Exports and criminalizing crypto
off. Without the export restrictions we would see much more crypto sold and used inside the US. I'll bet there are lots of cypherpunks who are holding off releasing crypto tools because of these laws. Look at the guy who said he had to go to Canada to release his crypto. And he had to stop thinking about it when he was in the US. This is crazy. Yes, it is stupid to have a law that using crypto makes a crime worse. But this is not that bad compared to some laws. It won't affect most people. With the export restrictions gone, the green light will be given to make crypto available everywhere. Every data transmission will be encrypted, and people will be protected. It might even be that the criminal part will be shut down by the courts. Once crypto is everywhere, it will be impossible to do anything without using crypto. The law would then be like a law which said that breathing air while committing a crime will be illegal. I'm sure the lawyers could come up with a reason why this kind of a law will be unconstitutional. At this point the SAFE law looks like a good one. Everyone said that there was no way to stop the FBI from putting in the restrictions, but they were stopped. Now everyone says there is no way to get a good bill out of the Senate, or past the president. People are missing one point. We are right. Stopping people from using crypto is completely the opposite of the basic principles of this country. Look at all the groups which came out against the amendment to SAFE. The ACLU, the religious right, the NRA (how often do you see them working together?). Business executives, law professors, technical experts. If this coalition can hang together and support the bill in its current form, the SAFE law still has a chance at success. Probably not this year because there is not time, but next year they should try again. Getting rid of these export restrictions would produce an explosion of Cypherpunk style crypto software. It is a big win. "John ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
John Smith <jsmith58@hotmail.com> writes:
Getting rid of these export restrictions would produce an explosion of Cypherpunk style crypto software. It is a big win.
I disagree. Cypherpunk (freeware) crypto isn't hardly hindered at all by EAR export nonsense. You reference Ian Goldberg claiming to have to work on crypto during trips to Canada. I think he was just trying to make a political point. I submit that he could write and publish all the crypto he wants in the US (on one of those "export controlled" sites). It will get illegally exported in no time at all. Where's the problem? William Geiger has PGP on a non-export controlled site, and the export bods haven't said a word, so it's not even clear that they care about freeware at this point. The problem with export controls is for commercial software. Companies get denied export permission. Overseas companies probably wouldn't feel comfortable using non-paid for commercial warez. Illegally exported commercial crypto warez isn't generally hosted on ftp/web sites outside the US. I suspect this has much more to do with the fact that it is copyrighted, than to do with export regulations. Netscape, and MSIE browsers are available on web sites, but these are distributed freely anyway. Also your claim that the FBI is defeated, and that safe is a good idea. Disagree also. 1) SAFE has lots more hurdles to pass before it gets to be law. 2) If it does get to be law, you won't like the modifications that are made to it by that stage. 3) Crypto-in-a-crime US domestic restrictions are a _bad thing_. Adam -- Now officially an EAR violation... Have *you* violated EAR today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
At 12:32 PM -0700 9/25/97, J. Random Hotmail User wrote:
Without the export restrictions we would see much more crypto sold and used inside the US. I'll bet there are lots of cypherpunks who are holding off releasing crypto tools because of these laws. Look at the guy who said he had to go to Canada to release his crypto. And he had to stop thinking about it when he was in the US. This is crazy.
Yes, it's crazy, but SAFE doesn't fix this in any meaningful way. We can ask Ian Goldberg, the guy you refer to, if the enactment of SAFE would cause him to develop software in the U.S. Remember, SAFE does not give carte blanche to crypto exports. Rather, it speaks of whether or not similar products already can be found elsewhere (thus indicating export review will happen, with all that that implies) and it further gives authority to deny exports if "substantial evidence" exists that the product is or could be used by the Bad Guys for Evil Puposes. (Cf. the full text of H.R. 695 at http://www.cdt.org/crypto/legis_105/SAFE/hr695_text.html, and remember that amendments are being added to it.) This latter authority to block exports suggests NSA/State vetting of all exports. Meaning, things really haven't changed. All it would take is a letter stating that there is "substantial evidence" that Ian's product may be "diverted" for use by those the U.S. doesn't like. Well, duh, we're where we are today on exports. So, will Ian, or C2Net, or others, launch software development here and just sort of hope that when the time comes to apply for an export license that the conditions above are met? First, that the BXA/NSA/etc. rules that similar products are already available. Second, that the product will not be used by Hamas, a group the U.S. calls a terrorist group, or the Cali Cartel, or the Irish Republican Army, or the armies of Iraq? Think about it, given that Hamas is already using PGP 5.0 to fight the Zionist occupiers in Palestine. Would PGP 5.0 receive an export license? Even under SAFE? Would a product designed to implement Chaumian untraceable cash, a la some of the work on Lucre and the like, receive export approval? Even under SAFE?
Yes, it is stupid to have a law that using crypto makes a crime worse. But this is not that bad compared to some laws. It won't affect most people. With the export restrictions gone, the green light will be given to make crypto available everywhere. Every data transmission will be encrypted, and people will be protected.
J. Random Hotmail User, you'd better learn to read the text of the bills you so blithely think are OK. --Tim May The Feds have shown their hand: they want a ban on domestic cryptography ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
Tim writes below that SAFE doesn't get rid of export controls. That's true, even before it's compromised to death. I've attached below my column on SAFE I wrote in June... This is just one reason why no new laws are better than bad new laws. -Declan *************** At 14:17 -0700 9/25/97, Tim May wrote:
At 12:32 PM -0700 9/25/97, J. Random Hotmail User wrote:
Without the export restrictions we would see much more crypto sold and used inside the US. I'll bet there are lots of cypherpunks who are holding off releasing crypto tools because of these laws. Look at the guy who said he had to go to Canada to release his crypto. And he had to stop thinking about it when he was in the US. This is crazy.
Yes, it's crazy, but SAFE doesn't fix this in any meaningful way.
We can ask Ian Goldberg, the guy you refer to, if the enactment of SAFE would cause him to develop software in the U.S. Remember, SAFE does not give carte blanche to crypto exports. Rather, it speaks of whether or not similar products already can be found elsewhere (thus indicating export review will happen, with all that that implies) and it further gives authority to deny exports if "substantial evidence" exists that the product is or could be used by the Bad Guys for Evil Puposes. (Cf. the full text of H.R. 695 at http://www.cdt.org/crypto/legis_105/SAFE/hr695_text.html, and remember that amendments are being added to it.)
This latter authority to block exports suggests NSA/State vetting of all exports. Meaning, things really haven't changed.
All it would take is a letter stating that there is "substantial evidence" that Ian's product may be "diverted" for use by those the U.S. doesn't like.
Well, duh, we're where we are today on exports.
So, will Ian, or C2Net, or others, launch software development here and just sort of hope that when the time comes to apply for an export license that the conditions above are met? First, that the BXA/NSA/etc. rules that similar products are already available. Second, that the product will not be used by Hamas, a group the U.S. calls a terrorist group, or the Cali Cartel, or the Irish Republican Army, or the armies of Iraq? Think about it, given that Hamas is already using PGP 5.0 to fight the Zionist occupiers in Palestine.
Would PGP 5.0 receive an export license? Even under SAFE?
Would a product designed to implement Chaumian untraceable cash, a la some of the work on Lucre and the like, receive export approval? Even under SAFE?
http://cgi.pathfinder.com/netly/opinion/0,1042,1022,00.html The Netly News Network June 5, 1997 Mr. Gates Goes to Washington by Declan McCullagh (declan@well.com) For Siliconaires like Bill Gates of Microsoft, Eric Schmidt of Novell and Jeff Papows of Lotus, Washington is a city made pleasant by absence. They view its labyrinthine bureaucracies and hidebound institutions as something between a minor hindrance and an insurmountable obstacle to the important business of making profits, not public policy. So it was no surprise to see the high-tech trio join seven other executives yesterday at the National Press Club to rail against the Clinton administration's restrictions on overseas sales of encryption products. This Billionaire Boys' Club was especially keen on praising two bills that would generally relax export rules. "We clearly support the House and the Senate bills that are on the Hill in their original form. Getting reform done now is a huge priority for all of us," said one. "There are bills in the House and the Senate that are totally acceptable, and if those bills are passed they'd solve the problem," another added. But perhaps Bill Gates should have spent less time writing BASIC interpreters and more time in civics classes, because these bills are far from perfect. In fact, they may be downright dangerous. "Please, do no harm here. Let's keep what we won," says Cindy Cohn, one of the lawyers mounting an EFF-sponsored court challenge to the White House's export rules. So far that effort has been successful: A federal judge ruled last December that the line-by-line instructions in a computer program are "speech" and restrictions on overseas shipments violate the First Amendment. Cohn argues that both Rep. Bob Goodlatte's (R-Va.) SAFE bill and Sen. Conrad Burns' (R-Mont.) ProCODE bill could do more harm than good. She says they might not even help her client, a university professor who wants to discuss encryption without going to jail. "What effect would SAFE or ProCODE have? Either none or a detrimental one," Cohn said on Monday at a conference organized by the Electronic Privacy Information Center. (A Burns spokesperson responded by saying any problems could be addressed after the bill leaves the Commerce Committee and moves to the Senate floor.) This might seem like a lot of high-powered debate over an obscure subject, but the argument boils down to a conflict between pragmatism and principle. Will Congress decide to help out Bill Gates at our expense? Sure, removing export controls completely would benefit everyone, but SAFE doesn't go that far: Only software "that is generally available" overseas may be exported. Which means if I invent a new data-scrambling method that nobody overseas has developed, I'm screwed. SAFE also creates a new federal felony if you use crypto in a crime. Cypherpunks have criticized the measure, saying that when crypto starts to appear in products from light switches to doorknobs, Congress might as well put you in jail if you breathe while committing a crime. Then there's ProCODE, which sets up a new federal crypto-bureaucracy -- hardly a reassuring thought. [...] some veteran Washington lawyers warn that the proposals in Congress will not nullify the export rules. "Because the language of the SAFE act doesn't track the language of the executive order and the [Commerce Department regulations], which of course they couldn't anticipate, there's substantial wiggle room left for the government to maintain some controls. The bills may not have the desired effect in the long run," says Roszel Thomsen, a partner at the Thomsen and Burke law firm. "There's room for someone to completely rewrite a bill that starts from the provision that all source code is speech -- then squarely roll back the most onerous provisions from the administration's executive order last November and track the current laws to eliminate the wiggle room," Thomsen says. "But I don't think there's the willpower to do that." If that willpower doesn't exist, then perhaps Congress shouldn't pass either SAFE or ProCODE. No legislation is better than bad law, especially when court challenges are moving forward -- and don't bring with them nasty side effects. We shouldn't have to give up some freedoms to gain others. If Congress doesn't have the courage to do the right thing, it's better they do nothing -- even if Bill Gates prefers otherwise. [...] ------------------------- Declan McCullagh Time Inc. The Netly News Network Washington Correspondent http://netlynews.com/
participants (4)
-
Adam Back -
Declan McCullagh -
John Smith -
Tim May