1997-09-03 - Re: Things we should be working on…

Header Data

From: iang@cs.berkeley.edu (Ian Goldberg)
To: cypherpunks@cyberpass.net
Message Hash: e3b3e51c123cfc8894cba07c6e497e75fdfee44e4406d48c31d48b538b4317f6
Message ID: <5uk1uc$jso$1@abraham.cs.berkeley.edu>
Reply To: <v03102811b032245d2d79@[207.167.93.63]>
UTC Datetime: 1997-09-03 16:25:00 UTC
Raw Date: Thu, 4 Sep 1997 00:25:00 +0800

Raw message

From: iang@cs.berkeley.edu (Ian Goldberg)
Date: Thu, 4 Sep 1997 00:25:00 +0800
To: cypherpunks@cyberpass.net
Subject: Re: Things we should be working on...
In-Reply-To: <v03102811b032245d2d79@[207.167.93.63]>
Message-ID: <5uk1uc$jso$1@abraham.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain



In article <199709022216.XAA00915@server.test.net>,
Adam Back  <aba@dcs.ex.ac.uk> wrote:
>
>Tim May <tcmay@got.net> writes:
>> One more question. Could you tell us which things you are talking about
>> here, which things you returned to Canada to implement?
>
>I can't see that export controls are much of a big deal for freeware
>cypherpunk software ... just publish it on a US site with whatever
>access controls you fancy.  It'll make it's way out of the country in
>a few minutes and end up on replay.com, or one of the automated
>mirrors of export control sites at ftp://idea.sec.dsi.unimi.it/pub/ or
>where ever.
>
>It's not as if you're trying to sell it, or are a corporation worrying
>about stepping on toes at NSA Inc. 
>
>> If you are actually going to Canada to release products, this might be even
>> more interesting than either the Junger or Bernstein cases. Of course, if
>> you discuss this openly, you may be inviting repercussions.
>
>Just release it in the US.  Lets someone else do the export.

I'm not primarily talking about _products_, here; I'm not selling stuff.
I'm just trying to publish!  Part of my research (which focuses on computer
security) involves (surprise) building secure systems or breaking insecure
ones.  Where this involves cryptography or cryptanalysis, I am prohibited
from publishing these systems on the Net, from my homepage (and I don't
_want_ to put access control on my homepage).

To answer Tim: for example, when I was in Canada last, I wrote Top Gun ssh
(secure shell for the Pilot) from the ground up.  It would be hard to
understand how this could be a violation of US export regs, when nothing
involved ever _entered_, let alone was _exported_ from, the US.

I do understand that US citizens and Permanent Residents are prohibited
from giving crypto to foreigners even when they are outside of the US,
but I'm neither of those.  The BXA _could_ try the old "let's tax all
foreigners living abroad" tactic, of course...

   - Ian






Thread