[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

the $64K question?



FTP site for complete ITAR is:

ripem.msu.edu:/pub/crypt/docs/itar-july-93.txt.

sci.crypt archives are there also. Thanks to M. Riordan for this
valuable service. I also understand that D. Bernstein may have helped
in getting the ITAR on specifically. Both are sci.crypt FAQ
contributors & maintainers.

* * *

[email protected] (Greg Broiles) quotes an *extremely*
interesting section of the ITAR, perhaps the *critical section* for
this issue at hand. But he seemed to skip right over a critical piece.

The thread, as it stands: we have seen the ITAR sections that bar
disclosure (export) of `technical data' to `foreign nationals' and
sections that state that anything illegally exported cannot be legally
imported, and now we find technical data defined as:


   $120.21 Technical data.

        Technical data means, for purposes of this subchapter:
            (a)     Classified information relating to defense articles
                    and defense services;
            (b)     Information covered by an invention secrecy order;
            (c)     Information, in any form, which is directly related
                    to the design, engineering, development, production,
                    processing, manufacture, use, operation, overhaul,
                    repair, maintenance, modification, or reconstruction
                    of defense articles. This includes, for example,
                    information in the form of blueprints, drawings,
1                   photographs, plans, instructions, computer software,
1                   and documentation. This also includes information
                    which advances the state of the art of articles on
2                   the U.S. Munitions List. This definition does not
2                   include information concerning general scientific,
2                   mathematical, or engineering principles commonly
2                   taught in academia. It also does not include basic
                    marketing information or general system descriptions
                    of defense articles.

*wow* -- we find that (1) `computer software and documentation'
`related to [verb1,verb2,verb3 ad infinitum] of defense articles' is
*banned*. but in the same paragraph, (2) `general scientific or
commonly taught mathematical or engineering principles' are *not*
banned. Surely, (1) is the clause that Bidzos would claim applies --
restricting the export of technical data in the form of software.

The $64K Question: Is PGP `computer software related to defense' or
`technical documentation encompassing general scientific & engineering principles'?

so, likely, that paragraph will be the focus of attention, and perhaps
the fulcrum of the case, for both the prosecution and defense, of a
hypothetical trial.

another point to make: the naive prejudices of those who crafted this
list are apparent as being from the
agency-which-will-remain-anonymous-but-has-the-initials-NSA. They seem
to think that `defense articles' and `general scientific, mathematical,
and engineering principles' are mutually exclusive. Hee, hee. They
might as well just have a law that bans `everything we don't approve
of' with no loss of ambiguity.

G.B. again
>The definitions of export that I've seen have concerned transferring
>information or physical things, or providing services to, persons,
>corporations, or nations which are not U.S. citizens. They have not
>addressed placing these things where "foreign persons" might conceivably
>get them.

another *very* critical aspect of the case, noted also by H. Finney and
others. I have a theory about this (surprise! :) Bidzos indicated how
the ITAR is very recent. It appears to be being updated all the time.
This is a bit scary how easy it is for `the powers that be' (the most
verminous expression, hence my use) to slip in to modifications to the
ITAR. I wonder how much these various paragraphs have changed between
versions of the ITAR -- I suspect that if we looked at it in a linear
historical progression, we would find an increasing desperation in the
writing, representing the futile attempt to encompass all the data
leaking all over cyberspace, like trying to hold onto a handful of
greased vibrating marbles, or chain down electrons. This is another
`conspicuous omission' that suggests the likelihood that it is `in the
works' to get in clauses that *specifically address* the concept of
`broadcast' of information similar to an FTP site, perhaps even
underway at this moment in the labyrinthine catacombs of our government.

* * *

My sincere thanks to everyone who has contributed to the ITAR analysis
associated with the case dispassionately. We shouldn't delude ourselves
in thinking all this is happening in anything other than a mailing list
vacuum, and the EFF/PRZ laywers (`the Professionals') surely have
entirely different perspectives on the matter, but for me at least I
find it extraordinarily educational and intellectually stimulating --
in a sort of depraved way.

On the other hand, reading between the lines of our comments, the ITAR
itself is probably close to the most totalitarian document our country
has yet produced. It is sort of like `constitutional antimatter'. Look
at how pliant this enterprise-constricting law is to burdensome and
insideous modifications, in total defiance of open and public
legislative procedure! The people that are *experts* on it can't keep
up with all the shadowy knob-twiddling. In restricting *technical data*
to `foreign nationals' (the latter phrase a rather atrocious coinage in
itself) we seem to find the same institutionalized paranoia against the
spread of simple *information* that was associated with copier machines
in the cold-war-era Soviet Union. The irony is that to a totalitarian
state, that paranoia is not comical -- it is entirely justified and
critical to its self preservation.