1997-05-16 - Re: Civil Disobediance

Header Data

From: Adam Back <aba@dcs.ex.ac.uk>
To: junger@upaya.multiverse.com
Message Hash: a375efb712ce14407a22044c70ea72855515196939660dae063c04aec143532d
Message ID: <199705162218.XAA01127@server.test.net>
Reply To: <199705161509.LAA07342@upaya.multiverse.com>
UTC Datetime: 1997-05-16 22:31:30 UTC
Raw Date: Sat, 17 May 1997 06:31:30 +0800

Raw message

From: Adam Back <aba@dcs.ex.ac.uk>
Date: Sat, 17 May 1997 06:31:30 +0800
To: junger@upaya.multiverse.com
Subject: Re: Civil Disobediance
In-Reply-To: <199705161509.LAA07342@upaya.multiverse.com>
Message-ID: <199705162218.XAA01127@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain

Peter Junger <junger@upaya.multiverse.com> writes:
> Adam Back writes:
> : [rsa sig/t-shirt]
> : 
> : While it's probably technically illegal to export, it clearly doesn't
> : get you in trouble to export it.  Raph Levien sent off a Commodity
> : Jurisdiction Request together with a sample T-shirt to ask permission
> : to export the T-shirt under the ITAR regulations.  They did not answer
> : his request.  I presume that they viewed either a "yes" or a "no" as a
> : loose for them.  If they say no, they open themselves for mockery in
> : the press, if they say yes, we progress the situation.  Export on
> : paper?  Floppy?  Internet?  Bigger programs.
> Under the new Commerce Department export regulations it appears that
> encryption software printed as hard copy---and I think that T-shirts
> are hard enough for this purpose---can be freely exported.  But
> the same material in electronic form may not be exported or placed on
> a web site without a license.  So the T-shirts are now OK, but under
> the EAR it is still an offense to send the code in a sigfile to an
> international e-mail list.

This is interesting.

It seems that this set up provides a potential test case similar to
Phil Karn's one with the source code disks for Applied Cryptography,
only much smaller, and much more silly looking, which I think would be
a boon because the US government would have more difficulty defending
the ban on export of something which would take 30 seconds to type in.

The response to Phil's request to export the disks detailed that there
was significant value added in the text having been OCRed/typed in and
neatly arranged in files on a floppy.

The .sig is also a few seconds to scan with a bar code reader.  Bar
codes are also interesting in this context, they are machine readable,
and the 2D bar codes allow reasonable information density on a sheet
of A4.  Vince has a 2D barcode gif of the .sig on his Arms Trafficker

If the perl rsa .sig were to be given permission to be exported in
electronic form, over the years since the original RSA sig I have
accumulated a collection of programs some donated by others, and a
couple more myself.  There is a good selection: IDEA, OTP, RC4, RC5,
DES, Diffie-Hellman.  Someone did an RSA keygen a while back.  These
vary in size and usefullness.  It would be relatively easy to create
something sufficiently functional and yet dangerous in a reasonably
few lines.  Full PGP compatible encrypt, signature check, and decrypt
looks doable in under 2000 chars or so, easily 1 A4 page of text, or
2D barcode.

> It is possible that the application for permission to export the
> T-shirt may have influenced this result.

That would be cool if accurate :-)

Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>