Re: I@Week on crypto export loophole 6/24/96
At 10:30 PM 7/11/96 -0400, Will Rodger wrote:
At 04:06 AM 7/11/96 +0000, Paul Elliott wrote:
What is to prevent a U.S company to licence a foreign company to sublicence and distribute a Crypto product abroad, if that foreign company obtains that product on the pirate market?
I am not a lawyer, but I look at the definition of "export" on page 612 of Applied Cryptography and nothing seems to obviously apply.
Elliott appears to be absolutely correct.
Jim Bell replied:
I raised this type of idea on CP, twice, and didn't hear a peep about it!
You were ahead of your time, Jim. There was a cover story peep about the idea in Interactive Week June 24, in fact. The story followed Bidzos' announcement that NTT would soon be producing 3-DES chips en masse. It's at: http://www.zdnet.com/intweek/print/960624/cover/doc1.html
I just read the article, and it's very interesting. My first note on the subject was posted June 4, and follows below: At 10:54 AM 6/4/96 GMT, John Young wrote:
Connecting Declan's three dots [...]: The New York Times, June 4, 1996, pp. D1, D4. Japanese Chips May Scramble U.S. Export Ban By John Markoff Washington, June 3 -- The Nippon Telegraph and Telephone Corporation has quietly begun selling a powerful data- scrambling chip set that is likely to undermine the Clinton Administration's efforts to restrict the export of the fundamental technology for protecting secrets and commerce in the information age.
An executive at NTT America said that although there were no restrictions on the export of cryptographic hardware or software from Japan, his company was still anxious to obtain software from RSA Data to use in its chips. That software is still controlled by United States export law, he said.
Maybe it's just me, but the solution to NTT's problem is obvious. Even assuming that the export of this software would be against the law, why doesn't somebody simply violate that law? RSA would publish that software, possibly encrypted with NTT's public key, on a public system protected against direct export. "Somebody" would download it, write it to a floppy (taking care not to leave any fingerprints, and wetting both the stamp and the envelope with tap water, rather than licking them) and mail that floppy off to NTT in Japan. (Naturally, you don't put a return address on that envelope. The truly paranoid would first take that floppy to some store's PC section, and cross-load the data onto a floppy written by some other floppy drive.) NTT finds that envelope in their mail, opens it, reads the floppy, decrypts the data, and say, "Wow! It's the data we wanted to get!" It verifies that the data is valid by emailing a copy back to RSA in America, who say, "Amazing! Somebody has illegally exported our software!" As far as I know, there is nothing wrong with NTT using this software even if it is assumed to have been exported illegally. Obviously, NTT won't _ask_ for somebody to do this, because then the government will claim it was all a conspiracy, but that doesn't prevent NTT from being the beneficiary of somebody else's activities. Jim Bell jimbell@pacifier.com
participants (1)
-
jim bell