What NAI is telling people

codehead at ix.netcom.com codehead at ix.netcom.com
Mon Jul 16 18:20:33 PDT 2001 

On Mon, 16 Jul 2001 16:46:20 -0700, Eric Murray <ericm at lne.com> 
wrote:

> On Mon, Jul 16, 2001 at 06:41:22PM -0500, Aimee Farr wrote:
> > Companies with products or applications relevant to defense are wary of
> > email from certain sovereigns. This is because they don't want clueless reps
> > giving away bacon in an email pretext attack. The government has been
> > harping on it lately. Maybe the rep got a talkie and is confused ...or
> > something.
> > 
> > I'm just guessing.
> > 
> > What is the answer?
> > 
> > ~Aimee
> 
> It's a mis-interpretation of the US export laws.   It's common for
> people to think that they limit sending (or receiving in this case)
> encrypted data in addition to encryption devices and info.

That's exactly what I insisted to the NAI rep.  I suggested that he 
talk to their corporate attorneys, pointing out that there was 
nothing in the EARs that prevented reception of such encrypted email 
by anyone in the US; that the EARs specifically prohibited *export* 
of encrypting *software*--not encrypted messages--to the black-listed 
countries.  He, however, kept falling back on the Nuremburg defense 
("I'm just following orders.").  No indication that he would make any 
attempt to ask in spite of several suggestions.  (Employment must 
still be pretty good in Silicon Valley, I suppose, if such people can 
hold a job.)

It's very disheartening to see what NAI is doing/has done to PGP.  
It's especially disgusting in light of the pride that Phil Zimmerman 
and PGP, Inc., once took in enabling communications for human-rights 
activists in such "black-listed" countries.  Now such activists, 
according to the NAI rep, can no longer be heard in the US if they 
communicate by encrypted email--which, of course, may be the only 
means by which they can communicate safely.

Back to the original question:  It's obvious that NAI is operating 
under the belief that some ISPs are complying with some unspoken BXA 
idea/wannabe-law and blocking encrypted messages from "no-no" 
originating domains.  Is this really the case, or is NAI also full of 
it on this one?

More information about the cypherpunks-legacy mailing list