From: Jeff Simmons <jsimmons@goblin.punk.net>
Date: Fri, 24 Nov 1995 07:46:10 +0800
To: cypherpunks@toad.com
Subject: Re: Spam the Sign!
In-Reply-To: <Pine.SUN.3.91.951123152756.26616C-100000@viper.law.miami.edu>
Message-ID: <199511232322.PAA00782@goblin.punk.net>
MIME-Version: 1.0
Content-Type: text/plain


> 
> Actually, the application of the law tends to be far more reasonable than 
> non-lawyers believe.  This is one of the hardest things to get law 
> students to believe.  But it is a human process, not a mechancial one.
> 
> If you sell a product legally in the US, taking reasonable precautions to
> observe the ITAR and making clear to your customers what their obligations
> are, you have essentially zero risk.  How do I know this?  Many, many,
> many people do exactly that every day, and none have AFAIK even been
> threatened with prosecution.  This is NOT IMHO how the ITAR restricts 
> intra-US trade.  The ITAR restrict intra-US trade by inducing people to 
> make only exportable products so that they don't have the trouble of 
> supporting two different versions, doing 2 kinds of paperwork, etc.
> 
> OTOH, if you hand software to someone to put on an FTP site, nudge, 
> nudge, wink, wink let's hope it doesn't get exported, ha, ha, then you 
> really are guilty of trying to end-run the ITAR, and they feds may give 
> you a hard time, which after all is their job if you are breaking federal 
> law.
> 
Then suppose you hand software to MIT to put on its export-controlled ftp
site (which would seem to follow your requirements to take reasonable
precautions to observe the ITAR, etc.) and you don't do the nudge, nudge,
wink, wink - BUT you know that it's going to be available on major ftp
sites in Europe within a few hours anyway.  The intent to export isn't 
there, but the export occurs anyway.  Is it the intent, or the knowledge
that's important?

Obviously the intent, or the MIT server would be in jail.

So I demonstrate lack of intent to export, by following MIT's model when I
set up my own 'export controlled' ftp server.  Am I safe?  Or do I need
a note from the NSA or somebody to do this?  And if I do need somebody or
something's 'permission', and they refuse to give it, aren't they using
ITAR to restrict the distribution domestically?  Do I have any options in
this case other than to give up?

Or, to bring it down to a practical question, what's stopping Netscape?  How
does Netscape setting up an 'export controlled' ftp site based on the MIT
version lead to one of their executives going to jail?

I have the feeling that we're talking about two different things here - the
law as it's practiced in the courtroom and the law as it's practiced on the
'streets'.  Obviously, the fact that I feel I'm doing something 'legal'
won't help much if the government decides to do a Phil Zimmerman on me.
But I would be interested in your comments.

-- 
Jeff Simmons                           jsimmons@goblin.punk.net