From: jim bell <jimbell@pacifier.com>
To: Will Rodger <cypherpunks@toad.com
Message Hash: d7ad3515a09729c00051b0241c99e652346a2c7335a2be71b873e8d8e97ef558
Message ID: <199607120403.VAA24122@mail.pacifier.com>
Reply To: N/A
UTC Datetime: 1996-07-12 14:17:51 UTC
Raw Date: Fri, 12 Jul 1996 22:17:51 +0800
From: jim bell <jimbell@pacifier.com>
Date: Fri, 12 Jul 1996 22:17:51 +0800
To: Will Rodger <cypherpunks@toad.com
Subject: Re: I@Week on crypto export loophole 6/24/96
Message-ID: <199607120403.VAA24122@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain
At 10:30 PM 7/11/96 -0400, Will Rodger wrote:
>Bidzos' pending deal brought forth several questions:
>1 - Could others try something like the DES deal with stuff under copyright
>and still make money doing it?
>2 - If so, was the administration aware of it? and;
>3 - Who, if anyone, would be the first to try it?
>
>The answers were:
>1 - Yes, someone else could try it.
>2- The administration wouldn't comment, but had an official reply that
>showed it grasped all the implications within 15 minutes of our asking.
>3 - No one's stepping forward, but Ken Bass, atty. for Phil Karn and Phil
>Zimmermann, among others, said he knew some folks were considering moves
>along those lines, though he gave few details.
>
>Steptoe & Johnson cyberspace atty. Stewart Baker suggested such a move would
>be "extremely aggressive advice," though "not quite insane." if I remember
>correctly.
Well, lawyers have to be really careful about appearing to endorse something
that's on the edge of legality. Also, it's obvious that the advice given
would be vastly different depending on who was doing the asking. If it were
one of the two companies potentially involved, they'd probably be told that
doing this would be frowned on. If it were the individual considering
secretly exporting the program, he'd be told "Don't tell us! And whatever
you do, don't get caught!"
>A few caveats to any US citizen who finds himself trying to help such a
>situation occur:
>
>1) The loophole can be closed by executive order with little or no notice,
It's unclear if a foreign national on foreign soil can be considered within
the jurisdiction of the US, especially merely for being the recipient of
software whose export would have been illegal under US law. If the copy is
re-mailed to him from a third country, he doesn't even know for sure if the
software was ever illegally exported.
And "executive orders" are already on constitutionally shaky ground anyway,
as are export controls for crypto. (As I understand it, "executive order"
was originally considered binding only on government employees; it was akin
to an order internal to a company.) An executive order prohibiting a
private-company's receipt of money for licensing fees on software which, IF
EXPORTED, would require a license is straining credulity more than a bit.
And moreover, there's the question of whether or not this logic extends to
any licensing regardless of how remote it is. Could a US semiconductor
company be barred from licensing ordinary semiconductor technology, if the
foreign recipient of that license decides to use it for building an
encryption chip? What if they use it to build an ordinary DRAM chip that
just happens to be installed into a crypto phone, perhaps by a third party?
Could the writer of a C++ compiler be denied the right to export simply
because one foreign customer used a copy of that program to compile an
encryption program abroad?
And, they should be able to turn the royalty payment into something that
achieves the same payback (say, the use of a logo signifying approval)
rather than the specific use of a particular piece of software.
and
>2) Any citizen aiding the export of such software will of course, be brought
>up on some pretty serious felony charges if caught. Foreign nationals are
>doubtless subject to the same laws if on US soil while the deed gets done.
"Getting away with it" probably involves no more than writing a floppy with
software, putting a few stamps on it and addressing it to a foreign country,
putting either no return address or a fake one on it, and then tossing it in
a convient USnail box. (Taking all the usual precautions against
fingerprints, DNA testing, etc.) In practice, the likelihood of getting
caught if you're careful is somewhere between zero and nil. Pre-encrypting
the data with the recipient's public key makes it that much more difficult
for the USG to show that it's being illegally exported.
>Then again, Baker said, "if one gets away with it, dozens will try it, too."
>I won't be the first to try.
As I see it, the most important issue is not the legal status of the one
actually doing the export/mailing, but in fact the organization which is the
recipient and thus, the beneficiary of this act. _THAT_ organization will
be well-identified, yet will not have done anything obviously illegal. Is
there any indication that Baker was trying to distinguish between the one
physically mailing it, and those receiving it?
Jim Bell
jimbell@pacifier.com
Return to July 1996
Return to “jim bell <jimbell@pacifier.com>”
1996-07-12 (Fri, 12 Jul 1996 22:17:51 +0800) - Re: I@Week on crypto export loophole 6/24/96 - jim bell <jimbell@pacifier.com>