1997-05-05 - Re: FC: Responses to Tim May’s criticism of SAFE, and a rebuttal

Header Data

From: Ernest Hua <hua@chromatic.com>
To: “William H. Geiger III” <whgiii@amaranth.com>
Message Hash: 5375820fb486dccb11c8f23d3b949b70d9e267299c93ea46024cc723045b2e99
Message ID: <199705051749.KAA19491@krypton.chromatic.com>
Reply To: <199705030048.TAA15456@mailhub.amaranth.com>
UTC Datetime: 1997-05-05 18:14:09 UTC
Raw Date: Tue, 6 May 1997 02:14:09 +0800

Raw message

From: Ernest Hua <hua@chromatic.com>
Date: Tue, 6 May 1997 02:14:09 +0800
To: "William H. Geiger III" <whgiii@amaranth.com>
Subject: Re: FC: Responses to Tim May's criticism of SAFE, and a rebuttal
In-Reply-To: <199705030048.TAA15456@mailhub.amaranth.com>
Message-ID: <199705051749.KAA19491@krypton.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain

> > And I don't understand why you did not respond to this point when
> > I brought it up earlier.  This area is MOST CERTAINLY NOT free of
> > legislation.  Have you tried to openly export a IDEA- or
> > 3DES-based non-key-recovery (real commercial) product lately?
> > Have you set up an open, publically announced FTP site where
> > anyone can freely fetch strong encryption sources?  If not, then
> > explain why, if there is no legislation on this matter, couldn't
> > you do it?
> Well I can't speak for Tim's actions in this area but I can say that
> I have made strong crypto available for download via the INet. And I
> ahev openly announced that I have made such available on numerious
> newsgroups and mailing lists.
> http://www.amaranth.com/~whgiii/pgpmr2.html

Ok.  I'll give you a brownie point for an FTP site.  I honestly don't
think the NSA has time to go after a few, small-time, non-commercial
FTP sites, and I don't believe site maintainers like you have much to
lose on this matter.  The NSA is not as dumb as the Scientologists on
fighting a handful of individuals on the Net (most of whom can easily
get any job they want in the high tech industry, including charging
>$100 per hour consulting, so the NSA has almost no leverage, and the
backlash is even worse).

On the other hand, SGI, Sun, HP, IBM, AT&T, etc. have much more to
lose than you do.  They have huge government contracts (which they
coincidentally announced very soon after they signed up for the
key-recovery initiative), which the NSA can threaten.  They have other
export licenses (non-encryption-related) they need.

> There is no legislation on this matter only an unconstitutional
> presidental order.

Well, I'm not going to get technical here on just what is in effect.

A presidential order is often as good as a hard legislation.  In this
case, it is just as good.  And it's not just encryption.  Look at what
happened to SGI when several supercomputers were discovered to have
gone to China?  Again, it's just an execute order, not hard
legislation.  (And there are good reasons for giving the executive
branch executive priviledge, as there is no reason to micromanage
other branches of the government unless there is a serious issue.)
And this is what the administration argued for before enough
legislators thought it was a serious issue.

My conclusion on the issue of whether or not there is legislation on
this matter, is yes.  Is it technically a bill which passed congress?
No.  Is it some rule that some branch of government can use to harass
you?  Yes.  That's effective enough for me (in fact, it's worse,
because it is "more arbitrary").


Ernest Hua, Software Sanitation Engineer/Chief Cut And Paste Officer
Chromatic Research, 615 Tasman Drive, Sunnyvale, CA 94089-1707
Phone: 408 752-9375, Fax: 408 752-9301, E-Mail: hua@chromatic.com