From: Ernest Hua <hua@chromatic.com>
To: cypherpunks@toad.com
Message Hash: 86fae77220e133e42950d57de248a957eabedaf2b38046881f2f140670714313
Message ID: <199708072032.NAA20409@ohio.chromatic.com>
Reply To: N/A
UTC Datetime: 1997-08-08 07:57:56 UTC
Raw Date: Fri, 8 Aug 1997 15:57:56 +0800
From: Ernest Hua <hua@chromatic.com>
Date: Fri, 8 Aug 1997 15:57:56 +0800
To: cypherpunks@toad.com
Subject: Export Tax vs ITAR as a compromise ...
Message-ID: <199708072032.NAA20409@ohio.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain
How about this as a political compromise ...
1. Allow any export of crypto.
2. Tax crypto exports heavily, say 25% or something
like that, unless key recovery (or some other
GAK-ish feature) is part of the product. For
instance, structuring the taxes so that ...
GAK-only products get taxed 0%
GAK-optional products get taxed 20%
non-GAK products get taxed 25%
3. Give this revenue upside to the FBI/CIA/NSA/NRO.
Internet commerce products alone would bring in shit
loads of revenue for these agencies. And, as a
side-benefit for these agencies, many companies will
opted for GAK just for export tax reasons.
This, of course, will not please the crypto-purists,
but crypto is just one of many areas where the
government is feeling like it is losing control. And
while that attitude is just infantile, we have to be
realistic about those very human people and very human
organizations who have a tough job to do. As much as I
hate ITAR, I feel really bad for the NSA.
----
1. Fundamentally, I only oppose ITAR on First
Amendment grounds: I should be able to write any
program I can type, and I should be able to give that
program out. This is computer speech, but it sure is
speech. Therefore, my personal interest is to perserve
that freedom. (If I happen to write a book about
dangerous chemicals or explosives [write crypto code],
why should I be held criminally liable if a terrorist
buys my book [downloads my source code] or steals it
from a library [intercepts an E-Mail containing the
sources].)
2. My guess is that the NSA has NOT really advanced
the state of the art of crypto much. I suspect they
have capabilities that are maybe one or two orders of
magnitude (in terms of art, not pure bruteforce
resources) ahead of us common folks, but we can crank
up the computational complexity without a wink, and
then, they are just helpless. One particular
rumoroid/factoid worth keeping in mind is that they
have succeeded in the past, not just by being smarter,
but also by dumbing-down everyone else. Sooner or
later, that part of the strategy will no longer work.
3. There is something to be said for controlling
export and import of products when the rest of the
world is not using a economic system quite like ours.
There is also something to be said for controlling
export of products that might reduce our national
strategic advantage (whatever that means).
Of course, there is also self-delusion, and, if I were
to assume the FBI/NSA is being completely honest,
self-delusion is what they seem to be falling back on.
I mean, REALLY now, if you can't control huge cabinets
of supercomputers (oops ... I guess they are just
desktop pizza boxes now, aren't they?), how are you
going to control bits?
Ern
Return to August 1997
Return to “Steve Schear <azur@netcom.com>”