[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I@Week on crypto export loophole 6/24/96



At 10:30 PM 7/11/96 -0400, Will Rodger wrote:

>>At 04:06 AM 7/11/96 +0000, Paul Elliott wrote:
>>>What is to prevent a U.S company to licence a foreign company
>>>to sublicence and distribute a Crypto product abroad, if that
>>>foreign company obtains that product on the pirate market?
>>>
>>>I am not a lawyer, but I look at the definition of "export"
>>>on page 612 of Applied Cryptography and nothing seems to
>>>obviously apply.
>
>Elliott appears to be absolutely correct.
>
>Jim Bell replied:
>>I raised this type of idea on CP, twice, and didn't hear a peep about it!  
>
>You were ahead of your time, Jim.
>There was a cover story peep about the idea in Interactive Week June 24, in
>fact. The story followed Bidzos' announcement that NTT would soon be
>producing 3-DES chips en masse.
>It's at: http://www.zdnet.com/intweek/print/960624/cover/doc1.html


I just read the article, and it's very interesting.  My first note on the 
subject was posted June 4, and follows below:   


At 10:54 AM 6/4/96 GMT, John Young wrote:
>Connecting Declan's three dots [...]: 
>   The New York Times, June 4, 1996, pp. D1, D4. 
>   Japanese Chips May Scramble U.S. Export Ban 
>   By John Markoff 
>   Washington, June 3 -- The Nippon Telegraph and Telephone 
>   Corporation has quietly begun selling a powerful data- 
>   scrambling chip set that is likely to undermine the Clinton 
>   Administration's efforts to restrict the export of the 
>   fundamental technology for protecting secrets and commerce 
>   in the information age. 

 
>   An executive at NTT America said that although there were 
>   no restrictions on the export of cryptographic hardware or 
>   software from Japan, his company was still anxious to 
>   obtain software from RSA Data to use in its chips. That 
>   software is still controlled by United States export law, 
>   he said. 


Maybe it's just me, but the solution to NTT's problem is obvious.  Even 
assuming that the export of this software would be against the law, why 
doesn't somebody simply violate that law?  RSA would publish that software, 
possibly encrypted with NTT's public key, on a public system protected 
against direct export.  "Somebody" would download it, write it to a floppy 
(taking care not to leave any fingerprints, and wetting both the stamp and 
the envelope with tap water, rather than licking them) and mail that floppy 
off to NTT in Japan.  (Naturally, you don't put a return address on that 
envelope.   The truly paranoid would first take that floppy to some store's 
PC section, and cross-load the data onto a floppy written by some other 
floppy drive.)

NTT finds that envelope in their mail, opens it, reads the floppy, decrypts 
the data, and say, "Wow!  It's the data we wanted to get!"  It verifies that 
the data is valid by emailing a copy back to RSA in America, who say, 
"Amazing!  Somebody has illegally exported our software!"

As far as I know, there is nothing wrong with NTT using this software even 
if it is assumed to have been exported illegally.  Obviously, NTT won't 
_ask_ for somebody to do this, because then the government will claim it was 
all a conspiracy, but that doesn't prevent NTT from being the beneficiary of 
somebody else's activities.




Jim Bell
[email protected]