Re: "Only" export control
Tue, 24 Jun 1997 20:15:01 -0500

Seth D. Schoen wrote:

> As far as I can tell from what I've read about this new controversial
> bill, it "only" moves to criminalize _export_ by U.S. citizens, and
> not
> _use_ by them, of crypto above 56-bit.


> I still want to call the Commerce Dept. and ask them for a comment on
> the
> fact that DESCHALL has proved commercially useless all legally
> exportable
> crypto. (For protecting data worth over $10,000, at least, which is
> probably where the best commercial markets for U.S. crypto would arise
> anyway.)

Anyone not realizing that 40-bits is useless, rubbish crypto, needs to
remove their head from their a**.

> All right, so in regard to this bill: sure, it's terrible, but it may
> not be _as terrible_ as people think. That is, for U.S. users, I
> don't
> think that the bill means to take away _your copies_ of crypto
> software.
> Sure, Louis Freeh would love to do that

Freeh can suck my arse.

> , but not by means of this bill.
> It only seems to codify in law current export regulations, to the
> major
> detriment of U.S. programmers' competitiveness, but _not_ of U.S.
> users'
> privacy.

But it's still not what we want for crypto

> And fortunately enough, there are both courageous users who violate
> the export laws (is PGP 5 outside the country yet?)

Legally, by way of a book on the source code. Stale Shuemacher (did I
spell it right?) is working on it now.

> and very good
> programmers and cryptographers in other countries working to produce
> NSA-proof crypto for international users. This is no excuse for
> export
> control, but it is perhaps a "mitigating factor" in terms of just what
> effect this silly new bill could have on people in practice.
> Incidentally, a nice benefit of crypto and remailers is that they make
> violations of ITAR and DOC regulations undetectable and untraceable.
> Until there are restrictions on possession and use, as in France
> (a reason I would never live there),

I never saw the attraction with France... besides, I want security, and
disallowing crypto for French citizens is fascism.

> nobody anywhere in the world will
> have any difficulty obtaining strong cryptography, export and
> import controls notwithstanding.

But Freeh and the NSA and other various Clinton arse-kissing shills
don't realize that. They think somehow that letting terrorists have
crypto like that would hurt us... hell, the terrorists could just d/l
PGP 5.0i when it comes out! If I were a terrorist, would I buy GAKked
US crypto, or just download a free copy of PGP? The keyword here is:

> I would like to put in a request for crypto software distributors: on
> your web pages for software downloads, would you use the phrasing
> "I acknowledge affirmatively that export of this software is
> prohibited by
> law" rather than "I agree not to export this software in violation of
> the law"? The second phrasing, which is in wide, though not
> exclusive,
> use makes exporting the software _dishonest_ and _in violation of an
> agreement_; the first phrasing just makes it _illegal_ and
> _punishable_.
> Many people are prepared to violate unfair laws, but not necessarily
> to
> break promises they have voluntarily made.
> For instance, in order to live in the Substance-Free Environment in
> my dorm at Berkeley, I have signed an agreement not to use or possess
> drugs. I intend to honor this agreement, voluntarily entered into,
> even if it would be to my advantage to break it, but otherwise would
> have few inherent objections to illegally buying or reselling drugs,
> or
> at least assisting others in doing so. I'm sure I'm not the only
> person
> who respects his promises but not the law.