From: Declan McCullagh <declan@well.com>
Date: Fri, 26 Sep 1997 07:05:57 +0800
To: Tim May <tcmay@got.net>
Subject: Why no version of SAFE removes export ctrls, and all are dangerous
In-Reply-To: <19970925193213.21630.qmail@hotmail.com>
Message-ID: <v03007809b05099a2e7c7@[168.161.105.141]>
MIME-Version: 1.0
Content-Type: text/plain



Tim writes below that SAFE doesn't get rid of export controls. That's true,
even before it's compromised to death. I've attached below my column on
SAFE I wrote in June...

This is just one reason why no new laws are better than bad new laws.

-Declan

***************

At 14:17 -0700 9/25/97, Tim May wrote:
>At 12:32 PM -0700 9/25/97, J. Random Hotmail User wrote:
>
>>Without the export restrictions we would see much more crypto sold
>>and used inside the US.  I'll bet there are lots of cypherpunks who
>>are holding off releasing crypto tools because of these laws.  Look
>>at the guy who said he had to go to Canada to release his crypto.
>>And he had to stop thinking about it when he was in the US.  This
>>is crazy.
>
>Yes, it's crazy, but SAFE doesn't fix this in any meaningful way.
>
>We can ask Ian Goldberg, the guy you refer to, if the enactment of SAFE
>would cause him to develop software in the U.S. Remember, SAFE does not
>give carte blanche to crypto exports. Rather, it speaks of whether or not
>similar products already can be found elsewhere (thus indicating export
>review will happen, with all that that implies) and it further gives
>authority to deny exports if "substantial evidence" exists that the product
>is or could be used by the Bad Guys for Evil Puposes. (Cf. the full text of
>H.R. 695 at http://www.cdt.org/crypto/legis_105/SAFE/hr695_text.html, and
>remember that amendments are being added to it.)
>
>This latter authority to block exports suggests NSA/State vetting of all
>exports. Meaning, things really haven't changed.
>
>All it would take is a letter stating that there is "substantial evidence"
>that Ian's product may be "diverted" for use by those the U.S. doesn't
>like.
>
>Well, duh, we're where we are today on exports.
>
>So, will Ian, or C2Net, or others, launch software development here and
>just sort of hope that when the time comes to apply for an export license
>that the conditions above are met? First, that the BXA/NSA/etc. rules that
>similar products are already available. Second, that the product will not
>be used by Hamas, a group the U.S. calls a terrorist group, or the Cali
>Cartel, or the Irish Republican Army, or the armies of Iraq? Think about
>it, given that Hamas is already using PGP 5.0 to fight the Zionist
>occupiers in Palestine.
>
>Would PGP 5.0 receive an export license? Even under SAFE?
>
>Would a product designed to implement Chaumian untraceable cash, a la some
>of the work on Lucre and the like, receive export approval? Even under SAFE?


http://cgi.pathfinder.com/netly/opinion/0,1042,1022,00.html

The Netly News Network
June 5, 1997

Mr. Gates Goes to Washington
by Declan McCullagh (declan@well.com)


                    For Siliconaires like Bill Gates of Microsoft, Eric
                    Schmidt of Novell and Jeff Papows of Lotus, Washington
                    is a city made pleasant by absence. They view its
                    labyrinthine bureaucracies and hidebound institutions as
                    something between a minor hindrance and an
                    insurmountable obstacle to the important business of
                    making profits, not public policy. So it was no surprise to
                    see the high-tech trio join seven other executives
yesterday
                    at the National Press Club to rail against the Clinton
                    administration's restrictions on overseas sales of
                    encryption products.

                         This Billionaire Boys' Club was especially keen on
                    praising two bills that would generally relax export rules.
                    "We clearly support the House and the Senate bills that are
                    on the Hill in their original form. Getting reform done now
                    is a huge priority for all of us," said one. "There are
bills
                    in the House and the Senate that are totally
acceptable, and
                    if those bills are passed they'd solve the problem,"
another
                    added.

                         But perhaps Bill Gates should have spent less time
                    writing BASIC interpreters and more time in civics
                    classes, because these bills are far from perfect. In fact,
                    they may be downright dangerous.

                         "Please, do no harm here. Let's keep what we won,"
                    says Cindy Cohn, one of the lawyers mounting an
                    EFF-sponsored court challenge to the White House's
                    export rules. So far that effort has been successful: A
                    federal judge ruled last December that the line-by-line
                    instructions in a computer program are "speech" and
                    restrictions on overseas shipments violate the First
                    Amendment.

                         Cohn argues that both Rep. Bob Goodlatte's (R-Va.)
                    SAFE bill and Sen. Conrad Burns' (R-Mont.) ProCODE
                    bill could do more harm than good. She says they might
                    not even help her client, a university professor who wants
                    to discuss encryption without going to jail. "What effect
                    would SAFE or ProCODE have? Either none or a
                    detrimental one," Cohn said on Monday at a conference
                    organized by the Electronic Privacy Information Center.
                    (A Burns spokesperson responded by saying any
                    problems could be addressed after the bill leaves the
                    Commerce Committee and moves to the Senate floor.)

                         This might seem like a lot of high-powered debate
                    over an obscure subject, but the argument boils down to a
                    conflict between pragmatism and principle. Will Congress
                    decide to help out Bill Gates at our expense? Sure,
                    removing export controls completely would benefit
                    everyone, but SAFE doesn't go that far: Only software
                    "that is generally available" overseas may be exported.
                    Which means if I invent a new data-scrambling method
                    that nobody overseas has developed, I'm screwed. SAFE
                    also creates a new federal felony if you use crypto in a
                    crime. Cypherpunks have criticized the measure, saying
                    that when crypto starts to appear in products from light
                    switches to doorknobs, Congress might as well put you in
                    jail if you breathe while committing a crime. Then there's
                    ProCODE, which sets up a new federal
                    crypto-bureaucracy -- hardly a reassuring thought.

[...]

                      some veteran Washington lawyers
                    warn that the proposals in Congress will not nullify the
                    export rules. "Because the language of the SAFE act
                    doesn't track the language of the executive order and the
                    [Commerce Department regulations], which of course they
                    couldn't anticipate, there's substantial wiggle room
left for
                    the government to maintain some controls. The bills may
                    not have the desired effect in the long run," says Roszel
                    Thomsen, a partner at the Thomsen and Burke law firm.

                         "There's room for someone to completely rewrite a
                    bill that starts from the provision that all source code is
                    speech -- then squarely roll back the most onerous
                    provisions from the administration's executive order last
                    November and track the current laws to eliminate the
                    wiggle room," Thomsen says. "But I don't think there's
                    the willpower to do that."

                         If that willpower doesn't exist, then perhaps
                    Congress shouldn't pass either SAFE or ProCODE. No
                    legislation is better than bad law, especially when court
                    challenges are moving forward -- and don't bring with
                    them nasty side effects. We shouldn't have to give up
                    some freedoms to gain others. If Congress doesn't have
                    the courage to do the right thing, it's better they do
nothing
                    -- even if Bill Gates prefers otherwise.

[...]


-------------------------
Declan McCullagh
Time Inc.
The Netly News Network
Washington Correspondent
http://netlynews.com/