[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Crippled Notes export encryption
At 12:56 AM 1/25/96, Derek Atkins wrote:
>Yes, it is a huge can of worms. Worse, since it is done on a
>case-by-case basis, there really is no clear definition of where the
>exportable vs. non-exportable line actually is. You need to try it to
>test if it will work or not.
Several people have mentioned the "case by case" nature of the crypto
export situation, and this is of course the key.
I don't claim to have studied the ITARs as, say, Phil Karn or Dan Bernstein
have. Or to to have reviewed relevant case law, precedents, etc. But I'm
not sure it's important.
That is, the Munitions Act and related laws/regulations were set up to meet
certain end goals considered desirable. With considerable flexibility in
interpreting these rules and regulations, State and NSA seek to meet the
end goals they have established, not to scrupulously define the exact
boundaries of the law.
Thus, let me try to think like them and present some situations people have
proposed (or actually filed cases about, a la Bernstein, Karn, etc.), and
*guess* which way things will go. Others may disagree. Here they are:
Situation/Test Case Likely End Result
* Export of t-shirt * Foot-dragging, but eventual approval
(foot-dragging because D.C. won't be sure how any decision they make will
be taken)
* Ian Goldberg returning to Canada * The issue won't even come up
(Students routinely return to Israel, Netherlands, etc. Nobody cares.
Especially with regard to students returing to Canada, which is of course
treated as a backward child of the U.S. for the purposes of crypto policy.)
* Goldberg's team sets up in Zurich * NSA issues warning to Foobar, Inc.
(In this hypothetical, Ian Goldberg has a team in Berkeley writing the
MongoBrowser Web browser. They decide U.S. laws on crypto export are too
restrictive and decide to move their operation to Zurich. This is clearly
designed to skirt the "spirit" of the Munitions Act/ITARs, and so the
NSA/State will try to head it off. Assuming they even learn it is
happening, which is a very real impediment to practical enforcement. Ex
post facto, MongoBrowser and its programmers could be hassled upon entry to
the U.S. later.)
And so on. In other words, you need to "think like them" with regard to
what's a potentially real threat and what's not. T-shirts are not real
threats, but RSADSI deciding to move its core crypto development to Zurich
is.
--Tim May
Boycott espionage-enabled software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
[email protected] 408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."