[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Revised - Zimmermann Defense Fund Appeal
Tom Bryce at Duke (thanks, Tom!) has pointed out an important
erratum in my original fundraising post. I mistakenly gave out Phil
Dubois's net.address as "[email protected]". This is WRONG: the correct
address is:
[email protected]
I apologize for the error. Since the post was signed, and just patching
it will mung the md5 hash, I have included the whole message below. If
you are reposting the message to other outlets, please use this new
revision (version 1.1!) instead.
Also, Irving Wolfe (thanks, Irving!) wrote me to suggest that
persons interested in donating to Phil's defense fund might like to see
some bona fides of my (and Phil Dubois's) relation to Phil Zimmermann,
to insure that the money donated is going where we say it is. I've
included something which (I hope) might go some way towards addressing
this concern in the revised post too.
Best wishes for a Happy Holidays to all on the Net (and off)!
----------------------->% CUT HERE %<-------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Phil Zimmermann Legal Defense Fund Appeal
In November, 1976, Martin Hellman and Whitfield Diffie announced
their discovery of public-key cryptography by beginning their paper
with the sentence: "We stand today on the brink of a revolution in
cryptography."
We stand today on the brink of an important battle in the
revolution they unleased. Philip Zimmermann, who encoded and released
the most popular and successful program to flow from that discovery,
Pretty Good Privacy ("PGP"), may be about to go to court.
It has been over fourteen months now since Phil was first informed
that he was the subject of a grand jury investigation being mounted by
the San Jose, CA, office of US Customs into the international
distribution, over the Internet, of the original version of the
program. On January 12th, Phil's legal team will meet for the first
time with William Keane, Assistant US Attorney for the Northern
District of California, who is in charge of the grand jury
investigation, in San Jose. An indictment, if one is pursued by the
government after this meeting, could be handed down very shortly
thereafter.
If indicted, Phil would likely be charged with violating statute 22
USC 2778 of the US Code, "Control of arms exports and imports." This
is the federal statute behind the regulation known as ITAR,
"International Traffic in Arms Regulations," 22 CFR 120.1 et seq. of
the Code of Federal Regulations. Specifically, the indictment would
allege that Phil violated 22 USC 2778 by exporting an item listed as a
"munition" in 22 CFR 120.1 et seq. without having a license to do so.
That item is cryptographic software -- PGP.
At stake, of course, is far more than establishing whether Phil
violated federal law or not. The case presents significant issues and
will establish legal precedent, a fact known to everyone involved.
According to his lead counsel, Phil Dubois, the US government hopes to
establish the proposition that anyone having anything at all to do with
an illegal export -- even someone like Phil, whose only involvement was
writing the program and making it available to US citizens and who has
no idea who actually exported it -- has committed a federal felony
offense. The government also hopes to establish the proposition that
posting a "munition" on a BBS or on the Internet is exportation. If
the government wins its case, the judgment will have a profound
chilling effect on the US software industry, on the free flow of
information on the emerging global networks, and in particular upon the
grassroots movement to put effective cryptography in the hands of
ordinary citizens. The US government will, in effect, resurrect
Checkpoint Charlie -- on the Information Superhighway.
By now, most of us who are reading this know about Phil and the
case, whether by having the program and reading the doc files or by
seeing reports in the Wall Steet Journal, Time, Scientific American,
the New York Times, Wired, US News and World Report, and hundreds of
other news outlets; on Usenet groups like talk.crypto.politics or
alt.security.pgp; or by listening to Phil give talks such as the one he
gave at CFP '94 in Chicago. We know that PGP has made great strides
since version 1.0, and is now a sophisticated encryption and
key-management package which has become the de facto standard in both
micro and mainframe environments. We know that Phil and the PGP
development team successfully negotiated a commercial license with
Viacrypt, and, through the efforts of MIT, a noncommercial license for
PGP with RSA Data Security, the holders of the patent on the RSA
algorithm on which PGP is based, thus freeing the program from the
shadow of allegations of patent infringement. We know that programs
such as PGP represent one of our best bulwarks in the Information Age
against the intrusions of public and private information gatherers. We
know that PGP is a key tool in insuring that the "Information
Superhighway" will open the world to us, without opening us to the
world.
What we may not all know is the price Phil has had to pay for his
courage and willingness to challenge the crypto status quo. For years
now Phil has been the point man in the ongoing campaign for freely
available effective cryptography for the everyday computer user. The
costs, personal and professional, to him have been great. He wrote the
original code for PGP 1.0 by sacrificing months of valuable time from
his consulting career and exhausting his savings. He continues to
devote large amounts of his time to testifying before Congress, doing
public speaking engagements around the world, and agitating for
"cryptography for the masses," largely at his own expense. He is now
working, still for free, on the next step in PGP technology, PGP Phone,
which will turn every PC with a sound card and a modem into a secure
telephone. And we know that, just last month, he was searched and
interrogated in the absence of counsel by US Customs officials upon his
return from a speaking tour in Europe.
Phil's legal team consists of his lead counsel, Philip Dubois of
Boulder, CO; Kenneth Bass of Venable, Baetjer, Howard & Civiletti, in
Washington, DC, first counsel for intelligence policy for the Justice
Department under President Carter; Eben Moglen, professor of law at
Columbia and Harvard Universities; Curt Karnow, a former assistant US
attorney and intellectual property law specialist at Landels, Ripley &
Diamond in San Francisco; and Thomas Nolan, noted criminal defense
attorney in Menlo Park.
While this is a stellar legal team, what makes it even more
extraordinary is that several of its members have given their time for
free to Phil's case. Still, while their time has been donated so far,
other expenses -- travel, lodging, telephone, and other costs -- have
fallen to Phil. If the indictment is handed down, time and costs will
soar, and the members of the team currently working pro bono may no
longer be able to. Justice does not come cheap in this country, but
Phil deserves the best justice money can buy him.
This is where you and I come in. Phil Dubois estimates that the
costs of the case, leaving aside the lawyers' fees, will run from
US$100,000 - $150,000. If Phil's team must charge for their services,
the total cost of the litigation may range as high as US$300,000. The
legal defense fund is already several thousand dollars in the red and
the airline tickets to San Jose haven't even been purchased yet.
In September, 1993 I wrote a letter urging us all to support Phil,
shortly after the first subpoenas were issued by Customs. Today the
need is greater than ever, and I'm repeating the call.
Phil has assumed the burden and risk of being the first to develop
truly effective tools with which we all might secure our communications
against prying eyes, in a political environment increasingly hostile to
such an idea -- an environment in which Clipper chips and digital
telephony bills are our own government's answer to our concerns. Now
is the time for us all to step forward and help shoulder that burden
with him.
It is time more than ever. I call on all of us, both here in the
US and abroad, to help defend Phil and perhaps establish a
groundbreaking legal precedent. PGP now has an installed base of
hundreds of thousands of users. PGP works. It must -- no other
"crypto" package, of the hundreds available on the Internet and BBS's
worldwide, has ever been subjected to the governmental attention PGP
has. How much is PGP worth to you? How much is the complete security
of your thoughts, writings, ideas, communications, your life's work,
worth to you? The price of a retail application package?i Send it.
More? Send it. Whatever you can spare: send it.
A legal trust fund, the Philip Zimmermann Defense Fund (PZDF), has
been established with Phil Dubois in Boulder. Donations will be
accepted in any reliable form, check, money order, or wire transfer,
and in any currency, as well as by credit card.
You may give anonymously or not, but PLEASE - give generously. If
you admire PGP, what it was intended to do and the ideals which
animated its creation, express your support with a contribution to this
fund.
* * *
Here are the details:
To send a check or money order by mail, make it payable, NOT to Phil
Zimmermann, but to "Philip L. Dubois, Attorney Trust Account." Mail the
check or money order to the following address:
Philip Dubois
2305 Broadway
Boulder, CO USA 80304
(Phone #: 303-444-3885)
To send a wire transfer, your bank will need the following
information:
Bank: VectraBank
Routing #: 107004365
Account #: 0113830
Account Name: "Philip L. Dubois, Attorney Trust Account"
Now here's the neat bit. You can make a donation to the PZDF by
Internet mail on your VISA or MasterCard. Worried about snoopers
intercepting your e-mail? Don't worry -- use PGP.
Simply compose a message in plain ASCII text giving the following:
the recipient ("Philip L. Dubois, Attorney Trust Account"); the bank
name of your VISA or MasterCard; the name which appears on it; a tele-
phone number at which you can be reached in case of problems; the card
number; date of expiry; and, most important, the amount you wish to do-
nate. (Make this last item as large as possible.) Then use PGP to en-
crypt and ASCII-armor the message using Phil Dubois's public key, en-
closed below. (You can also sign the message if you like.) E-mail
the output file to Phil Dubois ([email protected]). Please be sure to use
a "Subject:" line reading something like "Phil Zimmermann Defense Fund"
so he'll know to decrypt it right away.
Bona fides: My relation to Phil Z. is that of a long-time user and
advocate of PGP and a personal friend. For over a year I moderated the
(no longer published) digest, Info-PGP, on the old lucpul.it.luc.edu site
here at Loyola. I am in no way involved with the administration of the
PZDF. I volunteer my time on its behalf.
Phil Dubois is Phil Z.'s lawyer and lead counsel in the Customs case.
He administers the PZDF.
To obtain a copy of my public key (with which you can verify the
signature on this doc), you have a number of options:
- Use the copy which I will append below.
- Send mail to me at [email protected] with the "Subject:" line
reading "send pubkey"
- Get it by anon ftp at ftp://ftp.math.luc.edu/pub/hmiller/pubkey.hm
- Obtain it from an Internet PGP keyserver machine such as
[email protected]. Just send a mail message to this
address with the "Subject:" field "GET hmiller". Other keyserver
machines on the Net which accept the same message format (and
automatically synchronize keyrings with each other every 10 minutes or
so) include:
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
You can verify my public key by calling me at 312-338-2689 (home)
or 312-508-2727 (office) and letting me read you my key fingerprint
("pgp -kvc hmiller" after you have put my key on your pubring.pgp keyring).
I include it also in my .sig, below, if that's good enough for you.
You might also note that Phil Zimmermann has signed my public key.
Hopefully he is Node #1 in your Web-of-Trust! His key is available on
the net keyservers and in the 'keys.asc' file in the PGP distribution
packages.
Phil Dubois's pubkey can also be obtained from the keyservers, if
you prefer that source to the text below, and from 'keys.asc'. Phil Z.
has signed his key as well.
Here is Phil Dubois's public key:
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.7
mQCNAiyaTboAAAEEAL3DOizygcxAe6OyfcuMZh2XnyfqmLKFDAoX0/FJ4+d2frw8
5TuXc/k5qfDWi+AQCdJaNVT8jlg6bS0HD55gLoV+b6VZxzIpHWKqXncA9iudfZmR
rtx4Es82n8pTBtxa7vcQPhCXfjfl+lOMrICkRuD/xB/9X1/XRbZ7C+AHeDONAAUR
tCFQaGlsaXAgTC4gRHVib2lzIDxkdWJvaXNAY3NuLm9yZz6JAJUCBRAsw4TxZXmE
uMepZt0BAT0OA/9IoCBZLFpF9lhV1+epBi49hykiHefRdQwbHmLa9kO0guepdkyF
i8kqJLEqPEUIrRtiZVHiOLLwkTRrFHV7q9lAuETJMDIDifeV1O/TGVjMiIFGKOuN
dzByyidjqdlPFtPZtFbzffi9BomTb8O3xm2cBomxxqsV82U3HDdAXaY5Xw==
=5uit
- -----END PGP PUBLIC KEY BLOCK-----
Here is my (Hugh Miller's) public key:
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAy7frrEAAAEEALzOAQt+eWHzXSDLRgJaQMQ7Uju1xrD9mXAZGAG1GmiTNjKl
wK68qOXrwJvnH1BmGtg8GGv53nTeabltpn5crsQVFm+0623M56/T7SOeUBWxxoa0
vvqAA8sJ6ac1/MXY9KIgqxu8Mu6Qwf68C4OnwCbE7T71bi+fjdEdYC5Hk8UpAAUR
tB1IdWdoIE1pbGxlciA8aG1pbGxlckBsdWMuZWR1PokAlQMFEC7ryVNleYS4x6lm
3QEBW6YD/2IOIZX9FOggNyemvPwM/EN86KW74ZGuYuTIfPCrvOMy8pFqfE33Bw93
UkyIDj1Yh/nDlclEOO/J0tyngPn2BD2vMtaKIGRhVjnoxQc3BfzdjJ2nnHoFzAjz
0MBxYthysmWYsyF8cQxST6LZLITKkf41dti8SVKYVRWIgkyub02HiQCVAwUQLt/F
oNEdYC5Hk8UpAQHD1wP9GdN9OHAKkIRsHeHy0wsEkI4Emb/bHiU+W59Zw7NPWsWF
3WTT1z8GKNToQLUdysbbJuSSk3rD3F4SNGJ+KPjR4674pmEfCVVP8cQPXEl4a3Zs
xSLWNI6rG3muUAfLdyZiFP08NthOVlP2h1aOLCqIgkjEYMfQNEgkefBRJd6JywI=
=hWCA
- -----END PGP PUBLIC KEY BLOCK-----
* * *
This campaign letter will be posted in a number of Usenet groups.
I will also be turning it into a FAQ-formatted document, which will be
posted monthly in the relevant groups and which will be available by
anonymous ftp from ftp://ftp.math.luc.edu/pub/hmiller/PGP/pzdf.FAQ. If
you come upon, or up with, any other ways in which we can help raise funds
for Phil, drop me a line at [email protected] and let me know, so that I
can put it in the FAQ.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBLvFO3tEdYC5Hk8UpAQF6IwQAp3Ig71gGRj/dDGXDBdqj55uMQQsywhi2
pEzh0arfrRonqMX0UleysqYqjcUtm0rvbrXoYUy8a9vJzj4Wuyf1dQ6WyqBkcmOX
z7RGtoLVxsfTjNNTrY0810SXx/yOMYtBW7mq+zNmqEykGFZTdfsVKFEyFw6AJ//B
Ah+LQNb01Xo=
=aW2m
-----END PGP SIGNATURE-----
--
Hugh Miller, Ph.D. Voice: 312-508-2727
Asst. Professor of Philosophy FAX: 312-508-2292
Loyola University Chicago Home: 312-338-2689
6525 N. Sheridan Rd. E-mail: [email protected]
Chicago, IL 60626 WWW: http://www.luc.edu/~hmiller
PGP Public Key 4793C529: FC D2 08 BB 0C 6D CB C8 0B F9 BA 55 62 19 40 21