Exporting software doesn't mean exporting

Adam Shostack adam at lighthouse.homeport.org
Wed Nov 8 08:06:45 PST 1995


	Since the size of the net is more than doubling each year,
over half the people online at any given time are newbies.*  It is not
reasonable to expect a newbie to understand IP routing.  Neither IP
routing nor the design of the backbone is intuitively obvious.
Therefore, it is not reasonable to assume that a user in Italy or
Germany has any idea that their packets might travel through the
United States.  

	Nor is it reasonable to assume that a user outside the US is
familiar with the ITARs.  They're an obscure set of regulations, on
the surface contrary to the First Amendment, and not even well known
within the United States.

	I find it hard to believe that given the obscurity of IP
routing, the backbone design, and the obscurity of the ITAR that a
jury would find a foreign person guilty of unknowingly violations of
the ITAR.  Any comment on this line of reasoning from our lawyer
friends?

Adam


Sten Drescher wrote:
| Adam Shostack <adam at lighthouse.homeport.org> said:
| 
| AS> 	Thus, if the user in Italy has no reason to expect that their
| AS> mail to Germany will traverse the US, then I suspect that the US
| AS> would have a hard time proving any criminal act.  Doesn't a criminal
| AS> act require intent of some type?  If IP routing, in conjunction with
| AS> SMTP, beyond the control of the users, ships packets through the US,
| AS> I have a hard time believing that that makes those users criminals.
| 
| 	IANAL, but if they have the intent to transfer cryptographic
| software, and can 'reasonably' (wonderful precision there) be expected
| to know that there is the potential for portions of the transfer to be
| routed through US systems, then I'm guessing that it could be construed
| that they had the intent to commit a crime.



-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume







More information about the cypherpunks-legacy mailing list