1993-12-22 - Secure Drive distribution argument

Header Data

From: Mike Ingle <MIKEINGLE@delphi.com>
To: cypherpunks@toad.com
Message Hash: db551a96169dce6ff07f21c7066ec5543c03ffd700b73b18956a999dc0135deb
Message ID: <01H6RCHXLQIA9386Q7@delphi.com>
Reply To: N/A
UTC Datetime: 1993-12-22 04:45:16 UTC
Raw Date: Tue, 21 Dec 93 20:45:16 PST

Raw message

From: Mike Ingle <MIKEINGLE@delphi.com>
Date: Tue, 21 Dec 93 20:45:16 PST
To: cypherpunks@toad.com
Subject: Secure Drive distribution argument
Message-ID: <01H6RCHXLQIA9386Q7@delphi.com>
MIME-Version: 1.0
Content-Type: text/plain


There has been some question as to whether I really want to prevent
Secure Drive export, or whether I just want to maintain "plausible
deniability" and dodge the ITAR. As for what I requested involving
the export of the program:

From the ad posted to newsgroups:
=============
The program is Copylefted under the GNU General Public License, and source
code in C and assembly language is included. This program is free and
always will be. This program may be freely distributed within the U.S.
and Canada; do not export it.

Cypherpunks Write Code!

To receive your copy: send e-mail to <mikeingle@delphi.com>
Specify uuencode or pgp ascii armor formats. I will make a list
and broadcast the code. U.S./Canada addresses only, please.
=============
Clear enough? And from the documentation in the ZIP file, under 
"Hazards to Avoid":
=============
Exporting this program. This program is for use in the US and Canada only.
Cryptography is export controlled, and sending this program outside the
country may be illegal. Don't do it.
=============

Several foreigners have tried to talk me into smuggling the program
out of the country, usually by sending me either a PGP message or
a PGP key and a subject line like "you know what". They have all
received nastygrams, in clear for the benefit of any eavesdroppers.
I am serious about preventing export of the program, and I'd like
to see it on sites which verify a U.S. or Canadian address before
sending the program. While we may disagree with the ITAR, I have no
desire to be the test case!

Just today I got a one-line request from someone at DOCKMASTER.NCSC.MIL 
for information about the program. What does anyone make of this?

>Mike is free to jump in here if he -wants- to go on record.  I hope he
>will just pretend he didn't see this series of posts so he can
>maintain his plausible deniability that he approved allowing SD to
>"leak" overseas like PGP did.

Being on the list when this was written makes that kind of hard.
I don't want the program exported, or distributed in such a way
as to lead to its export.

>will just pretend he didn't see this series of posts so he can
>maintain his plausible deniability that he approved allowing SD to
>"leak" overseas like PGP did.

I do not approve letting it "leak out of the country".

>I'm aware that Mike said he hadn't submitted Secure Drive to the FTP
>site because of "export concerns."  But since this site is already
>distributing PGP, I wouldn't think this a "concern" to the site
>administration.

Yes, but PGP is already worldwide. If Secure Drive did appear on a
foreign site, I would send that site administrator a message asking
him to take it off.

>So I'm asking any public-spirited Cypherpunk (perhaps even an
>anonymous one) to place Secure Drive on an FTP site or a site
>with an E-mail file server and to post the location of the file
>either here or to me privately.

If you do this, please make it a U.S./Canada only site.

>So far I still haven't heard from Eric. I did get two responses.
>The first was anonymous and sent me a copy of Secure Drive with
>a request for me to post it to foreign FTP site(s). The second
>was a request from a foreign site for me to send them a copy.

I'd like to see more about this, in private mail if you don't want
to post it to the list.

>I already have a copy of Secure Drive.  I would like to get it
>uploaded to a -USA- FTP site (like soda.berkeley) or e-mail
>fileserver site.  In my (non-professional) opinion, this is completely
>legal.

>I would rather not -unnecessarily- break the ITAR law (or even openly
>conspire to do so), by sending Secure Drive overseas myself.

>Once Secure Drive is on a domestic FTP site, some furriner may hear
>about it and flout our sacred law and have a copy sent to him.  But
>that won't be my fault.

But the bad guys might try to make it mine. That I don't want.

Matt Blaze commented on Dec 16:

>    Please, please don't do this without checking with the author of
>    the package first.  He went out of his way to say that he doesn't
>    want to a make it available for ftp because he doesn't want to
>    deal with potential export problems.  So respect his wishes; it's
>    his work, after all.

     Thank you. Fortunately Eric didn't do it.

>You all recall that Mike asked testers of the Beta version of Secure
>Drive not to ship it overseas or even distribute it at all. But I, at
>least, was -not- asked to agree to those conditions for the -release-
>1.0 version and I did not.  I have good records of my correspondence
>with Mike & can quote it if challenged.

The non-distribution of the beta was because I had no way to check it,
and it could easily have eaten hard drives. I did say in the ad that
you were not to export, although I didn't make anyone send a statement.
Maybe I should have.

>I will quote Mike briefly.  This is his response to my suggestion for
>a cosmetic change to LOGIN and CRYPTDSK:
>
>    Me:
>    >I wish I had gotten this to you sooner.  At least make sure it
>    >gets in the next release, please.
>
>    Mike:
>    Ok, the next release (if I do it; I'm hoping the net will take
>    this over the way it took over PGP) will also include ...
>
>Well, when the "net" took over PGP, it "leaked" overseas, didn't it.

"If you don't want to see it on the front page, don't put it in writing..."

I spelled out clearly that I wanted the program to be distributed widely
within the U.S. and Canada. By the net, I meant users in those countries.
I did not say I wanted it to leak out of the country, nor did I imply that.

>-----BEGIN PGP SIGNATURE-----
Be careful what you sign. The ease of forging on the internet would make
a great defense in court. A signature could hang you.

>Does anybody out there know what the status of the Grand Jury case
>against Mike Ingle is, the case involving the export to SecureDrive?
>
>I'd heard he was being investigated and all his records had been
>subpoenaed, with Janet Reno saying a whole new wing at Marion is being
>built for Zimmermann, Ingle, Karns, Hughes, and all the other
>cryptocriminals.
>
>And now that Defense Secretary Inman has issued that Martial Law
>Measure that crypto work is "born classified," the recent raids on
>most of the Cypherpunks seem to make more sense. And the recent
>progress in factoring, using the "rubber hose algorithm," has made
>most private cryptography moot.
>
>Me, I'm just glad I got out in '94 before they closed the borders.
>

This would be funny if it weren't so plausible. Try not to give them 
too many ideas. I'm also thinking about whether America will be a 
good place to live much longer.

-- Mike







Thread