Technology and Trends
 USENET Archives
  
Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!caip!rutgers!sri-spam!nike!lll-crg!hoptoad!gnu
From: gnu@hoptoad.uucp (John Gilmore)
Newsgroups: net.crypt,net.sources.d,net.legal
Subject: There are basically no export controls on public domain information.
Message-ID: <1176@hoptoad.uucp>
Date: Fri, 3-Oct-86 19:57:06 EDT
Article-I.D.: hoptoad.1176
Posted: Fri Oct  3 19:57:06 1986
Date-Received: Sat, 4-Oct-86 12:48:24 EDT
Organization: Nebula Consultants in San Francisco
Lines: 67
Xref: watmath net.crypt:897 net.sources.d:552 net.legal:5266

I got into a hassle last month for posting a DES program to mod.sources
because someone claimed that I was breaking the export control law.

I spent the afternoon down at the Federal Building and discovered that
export policy is in better shape than I thought.  Basically, you can
export any technical data to any destination if it "has been made
generally available to the public in any form".  This export is under
a "general license" which is available to everyone without any paperwork.

So, you should expect to see the DES posting again (it was canceled)
and to see Crypt Breaker's Workbench on mod.sources soon.

Here are the regs for all you policy hounds:

Export Administration Regulations, Part 370.2, Definitions.

	"General License.  A license established by the US Department
	of Commerce for which no application is required and for which
	no document is granted or issued.  It is available for use by
	all persons, except those listed in and prohibited by the
	provisions of Supplement No. 1 to Part 388, and permits export
	within the provisions thereof as prescribed in the Export
	Administration Regulations.  These general licenses are not
	applicable to exports under the licensing jurisdiction of agencies
	other than the Department of Commerce."

Part 379.1, Definitions.
	"...  All software is technical data."

Part 379.2, Licenses to Export.
	"Except as provided in Part 370.3(a), an export of technical
	data must be made under either a US Department of Commerce
	general license or a validated export license.  General
	licenses GTDA and GTDR apply to specific types of exports of
	technical data..."

Part 379.3, General license GTDA: Technical Data Available to all
Destinations.
	"A General License designated GTDA is hereby established
	authorizing the export to all destinations of technical data
	described in 379.3(a), (b), or (c) below:

		(a) Data Generally Available

	Data that have been made generally available to the public in
	any form, including--

	(1) Data released orally or visually at open conferences,
	lectures, trade shows, or other media open to the public; and

	(2) Publications that may be purchased without restrictions
	at a nominal cost, or obtained without costs, or are readily
	available at libraries open to the public.

	The term "nominal cost" as used in 379.3(a)(2) above, is intended
	to reflect realistically only the cost of preparing and distributing
	the publication and not the intrinsic value of the technical data.
	If the cost is such as to prevent the technical data from being
	generally available to the public, General License GTDA would not
	be applicable.

		(b)  Scientific or Educational Data ...

		(c)  Patent Applications ..."
-- 
John Gilmore  {sun,ptsfa,lll-crg,ihnp4}!hoptoad!gnu   jgil...@lll-crg.arpa
		     May the Source be with you!

Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!lll-crg!nike!sri-spam!sri-unix!hplabs!hpcea!
hpfcdc!hpfcms!niland
From: nil...@hpfcms.HP.COM ( Bob Niland )
Newsgroups: net.crypt
Subject: Re: There are basically no export controls on public domain information.
Message-ID: <1570001@hpfcms.HP.COM>
Date: Sun, 5-Oct-86 15:12:37 EDT
Article-I.D.: hpfcms.1570001
Posted: Sun Oct  5 15:12:37 1986
Date-Received: Fri, 10-Oct-86 01:19:02 EDT
References: <1176@hoptoad.uucp>
Organization: Hewlett-Packard
Lines: 28

re: Exporting 'crypt'

> Part 379.1, Definitions.
> 	"...  All software is technical data."

I encourage you to check a little more deeply into export of cryptographic
technology.  We [at HP] would like to ship crypt with HP-UX, but from what I
have heard of our investigations, it has been determined that crypt is
considered to be "munitions"(!)  as well as "technical data", and is
therefore restricted by some other set of regulations in addition to the
ones you listed.

Yes, I know, "But DES has been published!  The Rooskies already know all
about it!"  Well, the apparent theory behind the munitions classification is
something like "Yes, and they know how to make bombs too.  That doesn't mean
we'll sell them ours."  The argument seems a bit strained to me.

Our lawyers periodically do battle with the great fire-breathing dragon of
"National Security" concerning this issue.  I imagine that until we get a
specific green flag on it, we will continue to leave crypt out of our
product.

Regards,                                              Hewlett-Packard
Bob Niland                                            3404 East Harmony Road
[ihnp4|hplabs]!hpfcla!rjn                             Fort Collins CO  80525

This posting is supplied for information purposes only and does not
represent the official position of the Hewlett-Packard Company.

Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!rutgers!caip!clyde!cbatt!cbosgd!ted
From: t...@cbosgd.ATT.COM (Ted Aseltine)
Newsgroups: sci.crypt,net.sources.d,misc.legal
Subject: Re: There are basically no export controls ... question on crypt
Message-ID: <2775@cbosgd.ATT.COM>
Date: Wed, 22-Oct-86 12:28:06 EDT
Article-I.D.: cbosgd.2775
Posted: Wed Oct 22 12:28:06 1986
Date-Received: Thu, 23-Oct-86 04:42:36 EDT
References: <1176@hoptoad.uucp> <1889@well.UUCP> <7201@utzoo.UUCP> 
<716@phred.UUCP> <81@ritcv.UUCP> <8251@sun.uucp> <3990@amdahl.UUCP>
Reply-To: ted@cbosgd.UUCP (Ted Aseltine)
Organization: AT&T Bell Laboratories, Columbus
Lines: 4
Xref: mnetor sci.crypt:17 net.sources.d:599 misc.legal:108

Since crypt(1) (and associated programs, like passwd) can't be exported,
does anyone know of internationally-available add-on packages which
perform similar functions?  I presume that customers overseas would
not like UNIX with no login security any better than we do!

Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!columbia!rutgers!ll-xn!mit-eddie!genrad!
decvax!decwrl!sun!guy
From: guy@sun.UUCP
Newsgroups: sci.crypt,net.sources.d,misc.legal
Subject: Re: There are basically no export controls ... question on crypt
Message-ID: <8455@sun.uucp>
Date: Thu, 23-Oct-86 15:25:17 EDT
Article-I.D.: sun.8455
Posted: Thu Oct 23 15:25:17 1986
Date-Received: Fri, 24-Oct-86 16:00:51 EDT
References: <1176@hoptoad.uucp> <1889@well.UUCP> <7201@utzoo.UUCP>
Organization: Sun Microsystems, Inc.
Lines: 31
Xref: mnetor sci.crypt:20 net.sources.d:605 misc.legal:125

> Since crypt(1) (and associated programs, like passwd) can't be exported,
> does anyone know of internationally-available add-on packages which
> perform similar functions?  I presume that customers overseas would
> not like UNIX with no login security any better than we do!

1) "passwd" is NOT an "associated program" of "crypt".  "crypt" uses a rotor
machine (which can be broken; see "File Security and the UNIX System Crypt
Command", by J. A. Reeds and P. J. Weinberger, in the AT&T Bell Laboratories
Technical Journal, October 1984, Vol. 63, No. 8, Part 2), while the UNIX
system's password encryption uses a tweaked form of DES.

2) No, customers overseas don't want a UNIX with no login security, so
international versions of UNIX come with password encryption.  In fact, I
believe they supply the exact same password encryption code that domestic
versions do; I believe versions shipped abroad that comply with export
restrictions just have code that forbids "raw" access to the DES #ifdeffed
in!

3) I don't think the federal government said, with a full understanding of
what they were saying, "thou shalt not export 'crypt' nor versions of 'ed'
nor 'vi' with the encryption code built in, nor shalt thou export the UNIX
system's DES password encryption code in a fashion that permits people to
use it to encrypt files."  It's more likely that there is a general
regulation about the export of encryption technology, and rather than go
through the hassle of trying to get an export license for this stuff, AT&T
just punted and said "OK, we won't bother exporting this stuff in a form
that requires a license."  Does anybody have the *real* story?
-- 
	Guy Harris
	{ihnp4, decvax, seismo, decwrl, ...}!sun!guy
	g...@sun.com (or guy@sun.arpa)

Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!rutgers!husc6!talcott!maynard!campbell
From: campbell@maynard.UUCP (Larry Campbell)
Newsgroups: sci.crypt,net.sources.d,misc.legal
Subject: Re: There are basically no export controls on public domain information.
Message-ID: <397@maynard.UUCP>
Date: Sun, 26-Oct-86 13:06:02 EST
Article-I.D.: maynard.397
Posted: Sun Oct 26 13:06:02 1986
Date-Received: Mon, 27-Oct-86 01:35:59 EST
References: <1176@hoptoad.uucp> <1889@well.UUCP> <7201@utzoo.UUCP>
Reply-To: campbell@maynard.UUCP (Larry Campbell)
Followup-To: misc.legal, sci.crypt
Organization: The Boston Software Works Inc., Maynard, MA
Lines: 11
Keywords: repression stupidity fascism
Xref: watmath sci.crypt:25 net.sources.d:617 misc.legal:123
Summary: stupid laws *ought* to be violated, at every chance

I think all this worrying about whether to post DES code is a bit off
the mark.  The relevant US export restrictions are stupid, repressive,
probably unenforceable on First Amendment grounds, and ought to be
violated at every chance.  If the government were so obtuse as to
actually prosecute anyone for this, I would be glad to contribute
money to a legal defense fund;  I suspect many other netters would be
too.
-- 
Larry Campbell       MCI: LCAMPBELL          The Boston Software Works, Inc.
UUCP: {alliant,wjh12}!maynard!campbell      120 Fulton Street, Boston MA 02109
ARPA: campbell%m...@harvisr.harvard.edu     (617) 367-6846

Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!gatech!lll-lcc!well!hoptoad!gnu
From: gnu@hoptoad.uucp (John Gilmore)
Newsgroups: sci.crypt,net.sources.d,misc.legal
Subject: The Real Regs about crypto exporting
Message-ID: <1241@hoptoad.uucp>
Date: Tue, 28-Oct-86 21:52:21 EST
Article-I.D.: hoptoad.1241
Posted: Tue Oct 28 21:52:21 1986
Date-Received: Wed, 29-Oct-86 22:09:42 EST
References: <1176@hoptoad.uucp> <1889@well.UUCP> <7201@utzoo.UUCP> 
<8455@sun.uucp>
Organization: Nebula Consultants in San Francisco
Lines: 105
Xref: mnetor sci.crypt:30 net.sources.d:619 misc.legal:185

There has been way too much bullshit flying on this issue, so I decided
to waste half an hour and type in the real regulations, which I xeroXed
down at the Commerce Dept.  These come out of the Commodity Control
List, part of the book of export control regulations which lists
specific types of equipment and how exporting them is to be handled.
Here we go...

-----

ECCN 1527A.  Cryptographic equipment and specially designed components
therefor, designed to ensure secrecy of communications (such as
telegraphy, telephony, facsimile, video and data communications) or of
stored information; and "software" controlling or computers performing
the functions of such cryptographic equipment.

CONTROLS FOR ECCN 1527A

Unit: Report in "$ value."
Validated License Required: Country Groups QSTVWYZ.
GLV $ Value Limit: $0 for all destinations.
Processing Code: MT.
Reason for Control: National security.
Special Licenses Available:  See Part 373.

LIST OF EQUIPMENT CONTROLLED BY ECCN 1527A

Cryptographic equipment and ancillary equipment (such as teleprinters,
perforators, vocoders, visual display units) designed to ensure secrecy
of communications (such as telegraphy, telephony, facsimile, video,
data) or of stored information, their specialized components, and
software controlling of performing the function of such cryptographic
equipment; also video systems which, for secrecy purposes, use digital
techniques (conversion of an analog, i.e., video or facsimile, signal
into a digital signal).  (ECCN 1527A also covers digital computers and
differential analyzers (incremental computers) designed or modified for,
or combined with, any cipher machines, cryptographic equipment, devices
or techniques including software, microprogram control (firmware) and/or
specialized logic control (hardware), associated equipment therefor, and
equipment or systems incorporating such computers or analyzers), except
simple cryptographic devices or equipment only ensuring the privacy of
communications, of the following decription:

  (a) Equipment for voice transmission making use of fixed frequency
inversions and/or fixed band scrambling techniques in which the
transposition changes occur not more frequently than once every 10
seconds;

  (b) Standard civil facsimile and video equipment designed to ensure
the privacy of communications by an analog transmission using
nonstandard practices for intended receivers only (video system equipment
effecting the transposition of analog data);

  (c) Video systems for pay television and similar restricted audience
television, including industrial and commercial television equipment
using other than standard commercial sweep systems.

TECHNICAL NOTE:  No technical data or software controlled under this
ECCN may be exported or reexported under General License GTDR.

NOTE -- Exporters requiesting a validated license from the Department of
Commerce must provide a statement from the Department of State, Office
of Munitions Control, verifying that the equipment intended for export
is under the licensing jurisdiction of the Department of Commerce.

NOTE: 1.  This ECCN also covers video systems that, for secrecy
purposes, use digital techniques (conversion of an analog, i.e., video
or facsimile, signal into a digital signal).

2.  This ECCN does not cover simple cryptographic devices or equipment
only ensuring the privacy of communicaitions, as follows:

  (a) Equipment for voice transmission making use of fixed frequency
inversions or fixed band scrambling techniques in which the
transportation changes occur not more frequently than once every 10
seconds;

  (b) Standard civil facsimile and video equipment designed to ensure
the privacy of communications by an analog transmission using
non-standard practices for intended receivers only (video system equipment
effecting the transposition of analog data);

  (c) Video systems for pay television and similar restricted audience
television, including industrial and commercial television equipment
using other than standard commercial sweep systems.

3.  "Digital computers" and digital differential analyzers (incremental
computers) designed or modified for, or combined with, any cipher
machines, cryptographic equipment, devices or techniques including
"software", "microprogram" control ("firmware") or specialized logic
control (hardware), associated equipment therefor, and equipment or
systems incorporating such computers or analyzers are covered by this
ECCN or by Supp. No 2. to part 370 of the Export Administration
Regulations.

-----

That's it, including the typos ("transportation" for "transposition") and
duplications.  Straight out of the Commodity Control List.  If you want
further explanation of what this all means, don't flap your fingers on the
net!  Go down to your nearest Federal Building and talk to the folks
there.
-- 
John Gilmore  {sun,ptsfa,lll-crg,ihnp4}!hoptoad!gnu   jgil...@lll-crg.arpa
  Overheard at a funeral: "I know this may be an awkward time, but do
  you recall him ever mentioning source code?"		-- Charles Addams

Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!gatech!lll-lcc!well!hoptoad!gnu
From: gnu@hoptoad.uucp (John Gilmore)
Newsgroups: sci.crypt,net.sources.d,misc.legal
Subject: The Real Story on exporting the Unix crypt command
Message-ID: <1242@hoptoad.uucp>
Date: Tue, 28-Oct-86 22:05:31 EST
Article-I.D.: hoptoad.1242
Posted: Tue Oct 28 22:05:31 1986
Date-Received: Wed, 29-Oct-86 22:10:03 EST
References: <1176@hoptoad.uucp> <1889@well.UUCP> <7201@utzoo.UUCP> 
<8455@sun.uucp>
Organization: Nebula Consultants in San Francisco
Lines: 71
Xref: mnetor sci.crypt:31 net.sources.d:620 misc.legal:186

>                            Does anybody have the *real* story?

Dennis Ritchie posted his version of the story in 1984.  Note that at
least one Unix supplier (Amdahl) has since had the balls to ask for an
export license, and got it without trouble, so the whole foofraw was
all for nothing.  Here's Dennis's message:

Path: CSL-Vax!decwrl!decvax!mcnc!unc!ulysses!allegra!alice!research!dmr
From: dmr@research.UUCP
Newsgroups: net.crypt
Subject: export controls
Message-ID: <1041@research.UUCP>
Date: 18 Sep 84 05:15:46 GMT
Posted: Mon Sep 17 22:15:46 1984

As has been said, there is indeed a special "International Edition"
of System V that differs from the ordinary system in that it
lacks the crypt command, the encrypting features of ed and vi, and the
encrypt entry of crypt (3).  The crypt entry, which is used for
passwords, is there, as is the underlying DES algorithm.

Here's how it happened.

About a year ago, I got mail from Armando Stettner saying basically,
"Do you know of any problems with exporting crypt?  Our lawyers
[at DEC] are worried about it."  I replied that such worries were
utterly unfounded for a variety of sensible reasons.

Now, as it has turned out, DEC was very justified in worrying about
export controls in general; they have recently been fined (I think) $500,000
for the Vaxen that almost got sent to Russia.  I conjecture that
the earliest stages of this or a similar incident were already in progress
and they were trying to be extra careful when they learned about crypt.

At any rate, the DEC lawyers communicated their fears to AT&T,
and the AT&T lawyers, equally cautious, sought government advice.

The problem, you see, is that cryptographic materials are under export
control.  There is a thing called the Munitions Control Board that worries
not only about machine guns going to Libya, but also about the crypt
command going to England.  In practice, the enforcement is done by the
Commerce department.

AT&T had a meeting with Commerce, the MCB, and NSA.  The upshot was
that they decided it would be simplest all around just not to export
the crypt command.  The gov't would almost certainly have granted
the license, but (probably wisely) AT&T decided it wasn't worth
the hassle.

In technical terms, the situation is ludicrous. The encrypt subroutine
is distinguished mainly by the excruciating care I took to make it
an exact transcription of the algorithm published in the Federal Register,
and by its slowness.   NBS, the caretaker of DES standardization,
is explicit that software implementations cannot be certified, so in that
sense encrypt is not "real" DES.  The underlying subroutine is still
there, only the simple command that uses it is missing.  So there is
actually nothing to protect, and even if there were, it's not protected.
Nevertheless, in the present situation we officially don't need
an export license, whereas with the crypt command we would.

In political terms, AT&T probably could have done better.  Conservative
and careful, they called a big meeting at which no one could possibly
have put forward anything but official positions about encryption
programs.  Private checking with well-placed people in the appropriate
agencies might well have done the job.  But who knows?

		Dennis Ritchie
-- 
John Gilmore  {sun,ptsfa,lll-crg,ihnp4}!hoptoad!gnu   jgil...@lll-crg.arpa
  Overheard at a funeral: "I know this may be an awkward time, but do
  you recall him ever mentioning source code?"		-- Charles Addams

Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.3 alpha 4/15/85; site spectrix.UUCP
Path: utzoo!mnetor!spectrix!clewis
From: clewis@spectrix.UUCP (Chris Lewis)
Newsgroups: misc.legal,sci.crypt
Subject: Re: There are basically no export controls on public domain information.
Message-ID: <180@spectrix.UUCP>
Date: Wed, 29-Oct-86 19:48:18 EST
Article-I.D.: spectrix.180
Posted: Wed Oct 29 19:48:18 1986
Date-Received: Wed, 29-Oct-86 22:04:47 EST
References: <1176@hoptoad.uucp> <1889@well.UUCP> <7201@utzoo.UUCP>
Reply-To: clewis@spectrix.UUCP (Chris Lewis)
Organization: Spectrix Microsystems Inc., Toronto, Ontario, Canada
Lines: 30
Keywords: repression stupidity fascism
Xref: mnetor misc.legal:183 sci.crypt:29

In article <397@maynard.UUCP> campbell@maynard.UUCP (Larry Campbell) writes:
>I think all this worrying about whether to post DES code is a bit off
>the mark.  The relevant US export restrictions are stupid, repressive,
>probably unenforceable on First Amendment grounds, and ought to be
>violated at every chance.  If the government were so obtuse as to
>actually prosecute anyone for this, I would be glad to contribute
>money to a legal defense fund;  I suspect many other netters would be
>too.

And pay for lost salary, and pay for ruined career.  Whether or not they
won.  McCarthy's victims fought on these exact same principles, and 
fought hard.  Fat lot of good that did them (Eg: Chaplin left the 
country and didn't come back until just before his death, many suicides, 
permanently ruined careers).

Small consolation for proving a relatively minor point and getting ruined
in the process.  Even though Gary Francis Powers was found not guilty
of treason he ended up flying traffic helicopters in Oshawa (just east
of here).

I'm sure the Canadian subsidiary of General Electric would appreciate 
donations for lost revenues too.  (They were charged over locomotives 
being manufactured in Canada and being sold to Cuba - EVEN THOUGH IT'S 
A CANADIAN COMPANY!  Well, actually, the parent company was threatened a 
lot by the US Govt.)
-- 
Chris Lewis
Spectrix Microsystems Inc,
UUCP: {utzoo|utcs|yetti|genat|seismo}!mnetor!spectrix!clewis
Phone: (416)-474-1955

Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!rutgers!seismo!lll-crg!hoptoad!gnu
From: gnu@hoptoad.uucp (John Gilmore)
Newsgroups: misc.legal,sci.crypt
Subject: Chris Lewis on obeying governments
Message-ID: <1251@hoptoad.uucp>
Date: Fri, 31-Oct-86 08:53:41 EST
Article-I.D.: hoptoad.1251
Posted: Fri Oct 31 08:53:41 1986
Date-Received: Sat, 1-Nov-86 03:19:47 EST
References: <1176@hoptoad.uucp> <1889@well.UUCP> <7201@utzoo.UUCP> 
<180@spectrix.UUCP>
Organization: Nebula Consultants in San Francisco
Lines: 29
Xref: watmath misc.legal:181 sci.crypt:36

I know Chris has a right to his opinion and everything, but I for
one am getting tired of hearing, every time someone proposes actually
doing something to verify or correct a stupidity created by a government,
that the consequences are dire and we should all just knuckle under.

Chris is the person who first complained about the DES posting possibly
being illegal.  After I did some research to fix that, he tried to
contest the results of that research (without knowing US law -- he's
Canadian!).  Now when Larry Campbell proposed that we break a bad
law and form a legal defense fund to get the law challenged in court,
he tells us how stupid all the people were who fought Sentator McCarthy's
abuse of government in the 1950's.

Chris, while living like a mouse might be fun for you, can you leave
the rest of us to our kind of fun?  As somebody said, the people get
exactly the government they deserve, and I for one want a better
government and am willing to work to improve it.  This means learning,
myself, how it works, and teaching it when it errs.

From the tone of your postings I would almost venture a guess that you
are a CIA disinformation operative.  Arguing for the supremacy of the 
government and the hopelessness of fighting the police state (McCarthy).
The general tone of "Give up!  It's hopeless" is unhealthy for freedom.
-- 
John Gilmore  {sun,ptsfa,lll-crg,ihnp4}!hoptoad!gnu   jgil...@lll-crg.arpa
Bomb, terrorist, cryptography, DES, assasinate, secret, decode, NSA, CIA, NRO.
 The above is food for the NSA line eater.  Add it to your .signature and
 you too can help overflow the NSA's ability to scan all traffic going in or
 out of the USA looking for "significant" words.  (This is not a joke, sadly.)

Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.3 alpha 4/15/85; site spectrix.UUCP
Path: utzoo!mnetor!spectrix!clewis
From: clewis@spectrix.UUCP (Chris Lewis)
Newsgroups: misc.legal,sci.crypt
Subject: Re: Chris Lewis on obeying governments
Message-ID: <187@spectrix.UUCP>
Date: Mon, 3-Nov-86 18:12:18 EST
Article-I.D.: spectrix.187
Posted: Mon Nov  3 18:12:18 1986
Date-Received: Tue, 4-Nov-86 04:45:59 EST
References: <1176@hoptoad.uucp> <1889@well.UUCP> <7201@utzoo.UUCP> 
<180@spectrix.UUCP> <1251@hoptoad.uucp>
Reply-To: clewis@spectrix.UUCP (Chris Lewis)
Organization: Spectrix Microsystems Inc., Toronto, Ontario, Canada
Lines: 121
Xref: mnetor misc.legal:239 sci.crypt:40

In article <1251@hoptoad.uucp> gnu@hoptoad.uucp (John Gilmore) writes:
> I know Chris has a right to his opinion and everything, but I for
> one am getting tired of hearing, every time someone proposes actually
> doing something to verify or correct a stupidity created by a government,
> that the consequences are dire and we should all just knuckle under.

Hardly.  Rather, before embarking on a "grey" area it's better to know
the law, and the possible consequences.  And that there may be easier ways.

> Chris is the person who first complained about the DES posting possibly
> being illegal.  After I did some research to fix that, he tried to
> contest the results of that research (without knowing US law -- he's
> Canadian!).  

I notice that you didn't post any of that conversation.  Fears about DES
posting being illegal is not crap - many of the people later posting about
this subject have had personal experience with restrictions (or what they
thought were restrictions) in this area.  Some American, some not.  Because 
there *are* restrictions on DES, which given the vagueness and language of 
the law can be interpreted many ways - some of which *do* prohibit posting 
of software.  Some of which cannot be resolved without spending a lot of 
time and/or money to verify - not necessarily something a casual member 
of this net can afford - or even AT&T sometimes.

Certainly, you did quote a fair bit of the law in the mail exchanged on
this topic.  And, given what you quoted I did say that I thought it
was probably okay to post it.  I stayed out of the discussions on the
net - and given the fact that you only quoted part of the law, I knew
the net would have the same discussion we had.

What do you expect?  The legal quote you sent to me and the net (the DOC
stuff) was inadequate - there were several "not withstanding other 
legislation" clauses, which without my prodding you probably wouldn't have
looked up.  And some you never did.  If you had posted Ritchie's item in 
the first place you could have headed off most of the whole mess.

Certainly, being a Canadian it's a little harder to keep up with US 
legislation.  But, being a Canadian doesn't a-priori mean that one doesn't
know anything about U.S. law.  We do have libraries in the Great White
North you know.  The province of Ontario alone is a bigger trading partner 
with the US than Japan - something that Ronald Reagan has yet to learn - so 
we have a pretty strong interest in US trade laws.

And I have done some research on a related field (privacy) in US law - though
some of it is outdated by now.  After all, there have been many articles on 
this topic in some of the trade journals (I can't put a finger on a 
specific one at the moment).  I imagine that you didn't know much about 
this restrictive trade legislation before I suggested that there may 
be a problem.

I raised a concern about exportation of it by mail - and from other postings
I know that my concerns were shared by many other people.
Free of invective (except for one that I apologized for before you read
it).  Because I didn't think you knew of this possible problem.  
You apparently didn't.  And I'm glad you searched the law - because I 
learned something more about the precise details of this area.  So did
a lot of other people.  So why the overreaction?

> Now when Larry Campbell proposed that we break a bad
> law and form a legal defense fund to get the law challenged in court,
> he tells us how stupid all the people were who fought Sentator McCarthy's
> abuse of government in the 1950's.

No.  They weren't stupid.  I admire them a lot for standing their ground
and fighting for something important that they believed in.  I was
pointing out how stupid and naive that the attitude "resistance is
simply a matter of legal fees" is.  Especially when it's someone else.
It's a great way of committing professional suicide.  Whether or not you
win.  However, if somebody does want to do something like this - with
eyes open to the full consequences - I'd contribute to such a fund too.

Someone who did this without exploring other avenues of getting rid of 
such a dumb law would be stupid.  You don't stop steam-rollers by
standing in front of them do you?  First you ask the driver to stop.
Then you ask his boss to tell him to stop...  Then you put a (small) 
land-mine under the roller.

> Chris, while living like a mouse might be fun for you, can you leave
> the rest of us to our kind of fun?  As somebody said, the people get
> exactly the government they deserve, and I for one want a better
> government and am willing to work to improve it.  This means learning,
> myself, how it works, and teaching it when it errs.

I didn't say don't do it:

	The country that's lost its ability for rebellion is not a country
	I'd like to live in...
 
[Imperfect remembrance of something Thomas Jefferson said.  Later paraphrased
by Groucho Marx and Woody Allen]

	people are in fact *obligated* to revolt against the emperor
	[when the emperor screws up]

[Confucious]

> From the tone of your postings I would almost venture a guess that you
> are a CIA disinformation operative.  

Egads, I've been found out - no more paychecks!  (oops, I blew my cover
again - it's "paycheques"!)

> Arguing for the supremacy of the
> government and the hopelessness of fighting the police state (McCarthy).
> The general tone of "Give up!  It's hopeless" is unhealthy for freedom.

You'd never get me arguing for the supremacy of any government (including
ours and especially yours).  Nor for the naive assumption that resistance 
is simply a matter of legal bills.

> Bomb, terrorist, cryptography, DES, assasinate, secret, decode, NSA, CIA, NRO.
>  The above is food for the NSA line eater.  Add it to your .signature and
>  you too can help overflow the NSA's ability to scan all traffic going in or
>  out of the USA looking for "significant" words.  (This is not a joke, sadly.)

Agreed.  But a long way from violating the law (so far).
-- 
Chris Lewis
Spectrix Microsystems Inc,
UUCP: {utzoo|utcs|yetti|genat|seismo}!mnetor!spectrix!clewis
Phone: (416)-474-1955