1995-12-06 - Re: Solution for US/Foreign Software?

Header Data

From: tcmay@got.net (Timothy C. May)
To: Ernest Hua <jimbell@pacifier.com (jim bell)
Message Hash: cc72b66e55c62e9d814de3b934fdbb56e1e725c1ac8b7f03d33266694713faf5
Message ID: <aceb1fcf1602100460f2@[205.199.118.202]>
Reply To: N/A
UTC Datetime: 1995-12-06 18:22:52 UTC
Raw Date: Wed, 6 Dec 95 10:22:52 PST

Raw message

From: tcmay@got.net (Timothy C. May)
Date: Wed, 6 Dec 95 10:22:52 PST
To: Ernest Hua <jimbell@pacifier.com (jim bell)
Subject: Re: Solution for US/Foreign Software?
Message-ID: <aceb1fcf1602100460f2@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:50 PM 12/6/95, Ernest Hua wrote:

>The main point is that there is no such thing as the "letter of the law".
>What they enforce is much broader than that, and how they enforce it is much
>more subtle than clear-cut criminal prosecution.  Therefore, you cannot just
>use literal loop holes just because it's not clear, because the law they are
>enforcing is not clear either.
>
>This response should almost be an FAQ for this crowd.

Indeed. In fact, my Cyphernomicon FAQ contains numerous discussions about
ITAR and hooks. For example:

  - Dan Bernstein has argued that ITAR covers nearly all
              aspects of exporting crypto material, including codes,
              documentation, and even "knowledge." (Controversially, it
              may be in violation of ITAR for knowledgeable crypto people
              to even leave the country with the intention of developing
              crypto tools overseas.)

and

 10.10.6. "Can ITAR and other export laws be bypassed or skirted by
            doing development offshore and then _importing_ strong crypto
            into the U.S.?"
           - IBM is reportedly doing just this: developing strong crypto
              products for OS/2 at its overseas labs, thus skirting the
              export laws (which have weakened the keys to some of their
              network security products to the 40 bits that are allowed).
           + Some problems:
             - can't send docs and knowhow to offshore facilities (some
                obvious enforcement problems, but this is how the law
                reads)
             - may not even be able to transfer knowledgeable people to
                offshore facilities, if the chief intent is to then have
                them develop crypto products offshore (some deep
                Constitutional issues, I would think...some shades of how
                the U.S.S.R. justified denying departure visas for
                "needed" workers)
           - As with so many cases invovling crypto, there are no
              defining legal cases that I am aware of.


--Tim May

Views here are not the views of my Internet Service Provider or Government.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
Corralitos, CA              | knowledge, reputations, information markets,
Higher Power: 2^756839      | black markets, collapse of governments.
"National borders are just speed bumps on the information superhighway."







Thread