl Ellison -
Duncan Frissell -
Linn Stanton -
m5@vail.tivoli.com -
paul@hawksbill.sprintmrn.com -
Perry E. Metzger -
Phil Karn -
Phil Karn -
sommerfeld@orchard.medford.ma.us