1996-01-25 - Re: Crypto Exports, Europe, and Conspiracy Theories

Header Data

From: Michael Froomkin <froomkin@law.miami.edu>
To: “Timothy C. May” <tcmay@got.net>
Message Hash: 78f1262296621e332bb44ae22af5048cad66b3d000bfd29e3bb3cdc4d718f58d
Message ID: <Pine.SUN.3.91.960124225704.5620D-100000@viper.law.miami.edu>
Reply To: <ad2bf34e04021004d2fa@[]>
UTC Datetime: 1996-01-25 06:40:16 UTC
Raw Date: Thu, 25 Jan 1996 14:40:16 +0800

Raw message

From: Michael Froomkin <froomkin@law.miami.edu>
Date: Thu, 25 Jan 1996 14:40:16 +0800
To: "Timothy C. May" <tcmay@got.net>
Subject: Re: Crypto Exports, Europe, and Conspiracy Theories
In-Reply-To: <ad2bf34e04021004d2fa@[]>
Message-ID: <Pine.SUN.3.91.960124225704.5620D-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain

On Wed, 24 Jan 1996, Timothy C. May wrote:
> Specifically, I believe--though obviously cannot prove, given the nature of
> time--that a cryptographically strong version of Netscape developed outside
> the borders of the U.S. would not be freely importable into the U.S. I

Nope. Nope. Nope. Nope.  Donuts to dollars that it's freely importable.

Now, whether you could freely use it becomes another version of the 
"could they ban strong crypto for domestic use" issue.  I don't think 
so.  Why?  See my articles on my homepage, www.law.miami.edu/~froomkin

I also (to pick on Tim's excellent "you got to think like them" thread)
don't really see why they need to expend massive energies fighting this
battle once it looks lost (I do see why they would want to fight and have
fought delaying actions; every delay is a win in that mindset).  A
cryptographically strong browser isn't such a threat to policy, except
that you get more encrypted traffic messing up traffic analysis, and
that's happening gradually anyway.  Not to mention that traffic volumes
going up must strain some capacity somewhere. 

No, the real threats to LEAs/traditional ways of doing things are more
likely to be anonymity and anonymous cash.  And these are things that may
well be within the power of governments to at least make difficult if not
eliminate for some time.  "Chokepoints" is indeed the key word here, with
banks and remailer operators as chokees. 

If you are a government strategist, you might think, Why not make people
strictly liable for, e.g., any crimes planned with their remailers?  And
make ISPs strictly liable for crimes panned or executed on their systems? 

Those things stand more chance of being upheld than a ban on domestic use
of strong crypto, whether foreign or domestic coded.  I won't go so far as
to say "would be upheld" but it's much easier for me to imagine than a ban
on importing or using strong crypto.  I'm going to expand on this in the
next draft of my "oceans" paper; the draft currently on the web page does
not really do these issues much justice. 

> don't know what form such a law would take, to answer the point raised in
> another post by Peter Junger. Nor am I saying either State or NSA passes
> the laws...the ITARs have worked largely because they have never been
> challenged; if they were to be successfully challenged and stricken, as
> even some folks inside the NSA think is likely if tested in a proper case,
> then a Four Horseman-scared Congress will likely step in with some
> restrictions.

OK, Tim, what am I missing?  How will Enhanced-crypto-Netscape match 
remailers for their ability to keep TLAs up at night?

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's warm here.