[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Civil Disobediance




Dr Roberts writes:
> Perhaps there is a way to turn the training on the trainers?  Civil
> disobediance is the best way to do this.  Were a relatively small
> number of people, a thousand for instance, to post the "RSA in 3
> lines" code to the world, it would be highly unlikely that anybody at
> all would be prosecuted, 

Many 1000s of people have exported it.  See also Vince Cate's arms
trafficker page.

	http://online.offshore.com.ai/arms-trafficker/

Around 3000 T-shirts were sold also.  Guess there are a fair number of
people practicing civil disobedience in the US as a result.  They're
still selling, see:

	http://www.dcs.ex.ac.uk/~aba/uk-shirt.html

for order info.

While it's probably technically illegal to export, it clearly doesn't
get you in trouble to export it.  Raph Levien sent off a Commodity
Jurisdiction Request together with a sample T-shirt to ask permission
to export the T-shirt under the ITAR regulations.  They did not answer
his request.  I presume that they viewed either a "yes" or a "no" as a
loose for them.  If they say no, they open themselves for mockery in
the press, if they say yes, we progress the situation.  Export on
paper?  Floppy?  Internet?  Bigger programs.

I'd guess the request is now outdated by the token change in export
regulations (in reality mostly a name change) to EAR regulations which
transferred jurisdiction to the commerce department.  It might be
interesting to ask them for permission to export it.  If anyone wants
to do this, I'll supply a sample T-shirt :-)

Looks like the laws may make another token name change again, but
remain the same again, with a SAFE, doubtless with key-escrow bolted
on during the compromise with NSA and LE interests stage of
negotiations.

> particularly if a sizeable number of these people were professors,
> graduate students, professionals at well known companies,
> journalists, politicians?, or otherwise prominent people.  The whole
> situation would be so absurd they would never dare take it to court.

I'd always hoped that someone could make a good PR job of ridiculing
the export regulations with this.  So far it never really got much
further than the NSA/ODTC ignoring the CJR request of Raphs.  Also,
Duncan Frissell caused a bit of a stir at CFP a few years back with
the program on labels which he handed to attenders.  Vince Cate had a
bit of success also.  The shirts have been on French TV, which is
significant also due to French crypto regulations which are worse than
the US regulations.

> The longer somebody waits, the less opportunity they have to tell
> their grandkids "I was the 500th person to publically export RSA
> back in the late 20th century.  The government was actually trying
> to make math illegal!"  Best of all, anybody "fortunate" enough to
> be a U.S. citizen can participate, even if they don't write code
> themselves.

A while back I did a cgi binary which exported the PGP.EXE out of
pgp262i in uuencoded parts, 3 lines at a time.  Came out at 713 parts.
Maybe that would be more symbolic.  People weren't so keen to export
that as they were to export the perl rsa sig.

When I announced the url, people posted "I got no 7, who got the 1st
part?" etc.  See:

	http://www.dcs.ex.ac.uk/~aba/export/

Of course this wasn't my idea, it had been discussed on the list
several times before, I just took advantage of my position outside the
crypto curtain to actually do it.

It's a bit out of date - it's talking about ITAR, that should be EAR
now.

> Having established beyond any doubt that the export of RSA was
> possible without repercussions, the lesson will be driven home by
> group releases of successively longer mathematical works expressed in
> source code.  

I think this has been established.  Vince Cate's exporters page sends
[email protected] a protest letter together with the rsa sig.
There is a log of exporters.  Lots of names on it.

> The first release will be the most challenging.  In no time at all
> everybody - including everybody in the government - will find
> themselves accustomed to the idea that laws against mathematics are
> absurd.  (Even Senators will be able to grasp this unchallenging
> concept.)

I think Vince says on his pages that he got a mention on CNN of his
arms trafficker page.  I'd encourage anyone to use the sig, or
t-shirts, mailing labels or the guy with the tattoo of the .sig to
cause all the embarrasment they can for the US government.

> The way to get started is for people to pledge to post "RSA in 3
> lines" if certain conditions are met.  For instance, "I will post 'RSA
> in 3 lines' if 500 people promise to do it as well, among them being
> Michel Foucault, Jacob Bernoulli, and Blaise Pascal."  No risk need be
> taken without allies!

Well, it does seem to me at times that people in the US are being too
timid about the whole situation.  I mean if everyone just openly
ignored the stupid laws, you might think they would go away by
default, just to catch up with reality.  

Much hand-wringing is spent putting no-export warnings on code,
obfuscating the download process to discourage non-US people, and
warning others not to export.

Clearly for the individual there are few ill-effects from exporting
the 3 lines of perl.  (Actually 2 lines now see below).  Probably
nothing much would happen if you personally just uuencoded PGP and
spammed USENET with it.  I mean it would make not one iota of
difference as it's already universally available on ftp sites and web
pages.

Phil Zimmermann and Kelly Goen were hassled over their export, but
it's too late to worry about PGP now.

Adam
-- 
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`