[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why no version of SAFE removes export ctrls, and all are dangerous

>From: Declan McCullagh <[email protected]>
>Legislative history is not a guidepost I like to follow when 
>whether a bill is a good one.

Fine, but what I quoted to you was the definition of generally
available, FROM THE TEXT OF THE BILL ITSELF.  It is in paragraph
5B of that part of the bill.  Look yourself, or read it below,
and you will see that it doesn't say anything about the software
having to be available overseas.  That part of your article was
mistaken.  I like your reporting so I don't want to over do this,
but you should know that the bill does not require what you

            removing export controls completely would benefit
            everyone, but SAFE doesn't go that far: Only software
            "that is generally available" overseas may be exported.
            Which means if I invent a new data-scrambling method
            that nobody overseas has developed, I'm screwed.

>Note the Supremes largely rejected the
>government's arguments that the legislative history of the CDA 
justified it
>as a law. Instead you should look at the plain text of the law, which 
>software not requiring a license is:
>"(A) any software, including software with encryption capabilities
>                   "(i) that is generally available, as is, and is
>                    designed for installation by the purchaser; or
>                    "(ii) that is in the public domain for which
>                    copyright or other protection is not available
>                    under title 17, United States Code, or that is
>                    available to the public because it is generally
>                    accessible to the interested public in any form; or
>>There's nothing about it having to be available overseas.  You are
>>probably confusing it with the hardware part:
>Nope, the "generally available" clause above talks about software. 
>the text of the bill, not some staffer's wet dreams about what they 
want it
>to say.

Section 5B from the text of the bill, again (formatted better):

  (B) the term `generally available' means, in the case of software
  (including software with encryption capabilities), software that is
  offered for sale, license, or transfer to any person without
  restriction, whether or not for consideration, including, but not
  limited to, over-the-counter retail sales, mail order transactions,
  phone order transactions, electronic distribution, or sale on

Nothing about foreign software.

>Then there's the bit Tim was complaining about:
>       authorize the export or reexport of software with encryption
>capabilities for
>       nonmilitary end-uses in any country to which exports of software 
>       capability are permitted for use by financial institutions not
>controlled in fact by
>       United States persons, unless there is substantial evidence that
>such software will
>       be --
>              "(A) diverted to a military end-use or an end-use 
>              international terrorism;
>              "(B) modified for military or terrorist end-use; or
>              "(C) reexported without any authorization by the United 
>              that may be required under this Act.
>Of course there's substantial evidence that PGP etc. will be used by
>unapproved people. That's another problem with SAFE.

So you agree with his interpretation that software must pass the tests
in both paragraph 2 and paragraph 3?  That doesn't seem right.  Para
2 says that no license is required for the kind of software
it describes.  Para 3 then provides a procedure for authorizing
the export of software which meets a different test (similar to
what is allowed for export to non-US financial institutions).  But
these are different tests and different software.

I say that paragraph 2 applies basically to "off the shelf" software,
commercial or public domain.  No license is required to export that.
That's why there are those definitions of generally available and
as-is.  Software which does not fall into these categories can then
be authorized for export under paragraph 3, except that the
authorization can be cancelled if it is diverted to terrorists.

If they wanted to diversion rules to apply to paragraph 2, they
would have written it that way.  But the way it is written it is
only the paragraph 3 software which can lose its authorization.

This is a very logical interpretation.  There is no point in
restricting the export of paragraph 2 software since it is available
to anyone in the US.  Any terrorist can walk into Egghead and buy
Netscape with strong crypto, or any disk encryption package.
This is an argument which cypherpunks have made for years, and they
are 100% right.  Why is it so hard to believe that the congressman
followed the same logic.


Get Your Private, Free Email at http://www.hotmail.com