1998-11-30 - Re: “Export” controls

Header Data

From: Michael Motyka <mmotyka@lsil.com>
To: cypherpunks@Algebra.COM
Message Hash: 497affbff313f32a62068ce94568513bd677d0b434b34e24ce7fadb5835bddc9
Message ID: <3662E37B.2ADC@lsil.com>
Reply To: N/A
UTC Datetime: 1998-11-30 19:07:44 UTC
Raw Date: Tue, 1 Dec 1998 03:07:44 +0800

Raw message

From: Michael Motyka <mmotyka@lsil.com>
Date: Tue, 1 Dec 1998 03:07:44 +0800
To: cypherpunks@Algebra.COM
Subject: Re: "Export" controls
Message-ID: <3662E37B.2ADC@lsil.com>
MIME-Version: 1.0
Content-Type: text/plain



> Export farce is just a neat way of scaring companies and individual
> contributors from developing and providing cryptographic systems 
> within US. 
>
100% accurate, but old, conclusions.

> Anyone providing domestic crypto runs the risk of violating EARs.
> Manufacturers are ultimately responsible when their products end up
> overseas...
>
Can you give me an example of a commercial vendor who has suffered
because someone bought a "dangerous" product ( Windows, for example ) at
retail and carried it out of the country in a suitcase? My guess would
be that anything sold at retail would pose no problem for the
manufacturer unless domestic regulations were in place. Even then the
retailer is the first in line for questioning.

> [ For example, try to buy one of IBM crypto-cards - give them a call
> and ask what does it take to purchase one with hard crypto on it
>
Save me the phone call and describe your experience. BTW - IBM derives a
large portion of its revenues from government contracts. They would be
pretty easy to convince. An non-dependant might be different.

> Would a US citizen have to produce ID in order to buy ?
>
Not until there are domestic regulations. Except for firearms,
cigarettes, alcohol and prescription drugs I can't think of any. My
guess would be that start-up manufacturers could get their tails twisted
long before the retail shelf:

Personal Audits
Business Audits
Supplier problems ( caused by similar techniques being threatened or
applied )
FCC EMI Test Delays and Failures
Credit Problems
Lots of Traffic Tickets for everyone.

It could be fun to try an embedded product. Make some development kits
then try to license it. Let a manufacturer with some resources handle
the heavy lifting. If you have trouble with that give 'em the bird -
just write a damn book, source, VHDL etc. You can even export that. My
favorites are:

Secure phone - I know it exists already but still fun

Disk encryptor - SCSI/EIDE, a bump in the wire between the motherboard
and the disk drive. With its own smartcard/keypad interface, keys are
never seen by OS. It doesn't solve the security problem while the system
is on but it sure as hell makes the disk useless to opponents once it
has been shut off. Good storage. Effectively shredded if you destroy the
smart card or forget the key. The proper way to keep your data as long
as the courts respect the Fifth Amendment.

Oh well,
Mike





Thread