I cross posted the ITAR proposed rev pointers to Firewalls. In addition to an entertaining rant, Marcus posted this: ----- Forwarded message from Marcus J. Ranum -----
From mjr@mail.clark.net Thu Dec 12 17:38:57 1996 Message-Id: <199612122240.RAA10556@mail.clark.net> Comments: Authenticated sender is <mjr@mail.clark.net.> From: "Marcus J. Ranum" <mjr@mail.clark.net> Organization: V-ONE Corp Baltimore office To: adam@homeport.org Date: Thu, 12 Dec 1996 17:42:00 +0000 Subject: that doc.... Priority: normal X-mailer: Pegasus Mail for Win32 (v2.42a)
You posted a pointer to that document. It was quite interesting. I see that the feds are making INDIVIDUALS responsible for ENFORCING export laws!!! Read carefully: (9) Export of encryption software. The export of encryption source code and object code software controlled for EI reasons under ECCN 5D002 on the Commerce Control List (see Supplement No. 1 to part 774 of the EAR) includes downloading or causing the downloading, of such software to locations (including electronic bulletin boards and Internet file transfer protocol and World Wide Web sites) outside the U.S., and making such software available for transfer outside the United States, over radio, electromagnetic, photo optical, or photoelectric communications facilities accessible to persons outside the United States, including transfers from electronic bulletin boards and Internet file transfer protocol and World Wide Web sites, or any cryptographic software subject to controls under this regulation unless the person making software available takes precautions as adequate to prevent unauthorized transfer of such code outside the United States. This provision applies both to the uploading and downloading of such software. For purposes of this paragraph, the following shall constitute adequate precautions to prevent unauthorized transfer: This implies that putting something up for FTP == export. Holy shit. mjr. ----- Marcus J. Ranum, Chief Scientist, V-ONE Corporation Work: http://www.v-one.com Personal: http://www.clark.net/pub/mjr "I'll have time to be laid back when I'm laid out on a slab" ----- End of forwarded message from Marcus J. Ranum -----
-----BEGIN PGP SIGNED MESSAGE----- Adam Shostack <adam@homeport.org> writes:
I cross posted the ITAR proposed rev pointers to Firewalls. In addition to an entertaining rant, Marcus posted this:
----- Forwarded message from Marcus J. Ranum -----
From mjr@mail.clark.net Thu Dec 12 17:38:57 1996 Message-Id: <199612122240.RAA10556@mail.clark.net> Comments: Authenticated sender is <mjr@mail.clark.net.> From: "Marcus J. Ranum" <mjr@mail.clark.net> Organization: V-ONE Corp Baltimore office To: adam@homeport.org Date: Thu, 12 Dec 1996 17:42:00 +0000 Subject: that doc.... Priority: normal X-mailer: Pegasus Mail for Win32 (v2.42a)
You posted a pointer to that document. It was quite interesting. I see that the feds are making INDIVIDUALS responsible for ENFORCING export laws!!! Read carefully:
<snip excerpt>
This implies that putting something up for FTP == export. Holy shit.
This has always been the case. At this point, it is sufficient to make the downlaoder promise that they are a US citizen-unit (eg the mit pgp dist.). Of course, seeing as how no congressional laws involved, the ores. could decide that that's not good enough on a whim. Jer "standing on top of the world/ never knew how you never could/ never knew why you never could live/ innocent life that everyone did" -Wormhole -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMrHFJ8kz/YzIV3P5AQE/EgMAuoWyNti9XqXfEGCOCIFHXR7fIPiCJJx1 tbYCGeZlBvIkwopHvGLWpR5AdTSC1/loleWbOCP0hBL13+lVLTtMPaA4OcCBnY34 z75eLpbPUibUxCX+uaLhFAkQF1i0W8Zz =G2HV -----END PGP SIGNATURE-----
: This implies that putting something up for FTP == export. Holy : shit. That has always been the position of the Department of Defense Trade Controls with respect to the ITAR, the only difference is that now it is going to be in writing. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger@pdj2-ra.f-remote.cwru.edu junger@samsara.law.cwru.edu URL: http://samsara.law.cwru.edu
Peter D. Junger wrote: | | : This implies that putting something up for FTP == export. Holy | : shit. | | That has always been the position of the Department of Defense Trade | Controls with respect to the ITAR, the only difference is that now | it is going to be in writing. My understanding is that they choose not to continue per^H^Hrosecuting Phil for putting the code up for FTP. Thus, this is a change. Or did Phil not put the code up for FTP? Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Adam Shostack writes: : Peter D. Junger wrote: : | : | : This implies that putting something up for FTP == export. Holy : | : shit. : | : | That has always been the position of the Department of Defense Trade : | Controls with respect to the ITAR, the only difference is that now : | it is going to be in writing. : : My understanding is that they choose not to continue : per^H^Hrosecuting Phil for putting the code up for FTP. Thus, this is : a change. Or did Phil not put the code up for FTP? Phil probably did not put up the code, but that is not the point. They held his feet over the fire for three years and then, as the statute of limitations ran out, dropped the case---perhaps because they could not prove that Phil made the code available, perhaps because they did not want to subject their position to judicial review, probably for a combination of those reasons. But that in no way amounted to a change in what they claim. In my case the government's lawyer has made it quite clear that they would consider putting cryptographic software on a web site as a violation, and I don't think that for this purpose there is any distinction either in the government's mind or in reality between an FTP site and a web site. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger@pdj2-ra.f-remote.cwru.edu junger@samsara.law.cwru.edu URL: http://samsara.law.cwru.edu
At 7:09 pm -0500 12/14/96, Adam Shostack wrote:
My understanding is that they choose not to continue per^H^Hrosecuting Phil for putting the code up for FTP. Thus, this is a change. Or did Phil not put the code up for FTP?
Actually, it's my understanding that PRZ didn't do it personally. Someone else got the code from Phil and put it on the net. Phil had nothing to do with it. Except for writing PGP, of course. :-). Cheers, Bob Hettinga ----------------- Robert Hettinga (rah@shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "The cost of anything is the foregone alternative" -- Walter Johnson The e$ Home Page: http://www.vmeng.com/rah/
Robert Hettinga <rah@shipwright.com> writes:
At 7:09 pm -0500 12/14/96, Adam Shostack wrote:
My understanding is that they choose not to continue per^H^Hrosecuting Phil for putting the code up for FTP. Thus, this is a change. Or did Phil not put the code up for FTP?
Actually, it's my understanding that PRZ didn't do it personally. Someone else got the code from Phil and put it on the net. Phil had nothing to do with it. Except for writing PGP, of course. :-).
And what exactly was Kelly Goen's role? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
At 7:09 PM -0500 12/14/96, Adam Shostack wrote:
Peter D. Junger wrote: | | : This implies that putting something up for FTP == export. Holy | : shit. | | That has always been the position of the Department of Defense Trade | Controls with respect to the ITAR, the only difference is that now | it is going to be in writing.
My understanding is that they choose not to continue per^H^Hrosecuting Phil for putting the code up for FTP. Thus, this is a change. Or did Phil not put the code up for FTP?
I certainly can't speak for Phil, but according to everything I have heard, and according to several articles that have been written about the events surrounding the release of PGP 1.0, Phil most definitely DID NOT place the PGP 1.0 software on any kind of ftp site. (I believe that at that time, circa 1991, Phil did not even have any kind of ISP or university Internet access which would have even made this possible for him. In fact, I believe it was not until around 1993 that he had a stable e-mail account.) As to who, if anybody, placed PGP 1.0 on an ftp site, I suggest folks read some of the articles about how the software was uploaded to bulletin boards. The evidence is strong that it was NOT Phil who did this, though of course the software at some point got from Phil to whomover it was who did place the software on bulletin boards (and ultimately onto ftp sites). (Note that it was primarily PGP 1.0 which was the subject of the government's investigations. PGP 2.0 and later releases were handled in a different way.) I hope I have not mangled any of the history. These events have been reported in many articles on PGP and the Zimmermann Affair, including a long article by Jim Warren on whom--he claims--actually DID place PGP on publically-accessible sites. See those articles for more details. It seems likely to me that the new laws, pointed out to us by Lucky, would make a much wider range of things illegal, and that the mere appearance of some software on a foreign site could be construed as ipso facto proof that due care was not taken ("you let it leak out"). But this was not the law in 1991, nor is it the law yet. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
participants (6)
-
Adam Shostack -
dlv@bwalk.dm.com -
Jeremiah A Blatz -
Peter D. Junger -
Robert Hettinga -
Timothy C. May