From: jim bell <jimbell@pacifier.com>
Date: Sun, 28 Apr 1996 14:09:33 +0800
To: William Knowles <cypherpunks@toad.com
Subject: Re: You are now an International Arms Trafficker (#1) ???
Message-ID: <m0uDJCd-0008xTC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:10 PM 4/27/96 -0700, William Knowles wrote:
>Yikes,
>
>Tell me that conspiracy to break ITAR isn't grounds for becoming
>arms trafficker #1
>
>I don't even have the latest version of the shortened Perl-RSA 
>code back from the screenprinters.

I thought of a method of exporting encryption code that doesn't require an 
export license, but better yet makes some _deserving_ soul a criminal.   (In 
hindsight, it seems obvious, although I don't recall seeing it discussed.)

Basically, you take advantage of the fact that on the Internet, 
incorrectly-addressed email is often/usually returned to what appears to be 
the sender.  For example, send PGP source, split into appropriately-sized 
chumks, to somebody like   bigshot@nsa.com.    Mis-spell his name, of 
course, and forge the note so that it appears to be coming from some 
out-of-country address.  His ISP's system's email software sees the bad address, 
"returns" it, and it's sent to that out-of-US location.  Keep the messages 
as evidence; forward them to the appropriate prosecutor, who is stuck 
between a rock and a hard place:  Either he prosecutes a "good guy," or he 
fails to prosecute an unauthorized encryption exporter and thus sets up a 
bad precedent.

Jim Bell
jimbell@pacifier.com