1996-07-25 - Re: Netscape

Header Data

From: jim bell <jimbell@pacifier.com>
To: The Deviant <deviant@pooh-corner.com>
Message Hash: 7e10e06406417eacdb6a0503693c952fa9eb93402c7c8397a895128b8fb54fe3
Message ID: <199607252024.NAA17509@mail.pacifier.com>
Reply To: N/A
UTC Datetime: 1996-07-25 23:58:16 UTC
Raw Date: Fri, 26 Jul 1996 07:58:16 +0800

Raw message

From: jim bell <jimbell@pacifier.com>
Date: Fri, 26 Jul 1996 07:58:16 +0800
To: The Deviant <deviant@pooh-corner.com>
Subject: Re: Netscape
Message-ID: <199607252024.NAA17509@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:15 PM 7/25/96 +0000, The Deviant wrote:
>hOn Wed, 24 Jul 1996, jim bell wrote:

>> That still doesn't make sense.
>> First, there were laws.  And we had to obey them.
>> Then, they added ITAR.  And they want us to obey it.
>> Finally, it seems, they're giving us "guidelines."  Not law, Not ITAR.
>> Next it's gonna be their their fondest desires, their preferences,and 
>> finally their whims.
>> What's wrong with this picture?    Do I detect an ass-kissing contest?
>
>Yup.. thats it.  And they said I was an idiot when I [Correctly] said
>that Netscape wasn't activly fighting the ITAR.

Agreed.  Writing good crypto is certainly praiseworthy and desirable, but it 
does not "fight ITAR," per se.  (It fights lack of crypto, which is not the 
same thing!  Lack of crypto certainly needs to be fought, as well.)

Writing the software and selling it domestically is, at best, 
"ITAR-neutral."   Putting it on the net in the most unrestrictive way the 
State Department has previously approved of is also "ITAR-neutral."  
(Because such a method is, presumably, within the rights of anyone; we can 
conclude this because "the State Department said so.")

A _PRO_-ITAR stance is one in which a company or person puts restrictions on 
his distribution of that software above and beyond what have historically 
been approved, particularly when prior distributions of software are still 
going on with those previously-approved restrictions. They may be absolutely 
entitled to do so, but that's still pro-ITAR.  For a small and uninfluential 
company, the significance of doing that is minor, but for Netscape, it's 
crucial because it practically invites the government to set a new precedent 
beyond what they (the government) previously thought they might get away with.


 
>> You should have told them that if they're "evaluating their guidelines" that 
>> means that NO future modifications to those guidelines is binding on you, 
>> since it is not part of ITAR and is CERTAINLY not part of the law.  You 
>> should have memorialized the contact with a lawyer's letter, and promptly 
>> posted the new version of your software with whatever version of the 
>> precautions  (MIT, RSA, or?) you felt most happy with.
>> 
>
>Or even better... Lets look at this version...
>
>lets say I get my internet service from MCI.  Now lets say I put crypto on
>my web page.  When somebody from out of the country visits my web page,
>and downloads it, who's exporting it?  Them, MCI, or me?  I'd say they
>are, and I doubt ITAR covers this... this is one of those things thats
>covered in "guidelines". ;) umm.... Smooch Smooch?

Yes, if we really oppose ITAR, we should kill it by insisting that the 
government fully document it at every turn.  

Jim Bell
jimbell@pacifier.com





Thread