Path: nntp.gmd.de!xlink.net!howland.reston.ans.net!usenet.ins.cwru.edu! eff!eff!not-for-mail From: m...@eff.org (Stanton McCandlish) Newsgroups: comp.org.eff.news,comp.org.eff.talk,alt.politics.datahighway, talk.politics.crypto,alt.security.pgp,alt.privacy.clipper,alt.privacy, alt.freedom.of.information.act,alt.society.foia Subject: EFFector Online 07.10 - Action needed *immediately* for crypto bill! Followup-To: comp.org.eff.talk Date: 14 Jun 1994 22:34:51 -0400 Organization: Electronic Frontier Foundation Lines: 933 Sender: m...@eff.org Approved: m...@eff.org Message-ID: <2tlpcb$6je@eff.org> NNTP-Posting-Host: eff.org Summary: Immediate deadling on crypto export bill; Clippper bugs; ITAR appeal Keywords: Cantwell crypt crypto H.R. 3937 3637 ITAR export Clipper EES Blaze Karn ========================================================================= ________________ _______________ _______________ /_______________/\ /_______________\ /\______________\ \\\\\\\\\\\\\\\\\ \ ||||||||||||||||| / //////////////// \\\\\\\\\\\\\\\\\/ ||||||||||||||||| / //////////////// \\\\\\_______/\ ||||||_______\ / //////_____\ \\\\\\\\\\\\\ \ |||||||||||||| / ///////////// \\\\\\\\\\\\\/____ |||||||||||||| / ///////////// \\\\\___________/\ ||||| / //// \\\\\\\\\\\\\\\\ \ ||||| / //// \\\\\\\\\\\\\\\\/ ||||| \//// ========================================================================= EFFector Online Volume 07 No. 10 June 14, 1994 edit...@eff.org A Publication of the Electronic Frontier Foundation ISSN 1062-9424 In This Issue: ALERT: Crypto Export Provisions - One Day Left to Make or Break FOIA Documents Reveal Even OLA and OLC Know ITAR Is Unconstitutional Blaze Paper Details Hole In Clipper/Capstone/EES Scheme Karn Files Crypto Export CJ Appeal for _Applied_Cryptography_ Disk EFF's Godwin at Cyberspace Censorship Event on CompuServe A New Face at EFF - Doug Craven, Office Manager/Bookkeeper PGP 2.6 Available from Electronic Frontier Foundation FTP Site USENIX Address of EFF's Barlow Available on Cassette from O'Reilly Note About our FTP Site What YOU Can Do ---------------------------------------------------------------------- Subject: ALERT: Crypto Export Provisions - One Day Left to Make or Break ------------------------------------------------------------------------ *DISTRIBUTE WIDELY AND QUICKLY* ONE DAY DEADLINE! The House Intelligence Committee will probably make their decision on the vital issue of cryptography export tomorrow afternoon, Wed. June 15, 1994. If you've not had your say on whether the State Dept. & NSA will be allowed to continue to restrict the flow of public cryptographic products, write, call and fax *today*. Updated fax information for the entire Intelligence Cmte. is below, as is a sample letter, and background information on this important legislative action. If you don't get through on your first fax attempt, keep trying. All of these numbers have been tested and are working as of June 14. ******* What You Can Do 1) Fax a short letter TODAY to the chair of the Intelligence Committee, Representative Dan Glickman (D-KS). Ask him in your own words to leave the encryption provisions of H.R. 3937 intact. You may wish to send a copy of this to the committee itself also. Fax number: +1 202 225 5398 Committee fax: +1 202 225 1991 2) If you are unable to fax a letter, send an e-mail message to Rep. Glickman at glick...@eff.org. We'll deliver it for you, provide it arrives before noon, at which point all such messages must be delivered. 3) Personally urge everyone you know to send a similar fax to Rep. Glickman TODAY, especially if they are among Glickman's Kansas constituents. 4) If your own Representative is on the Intelligence Committee, send him or her a copy of what you sent Rep. Glickman. ******* Phone and Fax Numbers House Intelligence Committee ---------------------------- Subcommittee phone: +1 202 225 4121 Subcommittee fax: +1 202 225 1991 <== send your fax HERE <== p st name phone fax ___________________________________________________________________________ D KS Glickman, Daniel +1 202 225 6216 +1 202 225 5398 Chair D WA Dicks, Norman D. +1 202 225 5916 +1 202 226 1176 D CA Dixon, Julian C. +1 202 225 7084 +1 202 225 4091 D NJ Torricelli, Robert +1 202 224 5061 +1 202 225 0843 D TX Coleman, Ronald D. +1 202 225 4831 +1 202 225 4831 [Coleman's staff manually switch line to fax if they hear fax tones. Preceeding your fax with a voice call might help] D CO Skaggs, David E. +1 202 225 2161 +1 202 225 9127 D NV Bilbray, James H. +1 202 225 5965 +1 202 225 8808 D CA Pelosi, Nancy +1 202 225 4965 +1 202 225 8259 D TX Laughlin, Gregory H. +1 202 225 2831 +1 202 225 1108 D AL Cramer Jr, Robert (Bud) +1 202 225 4801 private D RI Reed, John F. +1 202 225 2735 +1 202 225 9580 D MO Gephardt, Richard A. +1 202 225 2671 +1 202 225 7452 R TX Combest, Larry +1 202 225 4005 +1 202 225 9615 R NE Bereuter, Douglas +1 202 225 4806 +1 202 226 1148 R CA Dornan, Robert K. +1 202 225 2965 private [Dornan's public fax disconnected; office refuses to divulge a fax number] R FL Young, C. W. (Bill) +1 202 225 5961 +1 202 225 9764 R PA Gekas, George W. +1 202 225 4315 +1 202 225 8440 R UT Hansen, James V. +1 202 225 0453 +1 202 225 5857 R CA Lewis, Jerry +1 202 225 5861 +1 202 225 6498 R IL Michel, Robert H. +1 202 225 6201 +1 202 225 9461 ****** Sample Fax FAX to: 202-225-1991 and 202-225-5398 Representative Daniel Glickman Chair House Intelligence Committee U.S House of Representatives Dear Representative Glickman: I realize that tomorrow your committee will probably act on the encryption provisions of H.R. 3937, the Export Administration Act of 1994. I urge that you allow them to remain as they were introduced in Rep. Cantwell's H.R. 3627, and subsequently incorporated into H.R. 3937. Privacy is the basis for my concern, and I support the ability to use secure encryption. Additionally, prohibiting the export of secure cryptography from the United States puts the U.S. at a competitive disadvantage internationally, for who would choose to use crypography known to be insecure (such as the "Clipper Chip", or products intentionally weakened to pass excessively stringent export restrictions)? Please, support privacy and security by preserving the cryptography export language of H.R. 3937. <signed> ****** More Information The actual text of this part of H.R. 3937 is at: ftp: ftp.eff.org, /pub/EFF/Policy/Crypto/ITAR_export/hr3937_crypto.excerpt gopher.eff.org, 1/EFF/Policy/Crypto/ITAR_export, hr3937_crypto.excerpt http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/hr3937_crypto.excerpt BBS: "Privacy--Crypto" file area, hr3937.crp For current status on the bill: ftp.eff.org, /pub/Alerts/export_alert.update gopher.eff.org, 1/Alerts, export_alert.update http://www.eff.org/pub/Alerts/export_alert.update BBS: "Alerts" file area, export.upd A general Web page on crypto export policy is at: http://www.cygnus.com/~gnu/export.html ****** Background (from John Gilmore <g...@eff.org>, EFF Board of Directors) Today, the U.S. State Department controls the export of most encryption, working closely with the National Security Agency (NSA) to limit products that provide real privacy, from cell-phones to PC software. A bill introduced by Rep. Maria Cantwell would instead give authority over non-military crypto exports to the Commerce Department. Commerce has much more reasonable regulations, with "First Amendment"- style unlimited publishing of publicly available software, including PGP, Kerberos, RIPEM, RSAREF, and mass-market commercial software. The bill also prevents the Commerce Dept. from tightening the regulations even if NSA somehow gets its tentacles into Commerce. A few months ago, you-all sent over 5600 messages to Rep. Cantwell in support of her bill, H.R. 3627. As a result, on May 18, the bill passed the House Foreign Affairs Committee by being incorporated into the Export Administration Act of 1994, H.R. 3937. Now the battle has become more intense. This portion of H.R. 3937 has been referred to the House Intelligence Committee with the intent to kill or severely maim it. We need your help again, to urge the Intelligence Committee to keep crypto export liberalization intact. The House and Senate Intelligence Committees, the only watchdogs for the NSA, tend to follow the agency's wishes when they wave the magic "national security" wand. They need plenty of input from the public that tells them that the nation will be *more* secure with good encryption, even though the NSA will be less happy. Not just computer users, but all users of telephones, cable TV, health care, and credit information systems would benefit from this change. The security of these applications is built on the foundation laid by the operating systems and network protocols on which they run. If this bill is passed, you will see high quality encryption built into Microsoft Windows, into the MacOS, into major Unix workstations, into the Internet, into cellular phones, into interactive television. The software already exists for confidentiality, privacy, and security of local and networked information, but it's not built-in to these systems because of the export ban. Today, each company could build two operating systems, one gutted for international use, but this would be costly and confusing for them and their customers, and would not allow international networks such as the Internet or telephones to be made secure and private. With this bill, these limits disappear. Furthermore, the Clinton Administration plans to permit high volume exports of Clipper products, while continuing to require tedious paperwork for truly secure encryption products. The bill would give Clipper and other crypto software more even-handed treatment. The bill also eliminates a senseless situation on the Internet. Today, crypto software can only be freely distributed from non-U.S. archive sites. It would eliminate that problem as well as the threat of prosecution against U.S. freeware authors of crypto software. This is the dream we've all been working toward. The Intelligence Committee must make its decision on the bill before June 16, so time is critical. Thanks again for your help! You can check at any time on the current status of the campaign at the location mentioned above. Send any comments on this campaign to campa...@eff.org. John Gilmore Chairman, EFF Crypto Committee EFF Board of Directors Member of Computer Professionals for Social Responsibility Member of International Association for Cryptologic Research ------------------------------ ------------------------------ Subject: FOIA Documents Reveal Even OLA and OLC Know ITAR Is Unconstitutional ----------------------------------------------------------------------------- The documents detailed below were obtained by Freedom of Information Act requests. They reveal that the Office of Legal Counsel and Office of Legislative Affairs have determined that portions of the ITAR export restrictions, which cover the export of cryptographic products, infringe the First Amendment, and also indicated that several Congressional committees, the President, and the Departement of State have been made aware of the constitutional problem of the International Traffic in Arms Regulations. Despite these facts, the cryptography export provisions of H.R. 3937 are still in danger of being removed or rendered worthless in committee tomorrow. For details on how to do your own FOIA submissions, get documents at ftp.eff.org, /pub/EFF/Issues/FOIA/ via anonymous ftp. These documents were obtained by Lee Tien, an attorney for EFF Boardmember John Gilmore. Each document was scanned and edited for obvious mistakes. The full documents are available at: ftp.eff.org, /pub/EFF/Policy/Crypto/ITAR_export/ITAR_FOIA/ gopher.eff.org, 1/EFF/Policy/Crypto/ITAR_export/ITAR_FOIA gopher://gopher.eff.org/11/EFF/Policy/Crypto/ITAR_export/ITAR_FOIA http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/ITAR_FOIA/ BBS: +1 202 638 6119, 6120 (8-N-1, 14.4k), "Privacy--Clipper/ITAR" file area A brief description of the content of each of the documents [file names in brackets are the BBS filenames] itar_hr_govop_hearing.transcript [ITARHEAR.TRN] This is the transcript of a series of hearings held before a subcommittee of the House Comittee on Government Operations. It is especially interesting for the two items it includes in the report; one memo shows that the Office of Legal Counsel concluded that ITAR was unconstitutional, and some testimony indicates that the State Department and the President may have ignored possibly binding legal advice from the OLC. mcconnell_garn.letter [ITAR1.LTR] This is a letter from Robert McConnell, Assistant Attorney General for Legal and Intergovernmental affairs to Jake Garn, the Chairman of the Senate Committee on Banking, Housing, and Urban Affairs. This letter highlights the position that the term "technology" as defined by the ITAR is overly broad and presents a probable violation of the First Amendment. mcconnell_zablocki.letter [ITAR2.LTR] Clement Zablocki was the Chairman of the House Committee on Foreign Affairs. This letter is a review of a bill that would amend the Arms Export Control Act (AECA). It is particularly good in that it makes a compelling argument for why the ITAR establishes a system of prior restraint. olson_mcconnell.letter [ITAR3.LTR] This is a follow-up letter to Robert McConnell from Theodore Olson, Assistant Attorney General for the Office of Legal Counsel. It reaffirms the OLC position that the ITAR establishes a regulatory scheme that "extends too broadly into an area of protected First Amendment speech." shiffren_tien.letter [ITAR4.LTR] The cover letter/reply to Lee Tien's FOIA request. Notable for the fact that there are other documents (specifically from the FBI and NSA) that could be relevant. simms_mcconnell.memo [ITAR5.MEM] A brief note acknowledging that the ITAR is overly broad, from Simms of OLA to McConnell. simms_robinson.memo [ITAR6.MEM] This is a memo prepared for Davis Robinson, then the Legal Adviser for the Department of State. This is a very well- documented paper on the various unconstitutional provisions of ITAR. The two areas this memo concentrates on are the "technical data" definition as well as the definition of "export." Near the conclusion, Simms states: "We remain of the opinion, however, that ... the ITAR still present some areas of potentially unconstitutional application. ...The best legal solution ... is for the Department of State, not the courts, to narrow the regulations." ------------------------------ Subject: Blaze Paper Details Hole In Clipper/Capstone/EES Scheme ---------------------------------------------------------------- Dr. Matthew Blaze, an AT&T Bell Labs researcher, recently discovered a fundamental flaw in the Administration/NSA Escrowed Encryption Standard cryptographic chips, particularly those known originally as Capstone. The EES Capstone chips, used in PCMCIA cards for data encryption on laptop computers, use the same cryptographic algorithm (Skipjack) and key "escrow" system as the infamous Clipper chips, though according to AT&T, the misfeature does not directly apply to Clipper, since it is intended for use in telephone equipment rather than computers. More importantly, however, is the fact that Blaze's discovery indicates a deep flaw in the entire EES scheme. Clipper's "immunity" is only accidental, and questionable - the flaw is also present in the Clipper EES system, just not as easy to exploit. Both Clipper and Capstone rely on a series of numbers referred to as the LEAF (Law Enforcement Access Field). The LEAF is used to verify chip serial numbers, create a session key for encryption, and validate the session key. Law enforcement or intelligence agents could use a recording of a Clipper conversation, or a copy of Capstone-encoded data, to identify the chip serial number, and obtain copies of the keys held by the "escrow" agents. Using these keys, they may decrypt the message or data at will - and the idea of the government holding the keys to personal privacy has been the primary objection to the EES scheme. The flaw Blaze has unearthed is another objection among many: anyone with "sufficient" computer skills can alter the LEAF to verify validity of a session key with an fake serial number, thereby defeating the entire purpose behind the EES - agents would have no idea which Clipper/Capstone chip produced the encrypted information, and thus would be unable to get the decryption keys. According to a June 2 article by John Markoff in the _New_York_Times_, NSA officials do not deny the existence of the flaw, though both NSA and AT&T maintain that Clipper is still useful. The full text of Dr. Blaze's report, "Protocol Failure in the Escrowed Encryption Standard", is available from: ftp.eff.org, /pub/EFF/Policy/Crypto/Clipper/ gopher.eff.org, 1/EFF/Policy/Crypto/Clipper gopher://gopher.eff.org/11/EFF/Policy/Crypto/Clipper http://www.eff.org/pub/EFF/Policy/Crypto/Clipper/ BBS: +1 202 638 6119, 6120 (8-N-1, 14.4k), "Privacy--Clipper/ITAR" file area [Filenames in brackets are BBS filenames. ZIP-compressed copies are also available on the BBS.] ASCII version: ees_flaw_blaze.paper [EESFLAW.PPR] PostScript version: ees_flaw_blaze_paper.ps.gz [EESFLAW.PS] Also of interest: ees_nist_senate.answers [EES_NIST.ANS] - answers from NIST to the Senate Technology and Law Subcommittee's 30 pointed questions regarding the EES/Clipper. Some of the answers are literally astounding. ------------------------------ Subject: Karn Files Crypto Export CJ Appeal for _Applied_Cryptography_ Disk --------------------------------------------------------------------------- From: Phil Karn <k...@unix.ka9q.ampr.org> [Background: Beginning in Jan. 1994, Phil Karn attempted to have Commodity Jurisdiction over Bruce Scheier's _Applied_Cryptography_ and a related diskette - containing the *same* source code as the book - shifted from the State Dept., notorious for refusing the export of cryptographic material, to the Commerce Dept., which regularly approved such export. The State Dept. aknowledged that they did not have jurisdiction over the book, but illogically maintain that the diskette is within their jurisdiction, and is not to be exported. Karn's appeal, and his own letter regarding the crypto export provisions of H.R. 3937 follow. - ed.] I just filed my appeal by fax; I will follow up with a mailed copy. [...] Note that the "Center for Defense Trade" mentioned in the ITARs as the address for administrative appeals no longer exists. I got Dr. Harris's name and address from Tom Denners of ODTC. ****** Dr. Martha C. Harris Deputy Assistant Secretary For Export Controls United States Department of State Room 7325A Washington DC 20522 202-647-1346 (fax) Subject: Appeal in CJ Case 081-94, "Applied Cryptography Source Code Disk" Also references: CJ Case 038-94, "Applied Cryptography", a book by Bruce Schneier APPEAL OF COMMODITY CLASSIFICATION This is an appeal under 22 CFR 120.4(g) of an adverse decision by the Office of Defense Trade Controls (ODTC) in the above cited case. It is also a request for ODTC to justify their decision and to respond to the points made here. INTRODUCTION In its May 11, 1994 reply in CJ Case 081-94, ("the Response") ODTC classified the subject of this appeal, the "Applied Cryptography Source Code Disk", ("the Diskette") as a defense article under category XIII(b)(1) of the United States Munitions List. I hereby formally appeal this determination on several grounds: 1) The information included on the Diskette is, for all practical purposes and contrary to ODTC's claim, identical to that printed in the book "Applied Cryptography" ("the Book"), which ODTC previously ruled was in the public domain and outside their licensing jurisdiction; 2) Even if the information on the Diskette had not already appeared in a publicly available book, by ODTC's own prior interpretation of the ITAR in CJ Case 038-94 it should nonetheless have qualified for the very same "public domain" exemption; and 3) The First Amendment protects the freedom of speech and of the press regardless of the medium of expression (diskette or printed textbook). Therefore, the dissemination of the publicly available Diskette is not within the licensing jurisdiction of your office. DISCUSSION 1. The Diskette Should Qualify For The ITAR Public Domain Exemption As A Result of ODTC's Decision in CJ Case 038-94 In its Response, ODTC said: The text files on the subject disk are not an exact representation of what is found in "Applied Cryptography." Each source code listing has been partitioned into its own file and has the capability of being easily compiled into an executable subroutine. This appears to be the basic rationale for ODTC's decision in this matter. I respectfully submit that the statement presents an arbitrary and capricious distinction, but no meaningful difference, between the information which is found in the Book and the Diskette. That characterization of the Diskette provides no basis in either law, regulations, or logic for ODTC's decision. The Diskette is as close to Part Five of the Book as one could make it. The typographic layout of the Book makes it absolutely clear, even to the non-programmer, where each cryptographic subroutine begins and ends. The name of each routine appears in bold font before the routine itself and in the header of each page. Moreover, the Diskette uses these same names for its files. The Response goes on to list the cryptographic routines included in the Diskette and says that they would not be exportable if they were incorporated into a product. But this is irrelevant to the present matter, since all of these routines appear in the Book, which ODTC had already ruled in CJ Case 038-94 to be outside its licensing jurisdiction and therefore exportable. The decision in this case must be based on a comparison to the Book, which is functionally identical to the Diskette, not to some hypothetical product. The only real difference between the Book and the Diskette is the one stated in my original request: the medium on which the information is recorded. Presumably, ODTC's phrase "added value" referred to the easy machine-readability of the Diskette. But "machine-readability" is no longer well defined; it cannot be limited to information stored on computer disks. With the widespread availability of optical character recognition (OCR) equipment and software, even printed information such as the Book is easily turned into "machine readable" disk files equivalent to those on the Diskette. Moreover, this only need be done once. It is then absolutely trivial to duplicate and disseminate the resulting files by telephone modem or over the Internet. And even without OCR capabilities, anyone with typing skills could easily type in the routines from the Book, again producing machine readable disk files. 2. The Diskette Should Qualify For The ITAR Public Domain Exemption Regardless of the Decision in CJ Case 038-94 Because the Diskette Is Itself Already in the Public Domain The issue of whether or not the Diskette is an exact representation of the Book is really a red herring. Even if the Diskette contained source code not in the Book, or even if the Book did not exist at all, the Diskette itself is in the public domain. The ITAR at 120.10(5) exempts from the definition of controlled "technical data" "information in the 'public domain' as defined in 120.11", and 120.11 defines "public domain" as "information which is published and which is generally accessible or available to the public" from libraries or through subscription, among other means. Of particular interest is the lack of any mention of the allowable media or medium on which the information must be recorded to qualify for "public domain" status. This is hardly surprising in that any such restriction would be at once illogical and offensive to the First Amendment. This Diskette is obviously within the "public domain". Anyone may obtain it by mail order from the author for a nominal charge to cover duplication and mailing. (The restriction to US and Canadian addresses exists only because of uncertainty about US export regulations.) Furthermore, much of the source code contained on the disk is in the public domain, in the even broader sense of the original authors having granted blanket copying and use permission, or relinquished copyright altogether. The software on this Diskette is also readily available to the public from many "anonymous FTP" repositories on the Internet, several of which are outside the United States and Canada. These repositories clearly qualify as "libraries open to the public" under 120.11(4). Indeed, it seems that the subject software is even more strongly "public domain" (in the ITAR sense) in machine readable form than in book form, precisely because the machine readable form is so much more readily obtainable. 3. The First Amendment Protects Absolutely the Freedom of Speech and the Press, Regardless of the Medium of Expression The export of publicly available cryptographic information, including software, is protected by the First Amendment to the Constitution. The US Supreme Court has written that "[t]he liberty of the press is not confined to newspapers and periodicals. It necessarily embraces pamphlets and leaflets.... The press in its historic connotation comprehends every sort of publication which affords a vehicle of information and opinion" (Lovell v. City of Griffin, 1938). Freedom of the press, says the Court, includes "the right of the lonely pamphleteer who uses carbon paper or a mimeograph as much as of the large metropolitan publisher who utilizes the latest photocomposition methods" (Branzburg v. Hayes, 1972). The computer network, the bulletin board system (BBS) and even "sneakernet" (the manual exchange of diskettes) are clearly the modern successors to the mimeograph machine. Users of these systems have just as much First Amendment protection, including the right to export their works, as John Wiley & Sons, publishers of "Applied Cryptography". There is opinion that the power to control exports is a Presidential national security and foreign policy function that deserves wide deference by the courts. But the national security power, "like every other governmental power, must be exercised in subordination to the applicable provisions of the Constitution" (US v Curtiss-Wright Corp, 1936). In Baker v Carr (1962), the Supreme Court said "[I]t is error to suppose that every case or controversy which touches foreign relations lies beyond judicial cognizance". In Bullfrog Films, Inc. vs Wick (1988) the Federal Court of Appeals for the 9th Circuit said "We ... reject ... the suggestion that the First Amendment's protection is lessened when the expression is directed abroad. The cases cited by the government do not support its contention that otherwise protected free speech interests may be routinely subordinated to foreign policy concerns". And in New York Times Co v US, 1970, popularly known as the "Pentagon Papers" case, the Supreme Court said, "[A]ny system of prior restraints of expressions comes to this Court bearing a heavy presumption against its constitutional validity" and the government "thus carries a heavy burden of showing justification for the imposition of such a restraint". It thus seems impossible to argue that export controls on information, including software, widely available in the United States, and even already available in published form outside the US (such as the Diskette) are necessary to prevent a "substantial likelihood of serious damage to national security or foreign policy" (Haig v Agee, 1981). Ordinary common sense says that ODTC's ruling in CJ Case 081-94 is arbitrary, capricious and wholly indefensible. Indeed, in the most celebrated prior restraint case (United States vs The Progressive, 1979), the government gave up all further attempts to control the dissemination of the information in question (design principles for thermonuclear weapons) once the Department of Justice became aware that the information it sought to ban had been published in the United States. Trying to ban further dissemination of that publication would have been both unconstitutional and futile, as are current attempts to control the export of public domain cryptographic software. Even an Assistant Attorney General of the Department of Justice has expressed the opinion that export controls on publicly available cryptographic information are unconstitutional: "It is our view that the existing provisions of the ITAR are unconstitutional insofar as they establish a prior restraint on disclosure of cryptographic ideas and information developed by scientists and mathematicians in the private sector". (Memorandum from J. Harmon, Department of Justice, to F. Press, Science Advisor to the President dated May 11, 1978, reprinted in "The Government's Classification of Private Ideas: Hearings Before a Subcommittee of the House Committee on Government Operations", 96th Congress, 2nd Session, 1980.) This opinion is entitled to special weight because Mr. Harmon was, at that time, in charge of the Office of Legal Counsel, the office which is responsible for preparing all the official opinions of the Attorney General. CONCLUSION I seek a favorable ruling that would recognize the "public domain" exemption for publicly available cryptographic software, such as the subject diskette, regardless of the medium on which it is recorded. I hope this will be possible through administrative appeal. Should it become necessary, however, I am fully determined to seek judicial relief. Sincerely, Philip R. Karn, Jr ****** Rep. Dan Glickman Chairman, House Intelligence Committee US House of Representatives Washington, DC 202-225-1991 (fax) Dear Representative Glickman: I am writing to urge you and your committee to leave intact the encryption provisions of Rep. Cantwell's bill, HR3627, as they amend the Export Administration Act of 1994, HR 3937. Rep. Cantwell's reforms are sorely needed. The US State Department, acting on behalf of the National Security Agency, stubbornly treats even widely available public domain encryption software as a "munition" that cannot be exported without a license -- which is invariably denied. I personally have been denied authorization to export a floppy disk containing exactly the same encryption software that has already been published in a book -- even though State agreed that the book itself was outside their jurisdiction, presumably because of the First Amendment guarantee of freedom of the press. This situation is offensive to the Constitution and to common sense. It is completely intolerable. Once again, I urge you to retain the provisions of Rep. Cantwell's bill in full as your committee considers the Export Administration Act of 1994. Sincerely, Philip R. Karn, Jr. ------------------------------ Subject: EFF's Godwin at Cyberspace Censorship Conference on CompuServe Mike Godwin, EFF Online Counsel, will be part of a "virtual panel" at CIS's "The Cyberconference: Censorship", Thursday, June 16. CompuServe's announcement states: "Playboy magazine and the Graphics forums are hosting a "Censorship in Cyberspace" conference to discuss the heated media controversy surrounding the questions: can and should cyberspace be censored? The conference will feature a dialogue with highly esteemed First Amendment experts and will be held in the CompuServe Convention Center on 16-Jun at 10 p.m. EDT (04:00 CET). Members can send questions in advance to User ID 75300,1610. Title > your message's subject "Playboy Conference" to ensure that your questions> are registered. "To attend the conference in the Convention Center, GO CONVENTION. For more information about graphics and your computer, GO GRAPHICS [or GO GRAPHNEWS]. The CompuServe Convention Center and the Graphics forums are each a part of CompuServe's extended services." CIS members with Internet access can reach the service by using telnet to connect to compuserve.com. ------------------------------ Subject: A New Face at EFF - Doug Craven, Office Manager/Bookkeeper ------------------------------------------------------------------- Originally from Miami Florida, Doug came to EFF in May 1994 to take over office management duties, having served as Senior Office Manager for four years and accounting positions for another four years with previous employers as diverse as academic institution, commercial enterprises, a water company and the FBI. Doug graduated from Thomas Stone H.S. in Waldorf Maryland in June 1986, a 2 year National Honor Society member, and moved on to Charles County Community College, Chesapeake College, and Anne Arundel Community College, as a Microcomputer Operations student. Doug enjoys music and video production, biking, and swimming. He says, "my #1 love is my dog Katie." ------------------------------ Subject: PGP 2.6 Available from Electronic Frontier Foundation FTP Site ----------------------------------------------------------------------- The latest DOS, Unix and Mac implementations of PGP (Pretty Good Privacy) 2.6, a freeware encryption program that has rapidly become the defacto standard for Internet email, is now available from ftp.eff.org via anonymous ftp. PGP and similar material are available from EFF's ftp site in a hidden directory, but only to Americans and Canadians, due to U.S. ITAR export restrictions on cryptographic products. Access to this directory can be obtained by reading and following the instructions in the README.Dist file at: ftp.eff.org, /pub/Net_info/Tools/Crypto/ gopher.eff.org, 1/Net_info/Tools/Crypto gopher://gopher.eff.org/11/Net_info/Tools/Crypto http://www.eff.org/pub/Net_info/Tools/Crypto/ PGP can only be obtained from EFF via ftp currently. Gopher and WWW access to the material itself is not supported at this time. If you would like to see US export restrictions on cryptography removed, please send a message supporting the retention of Rep. Cantwell's export reform language (originally bill HR3627) in bill HR3937, to Rep. Glickman's fax number or glick...@eff.org - TODAY. See lead article for details. Please ask your Representatives to co-sponsor this bill if it includes Rep. Cantwell's export provisions, and ask your Senators to co-sponsor Sen. Murray's companion bill (S1846) in the US Senate. Congress contact information is available from: ftp.eff.org, /pub/EFF/Issues/Activism/govt_contact.list ------------------------------ Subject: USENIX Address of EFF's Barlow Available on Cassette from O'Reilly ----------------------------------------------------------------------------- From: br...@ora.com (Brian Erwin) The globalization of the Internet, satellite-based Internet Protocol multicasting, and strategies for dealing with Internet address allocation are just three of the subjects discussed by leading Internet developers on four new audiotapes we just released. "Notable Speeches of the Information Age, John Perry Barlow" USENIX Conference Keynote Address January 17, 1994; San Francisco, CA Duration: 90 minutes, ISBN: 1-56592-992-6, $9.95 (US) John Perry Barlow is a retired Wyoming cattle rancher, a lyricist since 1971 for the Grateful Dead who holds a degree in comparative religion from Wesleyan University. In 1990, Barlow co-founded the Electronic Frontier Foundation with Mitch Kapor, and currently serves as chair of its executive committee. In his keynote address to the Winter 1994 USENIX Conference, Barlow talks of recent developments in the national information infrastructure, telecommunications regulation, cryptography, globalization of the Internet, intellectual property, and the settlement of Cyberspace. This talk explores the premise that "architecture is politics"--that the technology adopted for the coming "information superhighway" will help to determine what is carried on it. If the electronic frontier of the Internet is not to be replaced by electronic strip malls controlled by the old broadcast content providers, we need to make sure that our technological choices favor bi-directional communication and open platforms. Side A contains the keynote; Side B contains a question and answer period. This and other O'Reilly products are available in the Americas and Japan through bookstores, or directly from the publisher (credit card orders 800-889-8969; email or...@ora.com). For information: telephone 707-829-0515 (800-998-9938 in US & Canada); FAX 707-829-0104; email n...@ora.com; or write O'Reilly & Associates, 103A Morris St., Sebastopol, CA, 95472, USA. GSA # GS-02F-6095A. Access our online gopher catalog via "telnet gopher.ora.com" (log in as "gopher" -- no password needed). Our international distributors: * EUROPE (except German-speaking countries), MIDDLE EAST, AFRICA International Thomson Publishing, Berkshire House, 168-173 High Holborn, London WC1V 7AA, UK. Telephone 44-71-497-1422; FAX 44-71-497-1426; or email danni.dolb...@itpuk.co.uk * GERMAN-SPEAKING COUNTRIES. International Thomson Publishing, Konigswinterer Strasse 418, 53227 Bonn, Germany. Telephone 49-228-445171; FAX 49-228-441342; or email 100272.2...@compuserve.com * ASIA. International Thomson Publishing, 221 Henderson Rd., #05-10 Henderson Building, Singapore 0315. Telephone 65-272-6496; FAX 65-272-6498 * AUSTRALIA AND NEW ZEALAND. WoodsLane, Unit 8, 101 Darley Street, Mona Vale, NSW 2103, Australia. Telephone 61-2-979-5944; FAX 61-2-997-3348; or email wo...@tmx.mhs.oz.au ------------------------------ Subject: Note About our Internet Sites -------------------------------------- To clarify a potential confusion, please note that eff.org is our staff machine - where we get our email, etc. EFF's public services are available from specific services: ftp: ftp.eff.org gopher: gopher.eff.org WWW: http://www.eff.org/ WAIS: wais.eff.org [when available] telnet: n/a Attempting to telnet, ftp, or gopher to eff.org will result in an error message. ------------------------------ Subject: What YOU Can Do ------------------------ "Cryptography is an enormously powerful tool that needs to be controlled, just as we control bombs and rockets." - David A. Lytel, President's Office of Science and Technology Policy Who will decide how much privacy is "enough"? The Electronic Frontier Foundation believes that individuals should be able to ensure the privacy of their personal communications through any technological means they choose. However, the government's current restrictions on the export of encrytion software have stifled the development and commercial availability of strong encryption in the U.S. Now, more than ever, EFF is working to make sure that you are the one that makes these decisions for yourself. Our members are making themselves heard on the whole range of issues. To date, EFF has collected over 5000 letters of support for Rep. Cantwell's bill (HR3627 - Sen. Murray's companion bill is S1846) to liberalize restrictions on cryptography. The bill's provisions, now part of the more general HR3937, will need your immediate and vocal support to succeed. We also gathered over 1400 letters supporting Sen. Leahy's open hearings on the proposed Clipper encryption scheme, which were held in May 1994. If you'd like to add your voice in support of the Cantwell bill's language, which is in danger of being stripped from HR3627, fax the House Intelligence Committee Chair, Rep. Dan Glickman at +1 202 225 5398, or the Committee at +1 202 225 1991, or send email to glick...@eff.org IMMEDIATELY (letters received at the glickman alias will be printed and delivered to Rep. Glickman before noon [EDT], June 15.) You KNOW privacy is important. You have probably participated in our online campaigns. Have you become a member of EFF yet? The best way to protect your online rights is to be fully informed and to make your opinions heard. EFF members are informed and are making a difference. Join EFF today! For EFF membership info, send queries to members...@eff.org, or send any message to i...@eff.org for basic EFF info, and a membership form. ------------------------------ Administrivia ============= EFFector Online is published by: The Electronic Frontier Foundation 1001 G Street NW, Suite 950 E Washington DC 20001 USA +1 202 347 5400 (voice) +1 202 393 5509 (fax) +1 202 638 6119 (BBS - 16.8k ZyXEL) +1 202 638 6120 (BBS - 14.4k V.32bis) Internet: a...@eff.org Internet fax gate: remote-printer....@9.0.5.5.3.9.3.2.0.2.1.tpc.int Coordination, production and shipping by: Stanton McCandlish, Online Activist/SysOp/Archivist <m...@eff.org> Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the views of EFF. To reproduce signed articles individually, please contact the authors for their express permission. To subscribe to EFFector via email, send message body of "subscribe effector-online" (no quotes) to listse...@eff.org, which will add you a subscription to the EFFector mailing list. ------------------------------ Internet Contact Addresses -------------------------- Membership & donations: members...@eff.org Legal services: sste...@eff.org Hardcopy publications: p...@eff.org Technical questions/problems, access to mailing lists: e...@eff.org General EFF, legal, policy or online resources queries: a...@eff.org End of EFFector Online v07 #10 ****************************** $$ -- Stanton McCandlish * m...@eff.org * Electronic Frontier Found. OnlineActivist F O R M O R E I N F O, E - M A I L T O: I N F O @ E F F . O R G O P E N P L A T F O R M O N L I N E R I G H T S V I R T U A L C U L T U R E C R Y P T O