[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Your editorial in the 10/14 PCWeek




[I'm leaving [email protected] on the distribution list, though this
letter is not meant to be a "letter to the editor" for PC Week. I just
disagree with some points Marshall Clow brings up, and feel Mr. Gibson
ought to get a copy of this, as he cc:ed the Cypherpunks on his letter.]

At 10:56 AM -0700 10/16/96, Marshall Clow wrote:
>Mr Gibson --
>
>I'm afraid that I must disagree with your editorial in the October 14th
>issue of PC Week titled "Encryption Law Change: Good News"
><http://www.pcweek.com/opinion/1014/14edit.html>. This is not a good
>change, but rather another attempt by the government to get it's "key
>escrow" (now renamed 'key recovery') agenda added to commercial software
>products.
>
>Let's start with the facts.
>
>A) This is not a change in the law. There is no law regarding export of
>encryption software.
>Congress has never passed any such law. These are State Department
>regulations, and presidential decrees. These regulations, which have the
>force of law to you and me, were never debated or voted upon by our
>elected representatives. They can be changed tomorrow the same way. In
>fact, they can be changed and the public need not even be notified.

Actually, as Greg Broiles pointed out in an article (on the Cypherpunks
list) several weeks ago, Congress deliberately chooses to delegate much
regulatory authority to other agencies. There just is not enough time or
expertise for them to pass specific laws covering the number and size of
trashcans in the national parks, the type of equipment to be used on Navy
ships, and so on. The State Department--and soon to be transferred to
Commerce--has the regulatory authority to decide which exports are covered
by the International Trafficking in Arms Regulations, the ITARs. These
rules effectively have the full force of law, as many tens of thousands of
laws not specifically passed by Congress have.

(It is true that the ITARs may well end up being overturned by the courts,
as the Bernstein and Junger cases proceed, but this could happen to laws
passed by Congress, and does.)

Also--and I am not an expert on this--some of the basis of the ITARs is
closely related to the "Munitions Act," which was, I am almost certain, an
actual Act of Congress, some decades back.

Certainly Congress knows full well what the ITARs are about, and could
change them if it thought the State Department or Commerce Department were
overstepping their bounds. (As it may do, some day. Not this term,
obviously. "Pro-Code" got tabled, so Congress effectively spoke.)

(Understand that I am not arguing in favor of the ITARs, nor their
application to crypto, just taking issue with Marshall's opening point that
the ITARs are not real laws. I mostly believed they were real laws before,
but Greg Broiles' analysis several weeks ago cinched it for me.)

I don't have the time right now to respond to the rest of Marshall's
letter, though I agree with his basic sentiments.

--Tim May





"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
[email protected]  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."