1997-05-02 - unSAFE

Header Data

From: Declan McCullagh <declan@well.com>
To: cypherpunks@toad.com
Message Hash: b75b3ee0dd2999c18981ee9e1f9ed405b6f55b39de306d65b8bb27b98fbe55bc
Message ID: <Pine.GSO.3.95.970502053413.14481B-100000@well.com>
Reply To: N/A
UTC Datetime: 1997-05-02 13:08:53 UTC
Raw Date: Fri, 2 May 1997 21:08:53 +0800

Raw message

From: Declan McCullagh <declan@well.com>
Date: Fri, 2 May 1997 21:08:53 +0800
To: cypherpunks@toad.com
Subject: unSAFE
Message-ID: <Pine.GSO.3.95.970502053413.14481B-100000@well.com>
MIME-Version: 1.0
Content-Type: text/plain




---------- Forwarded message ----------
Date: Fri, 2 May 1997 01:04:17 -0400
From: Michael Sims <jellicle@inch.com>
To: fight-censorship@vorlon.mit.edu
Cc: Jonah Seiger <jseiger@cdt.org>, abd@cdt.org, Tim May <tcmay@got.net>,
    declan@well.com
Subject: unSAFE

Well, I've read Mr. Davidson's defense of the SAFE bill and of course 
Mr. May's earlier argument against it.  A few more comments.


Both analyses (all analyses I've seen) ignore this little fun fun 
tidbit below:

<--QUOTE-->

(a) AMENDMENT TO EXPORT ADMINISTRATION ACT OF 1979. -- Section 17 of
the Export Administration Act of 1979 (50 U.S.C. App. 2416) is amended
by adding at the end thereof the following new subsection: 

"(1) GENERAL RULE.--Subject to paragraphs (2), (3), and (4), the
Secretary shall have exclusive authority to control exports of all
computer hard ware, software, and technology for information security
(including encryption), except that which is specifically designed,
or modified for military use, including command, control, and
intelligence applications. 

"(2) ITEMS NOT REQUIRING LICENSES. -- No validated license may be
required, EXCEPT PURSUANT TO THE TRADING WITH THE ENEMY ACT OR THE
INTERNATIONAL EMERGENCY ECONOMIC POWERS ACT (but only to the extent
that the authority of such Act is not exercised to extend controls
imposed under this Act), for the export or reexport of 

....

(b) CONTINUATION OF EXPORT ADMINISTRATION ACT.-For purposes of
carrying out the amendment made by subsection (a), the Export
Administration Act of 1979 shall be deemed to be in effect.

<--/QUOTE-->

{emphasis added, EXCEPT....ACT}



The Trading with the Enemy Act was passed in 1917 and amended
(importantly) in 1933 (Great Depression, New Deal).  Originally, it
was intended to simply declare that when the nation was at war, it
was total war - the US would not honor any obligations or respect
any rights of citizens of enemy, warring countries.  It specifically
allowed the president to regulate as he wished, during wartime, the
assets and fiscal transactions conducted by an enemy country. 
(Confiscation and all that).  Fair enough, for a WWI era law.

Here how it read.  Recall, this is during a declared war only.

"That the President may investigate, regulate, or prohibit, under
such rules and regulations as he may prescribe, by means of licenses
or otherwise, any transactions in foreign exchange, export or
earmarkings of gold or silver coin or bullion or currency, transfers
of credit in any form (other than credits relating solely to
transactions to be executed wholly within the United States)". 


In 1933 it was amended, hastily, sneakily, back-door-ily, in order
to grant incoming President Roosevelt extraordinary powers over the
money supply of the nation.  It was amended to declare all citizens
of the United States to be "enemies", under its power during any
time of war *or national emergency*.  That is, the "Trading with the
Enemy" act now applied to all citizens of the US and all of their
interpersonal transactions.  Roosevelt declared a national
emergency, and took the country off the gold standard, pumping cash
into the system and ending the depression.  But doing so required
power not earlier available.

Thus the new wording below.  This is now during war *or national 
emergency declared by the president*.

"through any agency that he may designate, or otherwise, investigate,
regulate or prohibit under such rules and regulations as he may
prescribe by means of licenses or otherwise, any transactions in
foreign exchange, transfers of credit between or payments by banking
institutions as defined by the President and export, hoarding,
melting or earmarking of gold or silver coin or bullion or currency
by any person within the United States or anyplace subject to the
jurisdiction thereof." 


Roosevelt of course declared a national emergency and proceeded on 
his way.  However, he declared it in such a way as to make it 
continue until revoked.  This country remains in a state of emergency 
today, and will do so forthe foreseeable future, and the President 
retains the extraordinary powers intended solely for wartime.

These include the total ability to regulate commerce in the United 
States.

I recommend Michael Froomkin's excellent (and lengthy) article on the 
subject at 
http://www.law.miami.edu/~froomkin/articles/planet_clipper.htm.

Although about the Clipper chip, if you go about 60% through the 
article he has a solid discussion of the EAA, IEEPA and the 
presidential power thereunder.  It's 50 U.S.C. Sec. 1701 and 
following.  Section 1702 there has the meat of it.

This Act allows the President, once he has declared a state of 
emergency, to regulate essentially any commerce with another nation, 
except those items directly identified as "speech" - magazines, 
papers, etc.

President Clinton has twice declared a state of emergency regarding 
export control regulations, the latest on August 15, 1996.


Mr. Seiger, Mr. Davidson, I hope that you merely did not understand
the giant, drive-a-truck-through loophole present in this SAFE bill.
By guaranteeing free export EXCEPT pursuant to whatever actions are
taken under the IEEPA or Trading with the Enemy Act, it guarantees
absolutely nothing at all.  Those laws combined provide the President
with complete power to regulate the sale or export of crypto,
anywhere.  This law, Mr. Davidson's assertions notwithstanding,
gives nothing at all while taking a great deal.

Every "right" the SAFE act grants is already possessed.  The law 
also poses severe penalties for using crypto in furtherance of a 
crime.  As an example, I call Crook 2 on my cell phone while 
cruising down the street.  It is later determined that we were 
plotting a bank heist.  Extra five years for using encryption to 
further my crime.  Yep, just a plain old cell phone.  For that 
matter, almost all cordless phones today use an encrypt/decrypt 
routine for their transmissions as well.

Anyone using PGP on their computer?  Crime involved at least one 
email sent for any reason?  Extra five years.  This will hardly 
support the spread of encryption.

It gives law enforcement guaranteed access to keys: an awful
precedent.  Any law enforcement officer or investigative officer
(attornies prosecuting a case) who is empowered to prosecute or
participate in the prosecution of offenses under this act may compel
disclosure of keys.  All one needs is an escrow provision to ensure
that such a key is available for the government to retrieve - and
such a provision is perfectly legal for the president to impose. 
Thus, an FBI agent, who is "empowered" to investigate crimes under
this act, can compel disclosure, by a third party, of your keys -
without cause to even believe an offense has actually been
committed.  Without judicial review.  This will further the spread
of strong crypto?


I freely admit I'm not an expert US export control law, which is
designed to be confusing.  But I believe that all of the privacy and
crypto organizations which have signed on to SAFE are being sold a
bill of goods, a law which says in bold letters "freedom" "freedom"
"prohibition" but provides no freedoms, and does not prohibit key
escrow in any fashion.  I urge you _most strongly_ to consult with
legal experts on these matters and verify that what I have said is
true.  THIS BILL GIVES NOTHING AT ALL AND MAKES USE OF CRYPTO WORTH
FIVE YEARS IN PRISON.  Continued support of this bill by privacy and
crypto advocates is outrageous.  Newsletters supporting this bill by
such organizations have the effect of perpetuating the false
impressions of what this law does and does not do, and need to be
immediately brought in line with reality.  While I am only cc'ing
CDT reps on this matter, I give free permission to forward this post
to any/all other crypto and privacy supporting organizations or
listservs for comment.


-- Michael Sims







Thread