[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Free software could not threaten purpose of ITAR ...
It never ceases to amaze me how inconsistent the anti-crypto
people are on this issue ...
I just took a look at VADM McConnell's answers during a Senate
hearing on May 3, 1994 ...
http://csrc.nist.gov/keyrecovery/ees_q-a.txt
Questions from Senator Murray:
Q: In my office in the Hart building this February, I downloaded
from the Internet an Austrian program that uses DES encryption.
This was on a laptop computer, using a modem over a phone line.
The Software Publishers' Association says there are at least 120
DES or comparable programs world wide. However, U.S. export
control laws prohibit American exporters from selling comparable
DES programs abroad.
With at least 20 million people hooked up to the Internet, how do
U.S. export controls actually prevent criminals, terrorists, or
whoever from obtaining DES encryption software?
A: Serious users of encryption do not entrust their security to
software distributed via networks o bulletin boards. There is
simply too much risk that viruses, Trojan Horses, programming
errors, and other security flaws may exist in such software which
could not be detected by the user. Serious users of encryption,
those who depend on encryption to protect valuable data and cannot
afford to take such chances, instead turn to other sources in
which they can have greater confidence. Such serious users
include not only entitles which may threaten U.S. national
security interests, but also businesses and other major consumers
of encryption products. Encryption software distribution via
Internet, bulletin board, or modem does not undermine the
effectiveness of encryption export controls.
Why is it, then, that we don't just allow non-commercial software to
be exported?
1. I don't believe, for a moment that "serious users" of cryptography
cannot entrust their security to "software distributed via
networks o bulletin boards". Those are precisely the mediums
through which PGP became popular.
2. Phil Z was being harassed precisely because PGP is most definitely
a serious threat in the trend toward undermining ITAR.
3. Phil K's export request was rejected, and MIT was harassed over
the PGP source book, precisely because source code is source code.
It does not matter if it came on a disk or through a network or
through a bulletin board or on a book.
The point is that the NSA DOES view this as a serious threat, so they
are fighting this tooth and nail.
Ern