Tech Insider					     Technology and Trends

			      USENET Archives

Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!allegra!alice!research!dmr
From: dmr@research.UUCP
Newsgroups: net.crypt
Subject: export controls
Message-ID: <1041@research.UUCP>
Date: Mon, 17-Sep-84 01:15:46 EDT
Article-I.D.: research.1041
Posted: Mon Sep 17 01:15:46 1984
Date-Received: Tue, 25-Sep-84 04:01:34 EDT
Lines: 52

As has been said, there is indeed a special "International Edition"
of System V that differs from the ordinary system in that it
lacks the crypt command, the encrypting features of ed and vi, and the
encrypt entry of crypt (3).  The crypt entry, which is used for
passwords, is there, as is the underlying DES algorithm.

Here's how it happened.

About a year ago, I got mail from Armando Stettner saying basically,
"Do you know of any problems with exporting crypt?  Our lawyers
[at DEC] are worried about it."  I replied that such worries were
utterly unfounded for a variety of sensible reasons.

Now, as it has turned out, DEC was very justified in worrying about
export controls in general; they have recently been fined (I think) $500,000
for the Vaxen that almost got sent to Russia.  I conjecture that
the earliest stages of this or a similar incident were already in progress
and they were trying to be extra careful when they learned about crypt.

At any rate, the DEC lawyers communicated their fears to AT&T,
and the AT&T lawyers, equally cautious, sought government advice.

The problem, you see, is that cryptographic materials are under export
control.  There is a thing called the Munitions Control Board that worries
not only about machine guns going to Libya, but also about the crypt
command going to England.  In practice, the enforcement is done by the
Commerce department.

AT&T had a meeting with Commerce, the MCB, and NSA.  The upshot was
that they decided it would be simplest all around just not to export
the crypt command.  The gov't would almost certainly have granted
the license, but (probably wisely) AT&T decided it wasn't worth
the hassle.

In technical terms, the situation is ludicrous. The encrypt subroutine
is distinguished mainly by the excruciating care I took to make it
an exact transcription of the algorithm published in the Federal Register,
and by its slowness.   NBS, the caretaker of DES standardization,
is explicit that software implementations cannot be certified, so in that
sense encrypt is not "real" DES.  The underlying subroutine is still
there, only the simple command that uses it is missing.  So there is
actually nothing to protect, and even if there were, it's not protected.
Nevertheless, in the present situation we officially don't need
an export license, whereas with the crypt command we would.

In political terms, AT&T probably could have done better.  Conservative
and careful, they called a big meeting at which no one could possibly
have put forward anything but official positions about encryption
programs.  Private checking with well-placed people in the appropriate
agencies might well have done the job.  But who knows?

		Dennis Ritchie

			        About USENET

USENET (Users’ Network) was a bulletin board shared among many computer
systems around the world. USENET was a logical network, sitting on top
of several physical networks, among them UUCP, BLICN, BERKNET, X.25, and
the ARPANET. Sites on USENET included many universities, private companies
and research organizations. See USENET Archives.

		       SCO Files Lawsuit Against IBM

March 7, 2003 - The SCO Group filed legal action against IBM in the State 
Court of Utah for trade secrets misappropriation, tortious interference, 
unfair competition and breach of contract. The complaint alleges that IBM 
made concentrated efforts to improperly destroy the economic value of 
UNIX, particularly UNIX on Intel, to benefit IBM's Linux services 
business. See SCO v IBM.

The materials and information included in this website may only be used
for purposes such as criticism, review, private study, scholarship, or

Electronic mail:			       WorldWideWeb: