From: Ernest Hua <hua@chromatic.com>
Date: Tue, 6 May 1997 03:06:06 +0800
To: Tim May <tcmay@got.net>
Subject: Re: FC: Responses to Tim May's criticism of SAFE, and a rebuttal
In-Reply-To: <v03007801af91e1128b39@[207.167.93.63]>
Message-ID: <199705051842.LAA21649@krypton.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> > In short, they can get what they want instantly, while we cannot
> > except through a long and arduous process (during which they can
> > throw many procedural and lobbying obstacles to slow us down).
> > The process is clearly in THEIR favor (and not without good
> > reason), and we must face that fact.
>
> Yes, and they keep throwing out new proposals (Clipper I, II, and
> III, Key Recovery Initiative, Trusted Third Parties, blah blah).
> [SNIP]
> They can generate laws far faster than we can mount
> political counter-efforts
> [SNIP]

Yup.  But again, they are given that priviledge for good reasons, one
of which is that they are supposedly the "experts", whatever that
means.

> It's hopeless to fight them on their own turf, as they hold most of
> the cards (and we paid for them).

Amen.

> > It takes just one Om Shinri Kyo (sp?) in any nation to convince
> > its leaders to pass knee-jerk panic legislation in the name of
> > security, and it's the fault of politics at the beck and call of
> > human nature (not just stupid politicians).
>
> And this will happen regardless of whether SAFE passes or not. As
> several of us have pointed out, SAFE contains prominently mentioned
> provisions for the stoppage of crypto exports (and maybe even
> domestic distribution) should terrorism or military diversions be
> [SNIP]

I think this really depends upon how the "terrorism" cause is
determined.  If it is the arbitrary decision of the executive branch
alone, then we have to question why the Clinton administration still
believes we are under such imminent threat, and how this is different
from the critieria being imposed by the SAFE provisions.

> [SNIP]
> weeks. Had the World Trade Center bombs succeeded (in bringing down
> one of the towers), this would have done it. When freedom fighters
> ultimately succeed in, say, killing 5000 Londoners in a Sarin or
> Ricin attack in the Tube, expect dramatic moves in all Western
> nations to sharply curtail civil liberties.

I think we violently agree here, except for one-sided terminologies
like "freedom fighters" or "terrorists".

> There is no hope that legal measures can maintain liberty. Only
> technological bypasses of the State can succeed.

However, here is where we don't necessarily agree.  Laws are around to
allow some "civilized" co-existance, where "civilized" is defined by
the basic rights and liberties of members of that society.  It is
important to follow laws for what they are intended to do.  It is
important to have a viable process for questioning and revising laws
which do not have desired intent or effective control.  It is also bad
to have laws which do not clearly define what they restrict, and it is
here which I, and many others, do not like ITAR.

I don't buy the burden of multiple export version argument because
most software exports HAVE to have multiple export versions for other
reasons such as language, cultural considerations, etc ...

I don't completely like the first amendment argument because it is
solely based on claiming that software is, first and foremost,
expression.  In fact, software has mechanism and side effect of
mechanism.  If software were strictly expression, it is hard to
imagine how a multi-billion industry could have spawned from such an
inert practice.  Another example: one could argue that crafting an
grenade launcher is artistic expression, but surely few would consider
THAT argument when faced with such an "expressive" neighbor.  The
point here is that software, by itself, could never have the imminent
danger that a grenade launcher could have.  Therefore, it should be
incumbent upon the export regulators to prove that the software poses
imminent danger before they should be allowed to regulate export.

In that sense, I have no problems with restricting, for instance,
software which is specifically designed to, say, hide the transport of
nuclear weapons.  Of course, I have no idea how one could design a
piece of software to do that, but IF the DoC/DoD/NSA/FBI can prove
that a piece of software was designed primarily to do that, then I'll
be happy to allow them to restrict the export of THAT specific piece
of software.

On the other hand, most software, especially those that fall into the
freeware or shareware category on the Net, have proven to be of
significant positive contribution to society.  Encryption is a
fundamental element (not the only element) in protecting our Net.  In
addition, equivalent strength or better encryption is already
available outside the U.S., so the laws do not have any real effect on
the general spread of encryption, unless of course, we have any
legitimate interest in deliberately crippling the protection
mechanisms in GII.  If there is, it would have to be a one-sided and
government-only interest (and I know that these arguments are based on
outdated Cold War thinking).  Therefore, I must conclude that, while
there may have been reasons in the past for restricting encryption
export, it is no longer net positive value for the U.S., as a nation,
to restrict its export.

This is why I don't care if SAFE explicitly declares that using
encryption to hide a crime is illegal (though I don't see the need for
an explicit declaration).  As long as SAFE invalidates ITAR with
respect to encryption, then Americans no longer have to prove that
encryption exports are being used for "bad" purposes; now it is up to
law enforcement to prove that an export is being used for "bad"
purposes.

While that may sound like a small gain, it is a huge win for
encryption liberty.

Ern

-- 
Ernest Hua, Software Sanitation Engineer/Chief Cut And Paste Officer
Chromatic Research, 615 Tasman Drive, Sunnyvale, CA 94089-1707
Phone: 408 752-9375, Fax: 408 752-9301, E-Mail: hua@chromatic.com