WebTV a "munition"
Page 3 of the San Jose Mercury News has a small blurb about WebTV's browser/set-top box that "uses computer-security technology so powerful that the government is classifying it as a weapon that will require a special export license before it can be sold overseas". "Few industry experts expect such a licsense to be granted, meaning the companies are unlikely to begin selling current versions of the US-made devices next year in Eurpoe and Japan as they had planned". [fluff about export laws] "We're the guinea pig" says Steve Perlman, chairman and CEO blah blah. So what's the story here? It's a web browser, so they're probably talking about SSL. SSL (both versions) already has mechanisims for allowing "export" level encryption, and although you still need to get a Commodities Jurisdiction, it's been done before so it shouldn't be too difficult. If they didn't use the "export" level SSL CipherTypes, then what're they up to? Are they fighting crypto export laws (for which they should be congratulated and supported) or are they just looking for free publicity? -- Eric Murray ericm@lne.com ericm@motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF
Eric Murray wrote:
Page 3 of the San Jose Mercury News has a small blurb about WebTV's browser/set-top box that "uses computer-security technology so powerful that the government is classifying it as a weapon that will require a special export license before it can be sold overseas".[...] shouldn't be too difficult. If they didn't use the "export" level SSL CipherTypes, then what're they up to? Are they fighting crypto export laws (for which they should be congratulated and supported) or are they just looking for free publicity?
Based on the lack of public policy pronouncements from the WebTV folks, I would answer C) They're clueless. I'm not sure that management even understood, or wanted to understand, that they'd have an export problem. See http://www.webtv.net/ -rich
Eric Murray wrote: [Stuff about WebTv/crypto/export problems]
So what's the story here? It's a web browser, so they're probably talking about SSL. SSL (both versions) already has mechanisims for allowing "export" level encryption, and although you still need to get a Commodities Jurisdiction, it's been done before so it shouldn't be too difficult. If they didn't use the "export" level SSL CipherTypes, then what're they up to? Are they fighting crypto export laws (for which they should be congratulated and supported) or are they just looking for free publicity?
I'm not sure they're doing either. When I talked to my friends at WebTv, I got the impression that they thought a functional browser needed to have support for electronic commerce. This electronic commerce needs crypto, and if you're going to do crypto right, it has to be strong crypto. Given that they've tried to do everything else right (and, in my opinion, succeeded), that may be all there is to it. I'll ask for more details next time I talk to them. Jon Leonard
Rich Graves wrote:
Eric Murray wrote:
Page 3 of the San Jose Mercury News has a small blurb about WebTV's browser/set-top box that "uses computer-security technology so powerful that the government is classifying it as a weapon that will require a special export license before it can be sold overseas".[...] shouldn't be too difficult. If they didn't use the "export" level SSL CipherTypes, then what're they up to? Are they fighting crypto export laws (for which they should be congratulated and supported) or are they just looking for free publicity?
Based on the lack of public policy pronouncements from the WebTV folks, I would answer C) They're clueless. I'm not sure that management even understood, or wanted to understand, that they'd have an export problem. See http://www.webtv.net/
Since Pablo Calamera works there, they can't be too clueless. -- You should only break rules of style if you can | Tom Weinstein coherently explain what you gain by so doing. | tomw@netscape.com
Eric Murray sez:
Page 3 of the San Jose Mercury News has a small blurb about WebTV's browser/set-top box ......
That's a John Markoff story in today's NYT..... -- A host is a host from coast to coast.................wb8foz@nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433
Rich Graves writes: : Eric Murray wrote: : > : > Page 3 of the San Jose Mercury News has a small blurb : > about WebTV's browser/set-top box that "uses : > computer-security technology so powerful that the : > government is classifying it as a weapon : > that will require a special export license before : > it can be sold overseas".[...] : > shouldn't be too difficult. If they didn't use the "export" : > level SSL CipherTypes, then what're they up to? Are they : > fighting crypto export laws (for which they should be congratulated : > and supported) or are they just looking for free publicity? : : Based on the lack of public policy pronouncements from the WebTV folks, : I would answer C) They're clueless. I'm not sure that management even : understood, or wanted to understand, that they'd have an export problem. : See http://www.webtv.net/ But note that both their licensees, Sony and Philips, are foreign companies. Presumably they will just manufacture the boxes outside the U.S. when they want to market them outside the U.S. As far as I know, the only person convicted of shipping cryptographic devices outside the U.S. without a license was guilty of shipping a satellite TV descrambler to Latin America. So there is some sort of precedent. (And, of course, no First Amendment problem.) But there is a big question as to whether WebTV violated the ITAR by transfering cryptographic _information_ to the licensees. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger@pdj2-ra.f-remote.cwru.edu junger@samsara.law.cwru.edu URL: http://samsara.law.cwru.edu
Jon Leonard writes:
Eric Murray wrote: [Stuff about WebTv/crypto/export problems]
So what's the story here? It's a web browser, so they're probably talking about SSL. SSL (both versions) already has mechanisims for allowing "export" level encryption, and although you still need to get a Commodities Jurisdiction, it's been done before so it shouldn't be too difficult. If they didn't use the "export" level SSL CipherTypes, then what're they up to? Are they fighting crypto export laws (for which they should be congratulated and supported) or are they just looking for free publicity?
I'm not sure they're doing either. When I talked to my friends at WebTv, I got the impression that they thought a functional browser needed to have support for electronic commerce. This electronic commerce needs crypto, and if you're going to do crypto right, it has to be strong crypto.
Right. But if you're doing SSL, you _have_ to know about the export issues! It's all over the sources, specs, docs etc etc. It's almost implssible to be 'clueless' about this if you have implemented SSL or even looked seriously at doing it. So if their point is to fight against ITAR (one interpretation of the facts as I know them) why haven't they announced that they're doing so? It would be good PR.
Given that they've tried to do everything else right (and, in my opinion, succeeded), that may be all there is to it.
I'll ask for more details next time I talk to them.
That'd be cool. I think that there's a lot that we don't know about this. The web site doesn't have much hard info, just a lot of buzzword-compliant marketing bullstuff and the highest ratio of (TM)s to words that I have ever seen. -- Eric Murray ericm@lne.com ericm@motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF
Eric Murray wrote:
Eric Murray wrote: [more stuff about WebTv/crypto/export problems trimmed] So if their point is to fight against ITAR (one interpretation of
Jon Leonard writes: the facts as I know them) why haven't they announced that they're doing so? It would be good PR.
I'm not sure that it would be good PR for the general public. That's their target market, after all. If you've got a computer, you probably don't need a WebTv for websurfing.
Given that they've tried to do everything else right (and, in my opinion, succeeded), that may be all there is to it.
I'll ask for more details next time I talk to them.
That'd be cool. I think that there's a lot that we don't know about this.
One of my friends at WebTv called, and I asked him about it. What I got from him was: 1) They wanted to do it right. (And electronic commerce needs strong crypto) 2) They wanted to be stronger than Netscape's default. (Triple-DES, I think) 3) They didn't necessarily expect this to be a problem. 4) They expect to win the export control fight. He seemed almost gleeful that they'd be classified as a munition. I was suprised that he knew the issue and had an opinion, as he isn't particularly crypto-aware usually. I'd guess that it's a big deal at WebTv. Keep in mind that this is only one employee, and non-management at that. <speculation> It sounded like they might be vulnerable to a government deal, and were mostly relying on the implausibility of export controlling WebTv helping national security in any detectable way. It seems to me that this has the potential to be a cypherpunk victory. There's the potential for their market (and publicity) to be even wider than Netscape's, and for the export controls to look even sillier. Any ideas for helping their export case, or avoiding them making a deal? </speculation>
The web site doesn't have much hard info, just a lot of buzzword-compliant marketing bullstuff and the highest ratio of (TM)s to words that I have ever seen.
That seems to be the new advertising style in high tech. Unfortunate. Jon Leonard
-----BEGIN PGP SIGNED MESSAGE-----
In article <199611091610.LAA00420@pdj2-ra.F-REMOTE.CWRU.Edu>,
Peter D. Junger
As far as I know, the only person convicted of shipping cryptographic devices outside the U.S. without a license was guilty of shipping a satellite TV descrambler to Latin America. So there is some sort of precedent. (And, of course, no First Amendment problem.)
I had heard of this before, but it's odd, because the ITAR says that among items _excluded_ from the munitions list are items: 121.1 Category XIII(b)(1)(viii): Limited to receiving for radio broadcast, pay television or similar restricted audience television of the consumer type, without digital encryption and where digital decryption is limited to the video, audio or management functions. so it would seem a sattelite TV descrambler is not a munition. - Ian -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMoen3kZRiTErSPb1AQFpywQAic/fkZZQIFItzyt0tnKYtV5/CGXpABJl ncRnl4ydG5LWyudrB9tb5fFhIqUtpp2I1MRoFgXWibEk2OwGXua7T91rSyw/AeG0 Reh+x0IJGYu4DdHBmrMwRTbAR5QgsC9Yai9j/cIsXXDBviXSKMBn8S5jTK0BvTKg RwEamFu7QL4= =JlNu -----END PGP SIGNATURE-----
The address you mailed to is no longer valid. This is probably because the user in question was an old Open Net subscriber. Open Net is NO LONGER an ISP, and has not been since May 1996. We have no redirection address for that user. Please remove them from any mailing lists you might have. This response was generated automatically.
participants (8)
-
David Lesher / hated by RBOC's in 5 states -
Eric Murray -
iang@cs.berkeley.edu -
Jon Leonard -
Open Net Postmaster -
Peter D. Junger -
Rich Graves -
Tom Weinstein