[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why not PGP?



Rollo Silver writes:
 
[uses PGP to communicate to Ray]
 
> Two questions:
> 
> 1. Does anyone think that legislation might be passed which would
> criminalize my communications with Ray?

It might.  Some people in law enforcement/government would
really like to see that, Constitution be damned.

> 2. Suppose someone writes a program Z that has no expicit crypto code in
> it, but has hooks for installing one or another version of PGP. Given a
> copy of Z, someone in this country could install PGP he got from MIT,
> whereas someone in Europe could install the international version.
> Would export of Z violate ITAR restrictions?

As currently interpreted by NSA/DOJ et al, yes.
"Pluggable crypto" is not allowed by the people who enforce ITAR.
They might be working towards the eventual police state but
they're not stupid.

NCSA, when they were about to release a new version of Mosaic that
had hooks for PGP, were explicitly told by NSA that they would
remove those hooks before the software was released.


BTW, no version of PGP is exportable under ITAR; they all
use real crypto.   The international version exists because of
patent problems with RSA and the way that those problems were
resolved.  I think this is explained in the README that comes
with PGP; if not, the book _The Official PGP Users Guide_
by Phil Zimmerman (ISBN 0-262-74017-6) explains it.

-- 
Eric Murray  [email protected]  [email protected]  http://www.lne.com/ericm
PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03  92 E8 AC E6 7E 27 29 AF