CDR: Re: export reg timewarp? (Re: RC4 source as a literate program)

John Young jya at pipeline.com
Sun Sep 3 09:26:42 PDT 2000 

Adam Back wrote:

>The US export regulations no longer prevent export of crypto.  PGP
>exported binary copies of PGP from US websites, as now do many other
>companies.  Crypto source is exported also from numerous web sites.
>
>I don't follow why all the discussion talking as if ITAR and EARs were
>still in effect in unmodified form.

Good point, except that PGP.com and Freeware still have export
restrictions on downloads, as do most other US crypto export
sites. This is probably due to the fact that nobody understands
the export regs and better safe than lose out on fat government
contracts, and corollary contracts with other corporations who
dare not offend the authorities.

Even some private sites which rushed to offer crypto on the Internet
have withdrawn their offerings. And, according to Matt Blaze's
tabulation of such offerings, they have nearly petered out.

Don't forget that there is till a review required by BXA for strongest 
products. What happens in those reviews has not been disclosed 
as far as I know. Whether the NDA is voluntary to hide trade
secrets, compulsary to hide dirty dealing, or worse to hide
really nasty access requirements -- probably some of all
these in the great American tradition of promising much and
delivering not so much unless you play ball under the umpires
clubhouse rules.

Nicky Hager (of Secret Power fame) co-wrote another book
on a PR war in NZ in which he covered at length the practice
of governments and corporations hiding their filthy deals from
freedom of information access through the loophole of
protecting proprietary information from the public.

Another commentator pointed out recently that the vast
majority of FOIA requests are indeed made by people
seeking commercial intelligence which is not intended to
be made public , and relatively few seeking information 
to release to the public.

So there is a bind on getting info on what actually happens
at BXA and its co-agencies during crypto export review.
However, in contrast to a few years back, I don't see 
many corporations or individuals calling for greater access 
to closed information about crypto export procedures.

Could be all the crypto folks are doing just fine under
the system, so why bitch about making it into the comfort
zone. And, oh yeah, fuck the public interest now that
the crypto public outreach PR campaigns did their job to 
get inside the sweetheart PR loophole.

Doug Porter has written an interesting update about all this 
crypto flim-flam in the "Pocket Guide to NSA Sabotage:"

   http://cryptome.org/nsa-sabotage.htm

And what the fuck is Schneier doing trashing crypto to build
his security consulting business? That sounds like priests
preaching Our Church Alone salvation to keep the flock 
frightened, dependent and shelling out for long term 
protection contracts. You know, like the one-world feds 
and all-world spooks.

More information about the cypherpunks-legacy mailing list