1993-09-07 - Re: Law Review Articles

Header Data

From: cme@ellisun.sw.stratus.com (Carl Ellison)
To: MJMISKI@macc.wisc.edu
Message Hash: a1d2067b029b4090013026e5d6e471eac65a254c26d1b18f87e2b1d6de478f48
Message ID: <9309071500.AA17823@ellisun.sw.stratus.com>
Reply To: N/A
UTC Datetime: 1993-09-07 15:06:39 UTC
Raw Date: Tue, 7 Sep 93 08:06:39 PDT

Raw message

From: cme@ellisun.sw.stratus.com (Carl Ellison)
Date: Tue, 7 Sep 93 08:06:39 PDT
To: MJMISKI@macc.wisc.edu
Subject: Re:  Law Review Articles
Message-ID: <9309071500.AA17823@ellisun.sw.stratus.com>
MIME-Version: 1.0
Content-Type: text/plain


I have two pet issues:

1.	Who Owns Cryptography?

	David Kahn's "The Codebreakers" shows that strong cryptography (as
	strong as that used by the military of the time) has almost always
	been invented by and used by private individuals, throughout
	history.

	The US Gov't (especially the NSA) has been trying to give the
	impression that it owns cryptography.

	The case needs to be made that cryptography inventions occur
	spontaneously in the minds of individuals and that cryptography is
	used to guard privacy (of both files and conversations) in a way
	the government:

	a.	could not control if it tried, short of "1984" style room
		bugging, informants, ...

	b.	should not control because of the 4000 year history of
		private ownership of cryptography.

2.	Export Laws for Cryptography --

	There are three classes of cryptography, logically:

	i.	Munitions
	ii.	Commercial
	iii.	Public Domain

	Munitions cryptography would include systems using government
	classified algorithms or incorporated in physical hardware which
	has been hardened for battlefield use.

	Commercial would include systems which are proprietary to some
	company and sold by that company.

	Public domain would include systems which have been fully published
	(DES, RSA, DH, IDEA, <many older systems>, ...), have been
	implemented from those publications and which are effectively
	already in the hands of any interested high school kid.  These are
	often available on public BBSs, worldwide.  (PGP, for example)

	It makes sense to control munitions via ITAR and commercial systems
	via the commerce department, while leaving public domain systems
	uncontrolled c/o freedom of speech.


What can be done to make these points?

If these are not law review issues, what can I do as a private citizen
to put these forth?

 - Carl






Thread