ITAR and hash functions (Perry's question)

[Phil Karn]

Perry quoted part of the joint declaration of facts in my case and asked

>Would this not mean that the government is estopped from ever again
>claiming that hash functions are export controlled under the ITAR?

Not according to them. They have made it clear throughout their
filings that they consider each CJ request on a case-by-case basis.
Furthermore, they repeatedly assert that under the power delegated to
them by the President, they have the absolute power to add and delete
items from the Munitions List and to make inexplicable, inconsistent
and arbitrary rulings whenever they damn well feel like it, and no
court can overrule them.

They even feel free to ignore their own rules whenever they get too
inconvenient. See my attorneys' brilliant analysis of why the ITAR as
written clearly permits the export of public domain crypto code under
the public domain exemption. It's about halfway through

http://www.qualcomm.com/people/pkarn/export/karnresp.html

But State wrote the rules, so they can ignore 'em whenever they feel
like it. Why gosh, National Security is at stake! And that's something
we mere mortals can't possibly know anything about.

Grep for the word "estoppel" in their arguments -- I know they used it
at least once to discuss this exact point.

So the bottom line is this: at the moment the ODTC will let you export
hash functions as long as they don't encrypt data. They'll probably
grant CJ requests to that effect. But they could change their minds at
any time if they feel like it.

Isn't it wonderful to live under a government of laws, not of men?

Phil