From: Paul Elliott <paul.elliott@hrnowl.lonestar.org>
Date: Thu, 11 Jul 1996 15:36:41 +0800
To: cypherpunks@toad.com (cypherpunks mailing list)
Subject: Can the inevitability of Software privacy be used to defeat the ITAR?
Message-ID: <31e46fa0.flight@flight.hrnowl.lonestar.org>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

All software companies who sell (really licence) software
must deal with the inevitability of software piracy. It
is a brute fact that any usefully product sold in the U.S.
will eventually appear as an unauthorized copy for sale
abroad. This fact must be recognized in the software companies'
business plan.

The question occurs to me "why can not this fact be used to
defeat the ITAR?"

What is to prevent a U.S company to licence a foreign company
to sublicence and distribute a Crypto product abroad, if that
foreign company obtains that product on the pirate market?

I am not a lawyer, but I look at the definition of "export"
on page 612 of Applied Cryptography and nothing seems to
obviously apply.

The scenario I imagine is this: U.S. company produces a crypto
product. To be generally useful, the product supports all languages.
(Those CDROMs really do hold a lot of data.)
After all, Americans do need to do business with foreigners.
The company licences and distributes the product in the U.S.
taking special care not to distribute the product to any foreign persons.
When inevitability, the product appears in the pirate market outside
the U.S., the company makes a contract with a foreign company 
allowing it to distribute it and sublicence it. The foreign company 
can get their copy from the pirate market, being authorized to get 
the copy by the U.S. company. When this deal is cut copies
have already been exported and are already being sold by the
pirates, against the will of the U.S. company.

In this scenario, the U.S. company had done everything
it possibly could to prevent the illegal export of its product. But
when its efforts have inevitably failed, it makes money by 
sublicencing.

When I look at the definition of Export on page 612 of applied
cryptography, I see one clause that defines transferring registration
as export, but only for aircraft, vessels and satellites.

OK, cypherpunk legal types, there has got to be something wrong
with this idea. There are a lot of smart people in the world,
so if this idea was good, somebody else would have thought of
it before now! But what is specifically is wrong with it?
I want to be educated!

- -- 
Paul Elliott                                  Telephone: 1-713-781-4543
Paul.Elliott@hrnowl.lonestar.org              Address:   3987 South Gessner #224
                                              Houston Texas 77063

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: cp850

iQCVAgUBMeR9nvBUQYbUhJh5AQGkYAP/bN0lmkjF6uZ92MmWIqdZwVmLmsiIUg9L
XbtYaeawNCMdi2BnkDUu4j/G1rNngFuAmRwABE9UxKOnwjMU5lfmxHev5RP9/CBF
81AnYc1bWeh52EuKJCKu47LMDn9PqfiCIGBwfRehgkZ72gO0+ywIP1fZrkwNNCF+
Md76LqUE5Z4=
=k7M5
-----END PGP SIGNATURE-----