Re: ACM/IEEE Letter on Cryp

[jim bell <jimbell@pacifier.com>]

At 06:25 PM 4/6/96 -0500, Dave Banisar wrote:
>The export language comes from the origional Cantwell bill and orders the
>Commerce Sec. 

Could somebody re-post that Cantwell bill?

>to allow export of mass market software and allows somewhat more
>limited export of non-mass market software dependng on what is available to
>banks in that country.

Which country?  The country to be exported to?  This bill is starting to 
sound distinctly manipulative!  Remember, once it's out of the country, it 
can be sent _anywhere_ so it is pointless to include any destination 
distinctions, including "terrorist countries." 

And what happens if the only software available to banks in that country (by 
their law) requires some sort of key-escrow function, even if that country allows 
non-escrowed encryption to citizens?  Do we get to export or not?

It's already beginning to smell.  The original claim, as I recall, was that 
export would be allowed if something was already available with at least as 
high a level of protection. No distinction as to _where_ that software was 
available.   That would be a fairly broad allowance.  Now, we are seeing 
that the evil hand of government is being inserted into the equation:  
Suddenly, what their government ALLOWS BANKS is the distinguishing factor.  GRRRRRR!

This is _exactly_ why I want to see this bill BEFORE it is officially 
introduced, and why everyone else here should as well.

>Its not ideal 

Maybe it should be.  There is already serious doubt as to whether this bill 
could even hope to pass before the end of the current session. That's not 
surprising; it will be introduced very late.   If it can't pass, I see 
absolutely no reason to include misfeatures in a bill that will have many 
months to be re-written before the next session.  Nothing is set in stone; 
it can all be changed _if_ it's not part of some sort of secret deal.

The way I see it, if there is not a strong probability that it will be voted 
in, there is no reason to introduce a flawed bill.  Even more so, there is 
no reason to support a hurried bill if the apparent reason for the hurry is 
to ensure that the bill contains "features" that will be hard to remove in 
the future.  If Burns can't do it right soon enough to pass, he needs simply 
take an extra month or two and publicize the _corrected_ bill on (surprise!) 
the Internet, and worry about introducing it in the next session of 
Congress. (He'll get the election-year political benefit just as 
effectively.  Pardon me for being cynical.)   I can't see that anybody is 
going to hold a little delay against him.


>(I think the limits on non-mass market
>should be the same as mass market- almost none except for a limited number of
>"terrorist" countries (we'd get killed if we argue that those should be
>eliminated) but overall much better than leahy's and somewhat better than
>goodlatte's bill.

Pardon my language, but WHAT THE HELL IS "MASS MARKET SOFTWARE"?

_Everybody_ wants their software to sell as many copies as possible; what is 
the difference between something which sells 10,000 copies and something 
that sells 10 million?  Is this bill a sop to Egghead software?

Is the legal difference going to be cost?  Say, anything less than $1000?  
That would at least make a distinction that has a certain level of precedent 
behind it, since export licenses have had minimal-dollar-value exceptions 
built in for a long time.    What about freeware/shareware?

And you didn't answer my question about whether key length alone was a 
distinguishing feature, or software function.  This is not looking good.  
Too many conditions?  Too many exceptions?  Too many caveats?  Why can't 
those sleazy politicians give us what we want?

Ooops, I just answered my own question.

Jim Bell

jimbell@pacifier.com