Re: CJR returned to sender

[aba@atlas.ex.ac.uk]

On the T-shirt which some poeple are starting to view as an overplayed
joke:

I'd agree that we on cypherpunks have probably heard enough on the
subject, to the extent that it was creating a lot of noise a while
back, but the idea I think is to create publicity wherein ITAR is
ridiculed by demonstrating that the State Departments ITAR related
decisions are inconsistent, and arbitrary.

This I think is a similar tactic to that used by Phil Karn, with the
Applied Crypto case, and by MIT with the MIT PGP source code book and
CJR on that.

Also the SSL 88+40 brute force was mostly a political demonstration,
most anyone could have predicted the approximate MIPs required, and
that it was ridiculously weak.  Yet much of the media attention widely
ignored the fact that it was a simple fact, 40 bits isn't enough, and
chose instead to play on wording such as "French Student Hacker breaks
Netscape", which of course is wildly inaccurate on numerous counts.

As to the accusation that a T-shirt is silly, sure, I absolutely
agree, but it's *supposed to be* silly, the point being to get a
decision from the state department, and say, look the decisions these
people are making with extreme weight of law ($1,000,000 fines &c) are
ridiculously inconsistent, and arbitrary, and cost the US software
industry 100s of millions of dollars each year in lost trade.  With a
silly example, I would have thought you would be more likely to get
positive editorials from the press.  I mean if you say PGP, some
people are sucked in by the crypto scare stories Freeh and co put out.
If it's a T-shirt you'd have a hard time saying it was a dangerous
item, or that the info was dangerous.

If unclear fabric printing is the issue, put it on a floppy disk
(would take less than one sector), print the program on the disk label
and try that too.  Also my uk printed shirts, and Don Henson's (other
US supplier) have a simply huge barcode (Joel's is around 1/2 the
size) the aim being to remove all doubt about readability.  See
pictures (mine (UK), and Don's (US) respectively):

	http://www.dcs.ex.ac.uk/~aba/uk-shirt.html
	http://www.colossus.net/wepinsto/wsft_f/wspp_f/tshirt1.html

You could probably transcribe that barcode by hand the stripes are
that fat.  The ITAR docs themselves don't seem to make the case that
machine readability is significant, that was to my understanding just
an arbitrary decision they displayed with Phil Karn's Applied Crypto
disk set.  No to the disks due to being more machine readable than the
book, or something.  The reason for the barcode was to try to
encourage banning of the T-shirt by pandering to thier apparent
prediliction to ban machine readable forms of things freely available
in print form.

On the "has been declared a munition by State Department", this is
clearly incorrect.  Don Henson used this in his earlier ads, and I
corrected him on this wording, and he now says something different.

The wording on the shirt (Joel Furr's shirt which is what Raph mailed
I understand) the caption is:

	"This shirt is a munition"

and you can see a picture of this shirt it, here:

	http://www.danger.com/ad-perl.html

I don't think saying this shirt is a munition is that misleading.  It
is arguable, and of course no decision has been obtained from the
State Department, but if anyone is so sure about it I'd invite them to
make a public demonstration of exporting it in any medium they fancy
(paper, disk, internet, T-shirt).  Another candidate: export snuffle
without asking permission.  I hear that it is only 10 lines of C code.

Adam
--
Munitions T-shirt home page: http://www.obscura.com/~shirt/

#!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL
$m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa
2/d0<X+d*La1=z\U$n%0]SX$k"[$m*]\EszlXx++p|dc`,s/^.|\W//g,print
pack('H*',$_)while read(STDIN,$m,($w=2*$d-1+length($n)&~1)/2)