As mentioned, the December, 1993 issue of Dr. Dobb's Journal has an excellent editorial about the government investigation of PGP export and the general crackdown on cryptography. This issue also includes an article by Bruce Schneier describing the IDEA encryption algorithm. As usual with DDJ, source code is included: IDEA.C, apparently based on PGP source. Dr. Dobb's has published encryption source before. A few months ago there was an article by Burt Kaliski of RSADSI on using Montgomery multiplication to speed up an RSA implementation. Earlier there was an article on the (patented) Lucas public-key system. Both articles had source. No doubt there have been others as well. Here is the text of the editorial: Cryptography is like one of those West Virginia subterranean fires that smolder along coal seams for months before flaring up above ground. The current flame along the encryption firing line involves a pair of Federal grand jury subpoenas handed out to distributors of Phil Zimmermann's PGP ("Pretty Good Privacy") message signature and privacy software. Earlier this fall, the Austin Code Works (a Texas software distributor) and ViaCrypt (a Phoenix cryptography-tool developer) were slapped with demands to produce contracts, payments, correspondence, and related information concerning their international distribution of PGP and RSA cryptography source code. Neither company was told why they must turn over this information, nor were they given any indication of when or what the next shoe to drop might be. For the past year Code Works has been selling Grady Ward's Moby Crypto, a collection of crypto software that includes PGP, RSA, MD4, DES, and the like. Although not mentioned in the subpoena, Code Works has also been separately selling a DES encryption and decryption software package. For the time being, both have been removed from Code Works' shelves. ViaCrypt, on the other hand, licensed PGP from Zimmermann, combined it with ViaCrypt's DigiSig+ cryptographic engine, and released a toolkit called "ViaCrypt PGP," the first commercial PGP-based package. Interestingly, ViaCrypt is also a sublicensee of RSA public-key encryption from Public Key Partners, holder of the RSA patent and a big-time competitor and long-time critic of PGP. Ostensibly, the subpoenas are part of a U.S. Customs investigation into the export of PGP. (A letter the State Department's Enforcement Branch fired off to the Code Works begins with, "It has come to the attention of this office that your company is making cryptographic source code... available for commercial export....") State Department regulations lump cryptographic software with munitions and weapons, making it subject to export licenses as per International Traffic in Arms Regulation guidelines. However, Code Works' current advertisements clearly state that both Moby Crypto and DES Encryption are "not for export," and ViaCrypt says sales are made "export regulations permitting." In short, there's no indication that either company has exported crypto software, leading you to believe that the investigation is really nothing more than a fishing expedition. The timing is curious, considering that the Clinton administration views many high-tech export rules as antiquated Cold War laws that hinder U.S. trade. Consequently, the administration is rethinking export laws so that U.S. manufacturers can more easily export communications and other high-tech equipment - what's protected today may be fair game in a few months. Of course, the government also wants to make it harder to sell high-tech military equipment to renegade countries. Unfortunately, cryptography has a foot in both military and civilian communications camps. Neither the Code Works nor ViaCrypt had anything to do with developing PGP. You could even argue that Zimmermann really isn't the "author" of the software. True, he did write Version 1.0, but subsequent editions (2.3 is the current release) are the contributed efforts of U.S. and non-U.S. programmers who've created what's been described as the strongest, easiest-to-use encryption utility available to the public in source form. There's no question that PGP was exported, but neither is there a hint that Zimmermann shipped it overseas. He assiduously avoided the chance of _his_ exporting PGP, to the point of having other people upload the software to the nets. The bottom line is that PGP was legally on the net and anyone with a PC and a modem could have moved it across international borders - just as with DES, which has been on the nets and authorized by the government for more than a decade. Still, you have to wonder why the government is taking action now. PGP has been around for a couple of years. Maybe the Feds are upset that Zimmermann's encryption scheme is good - PGP is thought to be stronger than DES, the NSA and FBI reportedly can't crack it, and the thought of publicly available cryptography scares the dickens out of them. Or maybe the announcement of a commercial PGP-based application finally hitting the shelves prompted PGP's competitors to lean on the government. We just don't know, and the Feds aren't talking. The government is struggling to cope with a changing world, one in which technology has altered many of the old rules. Regulations, written for a paper-based society, aren't adapting well to digital reality. International electronic networks make it hard to control software distribution and information dissemination. Like wildfire, bank transfers and e-mail are circling the globe unfettered - and encryption is keeping secret the contents of these communications. But the means by which Washington is attempting to maintain control over cryptography is, in the long run, injurious to us all. From a business perspective, these tactics hobble U.S. companies from competing internationally. More importantly, the First Amendment guarantees us the right to speak in an encrypted way and insidious attempts to douse public access to cryptography, cloaked under the guise of software-export investigations, appear to stifle those rights. Jonathan Erickson editor-in-chief