[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MIT harassed over publication of PGP book



-----BEGIN PGP SIGNED MESSAGE-----


The following message is written on my own behalf; it is not an
official statement of MIT.

Over the past few weeks, MIT has been negotiating a research framework
agreement with Sandia Labs.  A framework agreement does not fund any
particular piece of research.  Rather it establishes policies and
procedures under which future research will be funded and carried out.
This saves MIT and Sandia the trouble of working out a separate
agreement for each new contract.  We have several such agreements in
place with various organizations.  Sandia has also set up agreements
with universities in the past, and is currently setting then up with
several more universities, including MIT.

In the current round of negotiations, Sandia is requesting to add
language to the agreement, giving them right of prior review over any
publications arising from their sponsored research at MIT, in order
that Sandia can review these for possible violation of US export
control regulations.

When our contract people queried this, they were put in touch with
Bruce Winchell, a Sandia lawyer.  Winchell told them that the State
Department had "made it clear" to DOE that the Department was very
concerned that "MIT did not have procedures in place to monitor the
dissemination of material that is subject to export controls."
Winchell went on to say that a recent MIT publication by "a Philip
Zimmermann" came very close to violating export control laws.

As far as we know, Sandia has not been discussing such a clause with
other universities with which it is negotiating contracts.

I assume that Mr. Winchell's comment above refers to the publication
of the PGP source code book by MIT Press.  Before publishing the PGP
book, the Press wrote the State Department, informing them of our
intent to publish the PGP book and giving them the opportunity to let
us know if they thought this would raise an export control problem.
We never received a response.  Since publication, MIT has never (to my
knowledge) heard from State that they had any objection to the PGP
publication.

Now, we learn of a back channel communication from State to DOE to
Sandia, which has prompted Sandia to want to act as a policeman for
MIT vis a vis export controls.

This is troubling for what it says about how the State Department is
dealing with export issues surrounding information about cryptography,
and about the extent to which policies are being administered in a
clear and above-board manner.

Hal Abelson
Prof. of Comp. Sci. and Eng.
MIT



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMeNIKviGKLV9Y6XFAQFeRwP6ArPEyMTY3IgfuAQGcCCfmbuc5D/505N/
+x/9hhVZOIv33sEummQ5UtJeSAyH9gLg0GMOxKCpQOqsBsed5YAO9xVRjIW3dXfQ
Xgo975qFHHmlRA3cxa5EZFg7Q/39V3QVKlCrcZ8jyYW9ECgNJtbMSvcvaO3Qzgom
lgo4OB6g7eo=
=QABK
-----END PGP SIGNATURE-----