What NAI is telling people

codehead at ix.netcom.com codehead at ix.netcom.com
Mon Jul 16 18:38:46 PDT 2001 

Well, you can try calling the NAI number at 972-308-9960, and see 
what kind of story you get.

I'm still trying to get an upgrade, which is what I called about in 
the first place.  I've been having trouble dealing with one of their 
resellers, so had to go back to the source.  This matter came up when 
the rep told me that I had to answer "yes" to the three export 
questions, and I asked "Do you really think that such software can be 
kept out of the hands of those black-listed countires?"  He told me 
that it could because even if the people in those countries got the 
software, that it would be useless to them because nobody in the US 
could receive encrypted messages from those countries.

Why, I asked.  There's nothing in the EARs to prohibit reception of 
encrypted messages.  There's no big filter at the borders checking 
for messages.  After all, (quoting Tim May) national borders aren't 
even speed bumps on the information superhighway.  He conceded that 
while there was no big filter at the border, ISPs wouldn't accept 
such email.

Which ISPs, I asked.  He mentioned AOL.  Any others?  He didn't know. 
 I asked under what law they were required to filter such incoming 
messages.  He didn't know, but replied this is what the customer 
support people had been told by NAI management.  I suggested (more 
than once) that he ask the NAI legal department if this was indeed 
the case.

Might be also worthwhile to call AOL corporate.  This could evolve 
into a very interesting PR incident for them if they are indeed 
blocking such messages, when it's pointed out that PGP usage is 
essential to the work of human rights, relief, charitable, and even 
religious organizations in those countries.

On the other hand, what's one more nasty PR incident to AOL?

--CH

> Of course there is no law or regulation that prohibits individuals
> from accepting encrypted email from the blacklist countries (or
> an ISP from forwarding it).
> 
> Though perhaps government pressure or simple misunderstanding can 
> explain the situation you encountered. I'd be interested in any
> verifiable info on this.
> 
> -Declan
> 
> 
> On Mon, Jul 16, 2001 at 02:29:16PM -0700, codehead at ix.netcom.com wrote:
> > I just got off the phone with one of the customer service people at 
> > NAI, who informed me that "Encrypted e-mails from certain countries 
> > aren't accepted in the US" and that accepting encrypted email from 
> > one of the "black list" (i.e., North Korea, Libya, Iran, Iraq, China, 
> > etc.) is illegal under US law.
> > 
> > When queried about the issue of *accepting* encrypted e-mail from a 
> > "black-list" country, the customer rep stated that this is what he 
> > was told by higher-ups in the company.
> > 
> > Never mind the issue of web-based email, mail originating from the 
> > dot-com, dot-edu, dot-net or dot-org TLDs, spoofed headers or open 
> > relays.  It was impossible to resist quoting Tim May on the 
> > transparency of national borders, and to point out that so far, 
> > anyway, there was no ubiquitous filter at the borders.  The rep 
> > backpedaled and stated that "some" ISPs, specifically AOL, were 
> > choosing not to accept such email.
> > 
> > Anyone have any idea if any ISPs are refusing to accept encrypted 
> > email from "black-listed" countries?
> > 
> > Or is this just a matter of NAI cluelessness?

More information about the cypherpunks-legacy mailing list