ITARs Worked for 3 days 4 hours!!
James R Ebright
and 4 hours judging from the difference in times between Shiller's
PGPfone posting and the announcement that it is available for import
from Europe...
Ah...for 3 days the NSA thought the world was a safer place ;)
And now, according to Professor Denning, we face ruination because
Drug Overlords will swamp our telcos with impunity because they
need have no fear about Big Brother.
Sometimes I wish social issues could be handled as well as technical
issues...
--
A/~~\A 'moo2u from osu' Jim Ebright e-mail: ebr...@bronze.coil.com
((0 0))_______ "'Eternal Vigilance Is The Price of Liberty' used to mean
\ / the \ we watched the government - not the other way around."
(--)\ OSU | - Bill Stewart, AT&T
IT Systems - UK
Bearing in mind that the USA has an internal drug distribution market which
is probably bigger than any other "narcotics consumer" state, even if ITAR
had worked for ever - the criminals inside the USA would still be safe from
detection by phone tapping!
With the failure of ITAR, at least we are all in the same boat. I am sure
that the Dept. of Justice supports this since it traditionally opposes
monopolies.
Regards,
IT Systems
David Sternlight
jebr...@magnus.acs.ohio-state.edu (James R Ebright) writes:
>The ITARs kept the world safe from US supplied crypto for 3 days
>and 4 hours judging from the difference in times between Shiller's
>PGPfone posting and the announcement that it is available for import
>from Europe...
>
>Ah...for 3 days the NSA thought the world was a safer place ;)
I see. So because there are murders you think we should repeal the laws
against murder?
David
James R Ebright
Non-Sequitur.
The point being made, in part, was Professor Denning stated,
if the government can't tap everyone's phone calls, these
systems "would become sanctuaries for criminality"
(stated in her ACM article "To Tap or Not TO Tap").
And "the ability of law enforcement to prevent serious
and often violent criminal activity" would be greatly diminished...
Her worst fears have been realized. So have the NSA's. Will the sun
bother to rise tomorrow?
I guess we should all flee to France where crypto usage (unregistered)
is illegal and thus the country is obviously a much safer place.
;-)
Tim May
>The ITARs kept the world safe from US supplied crypto for 3 days
>and 4 hours judging from the difference in times between Shiller's
>PGPfone posting and the announcement that it is available for import
>from Europe...
Less than a day, actually. The MIT announcement was made on Friday, and I got
my copy of PGPfone from a posting to "alt.anonymous.messages" on Saturday
morning.
I saw a notice on the Cypherpunks list on Saturday, the morning after the MIT
release. It said that someone had used an anonymous remailer to post a
BinHexed version to "alt.anonymous.messages" and a few other groups.
That's where I got it. Note that alt.anonymous.messages has a worldwide
distribution, so export effectively happened within about 18 hours (give or
take) of the announcement of availability on the MIT system.
By the way, I got it from alt.anonymous.messages because the MIT site autobot
that responded to my "I will not export crypto blah blah" Web form pledge could
not determine from my domain name (tc...@got.net) if I was in the U.S. or
Canada. It invited me to send a note to Jeff Schiller explaining where "got.net"
is located (whatever that implies....). Which I did. Then Jeff's autobot responder
said he could not promise to look at mail on this topic for several weeks! I
wanted to demo PGPfone at my "Cypherpunks Santa Cruz" party that night (last
Saturday, the 26th), so I was out of luck.
Until the alt.anonymous.messages posting saved me. And it came with none of
those "I will not export this" promises being made, so I am free now to export
it as I wish. (I haven't, but a visitor from Sweden was at my party, and we all
got a good laugh at the utter unenforceability of ITARs.)
--Tim May
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
tc...@got.net (Got net?) | anonymous networks, digital pseudonyms, zero
408-728-0152 | knowledge, reputations, information markets,
Corralitos, CA | black markets, collapse of governments.
Higher Power: 2^756839 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."
David Sternlight
jebr...@magnus.acs.ohio-state.edu (James R Ebright) wrote:
>In article <david-02099...@192.0.2.1>,
>David Sternlight <da...@sternlight.com> wrote:
>>In <42090d$g...@charm.magnus.acs.ohio-state.edu>,
>>jebr...@magnus.acs.ohio-state.edu (James R Ebright) writes:
>>>
>>>Ah...for 3 days the NSA thought the world was a safer place ;)
>>
>>I see. So because there are murders you think we should repeal the laws
>>against murder?
>
>Non-Sequitur.
Not at all. The point I took and responded to was that since ITAR didn't
prevent some exports it was useless.
That makes no more sense than to argue that any other law that was
sometimes violated was useless. I gave murder as a pretty obvious reductio
ad absurdum.
But more to the point, we've been through this repeatedly in the context
of the needle in the haystack argument.
David
Iolo Davidson
da...@sternlight.com "David Sternlight" writes:
> In article <42bpre$f...@charm.magnus.acs.ohio-state.edu>,
> jebr...@magnus.acs.ohio-state.edu (James R Ebright) wrote:
>
> >In article <david-02099...@192.0.2.1>,
> >David Sternlight <da...@sternlight.com> wrote:
> >
> >>In <42090d$g...@charm.magnus.acs.ohio-state.edu>,
> >>jebr...@magnus.acs.ohio-state.edu (James R Ebright) writes:
> >>>
> >>>Ah...for 3 days the NSA thought the world was a safer place ;)
> >>
> >>I see. So because there are murders you think we should repeal the laws
> >>against murder?
> >
> >Non-Sequitur.
>
> Not at all. The point I took and responded to was that since ITAR
> didn't prevent some exports it was useless.
And it is. The fact that you cannot prevent all murders does not
make it a waste of time to try to prevent some, and to punish
murderers to dissuade others. BUT the same principle does not
apply to ITAR regs, because you only need one ITAR "murderer" to
"murder" everyone in the world.
It only needs one copy to get out, and it can be reproduced
exactly as many times as anyone thinks useful, for next to no
cost. So what possible deterent value has this law got?
Particularly as data is the easiest thing to smuggle that there
is.
> That makes no more sense than to argue that any other law that was
> sometimes violated was useless.
ITAR is different than other laws. Even the drug laws have some
hope of reducing the amount of drugs available; ITAR has no hope
at all of reducing the spread of cryptography.
> I gave murder as a pretty obvious reductio ad absurdum.
It was indeed absurd, but not in the way you meant.
> But more to the point, we've been through this repeatedly in
> the context of the needle in the haystack argument.
The haystack argument has been comprehensively refuted several
times, including in my column in SECURE Computing (hope you don't
mind being called a "Net personality").
For those who have missed the earlier refutations in this group,
the haystack argument only holds water while there is little
encryption of any kind in use. As soon as clipper or whatever
is used in a big way, the haystack will become enormous. PGP
users will simply wrap their own strong encryption in the
escrowed stuff, and it will disappear from view. The authorities
will only be able to see it if they have already got a warrant
for the escrowed keys, and they still won't be any more able to
break it than they are now. The US government is sanctioning
this haystack, so the idea that the haystack argument makes ITAR
regs sensible is contradicted by the government's own actions.
The only way that it makes sense is if clipper/whatever is the
only encryption legally allowed, so that the mere discovery that
you have used something better will be enough to put you in goal.
Even then, the haystack argument fell over when the government
sanctioned escrowed encryption. It cannot be a sensible reason
for continuing the ITAR regs, so we have to look for another
reason, which to me is obvious. They are being kept as a
foothold for outlawing the *use* of strong encryption.
--
SAID JULIET WON'T SHAVE
TO ROMEO GO HOMEO
IF YOU Burma-Shave
David Sternlight
>Until the alt.anonymous.messages posting saved me. And it came with none of
>those "I will not export this" promises being made, so I am free now to export
>it as I wish. (I haven't, but a visitor from Sweden was at my party,
and we all
>got a good laugh at the utter unenforceability of ITARs.)
>
I know you know better.
The ITAR (leaving aside whether Phil will be prosecuted and that will
compel caution) s honest citizens from overtly violating the law. Thus
they are very effective in preventing Microsoft from exporting transparent
secure crypto in every copy of Word; preventing Lotus from doing the same
in Notes.
This means there are a gazillion messages overseas that are in plaintext
which might otherwise be encrypted with at least a "difficult" level of
encryption. This is, I suggest, quite valuable to the intelligence
community.
If you were to ask the intelligence folks about this they'd tell you that
the above is worth the "price" of ITAR's inconvenience to, and possible
lost sales to the US software industry. Since we can't know what "take"
they've gotten from this, we can either take their word for it or reject
it. On the basis of past history which _has_ become known, I take their
word. Others may refuse. That's what makes difference of opinion in a
democracy and those who refuse may seek remedies through Congress or the
Courts if they wish.
There are many laws on the books whose purpose is to keep undesired
behavior down, not to eliminate it absolutely. In fact I suggest most laws
are of this character.
The only way to eliminate overtime parking entirely is to make it a
capital offense and wait for natural selection to take its course. You'd
be surprised how many who are executed for crimes do not become repeat
offenders. :-)
David
Iolo Davidson
> If you were to ask the intelligence folks about this they'd tell you that
> the above is worth the "price" of ITAR's inconvenience to, and possible
> lost sales to the US software industry.
It is always going to be worth it to them, even if it is
worthless, since they don't have to pay the cost themselves. The
"haystack" argument does not come into this if you accept the use
strong escrowed encryption (which the government does).
> There are many laws on the books whose purpose is to keep undesired
> behavior down, not to eliminate it absolutely. In fact I suggest most laws
> are of this character.
But ITAR can't keep "undesired" behavior down, because it only
takes one illicit export to supply the entire world and obviate
ITAR completely.
> The only way to eliminate overtime parking entirely is to make it a
> capital offense and wait for natural selection to take its course. You'd
> be surprised how many who are executed for crimes do not become repeat
> offenders. :-)
I am puzzled as to why you have appended a smiley to a
description of a police state.
Christopher A Stoner
Iolo Davidson <io...@mist.demon.co.uk> wrote:
[Snip]
|And it is. The fact that you cannot prevent all murders does not
|make it a waste of time to try to prevent some, and to punish
|murderers to dissuade others. BUT the same principle does not
|apply to ITAR regs, because you only need one ITAR "murderer" to
|"murder" everyone in the world.
|
|It only needs one copy to get out, and it can be reproduced
|exactly as many times as anyone thinks useful, for next to no
|is.
The difference is that ITAR (at least the section regarding cryptography)
attempts to restrict the export of information, rather than restricting deeds
or physical products. It is difficult for even authoritarian regimes to bottle
up the dissemination of information, for a large democratic country it is
nearly impossible. As Iolo correctly points out, it only takes a single person
to begin the proliferation of information.
-Chris. (sto...@cs.buffalo.edu)
http://www.cs.buffalo.edu/~stoner
David Sternlight
>In article <david-03099...@192.0.2.1>
> da...@sternlight.com "David Sternlight" writes:
>
>> In article <42bpre$f...@charm.magnus.acs.ohio-state.edu>,
>> jebr...@magnus.acs.ohio-state.edu (James R Ebright) wrote:
>>
>> >In article <david-02099...@192.0.2.1>,
>> >David Sternlight <da...@sternlight.com> wrote:
>> >
>> >>In <42090d$g...@charm.magnus.acs.ohio-state.edu>,
>> >>jebr...@magnus.acs.ohio-state.edu (James R Ebright) writes:
>> >>>
>> >>>Ah...for 3 days the NSA thought the world was a safer place ;)
>> >>
>> >>I see. So because there are murders you think we should repeal the laws
>> >>against murder?
>> >
>> >Non-Sequitur.
>>
>> Not at all. The point I took and responded to was that since ITAR
>> didn't prevent some exports it was useless.
>
>And it is. The fact that you cannot prevent all murders does not
>make it a waste of time to try to prevent some, and to punish
>murderers to dissuade others. BUT the same principle does not
>apply to ITAR regs, because you only need one ITAR "murderer" to
>"murder" everyone in the world.
Nope. Despite the leaks of PGP, RIPEM, etc., the massive use of Microsoft
Word and Lotus Notes outside the US is still unencrypted, and is likely to
continue to be so for the indefinite future.
>ITAR is different than other laws. Even the drug laws have some
>hope of reducing the amount of drugs available; ITAR has no hope
>at all of reducing the spread of cryptography.
As we've discussed many times, it's not the niche spread that's the issue,
but the mass spread which converts the millions of daily foreign messages
en clair into hard-encrypted traffic. It still hasn't happened nor is it
likely to as long as products such as Microsoft Office, Lotus Notes, etc.
have a decisive advantage in non-crypto areas--the main reason most buy
them.
>> But more to the point, we've been through this repeatedly in
>> the context of the needle in the haystack argument.
>
>The haystack argument has been comprehensively refuted several
>times, including in my column in SECURE Computing (hope you don't
>mind being called a "Net personality").
I've not seen it refuted yet.
>
>For those who have missed the earlier refutations in this group,
>the haystack argument only holds water while there is little
>encryption of any kind in use. As soon as clipper or whatever
>is used in a big way, the haystack will become enormous. PGP
>users will simply wrap their own strong encryption in the
>escrowed stuff, and it will disappear from view. The authorities
>will only be able to see it if they have already got a warrant
>for the escrowed keys, and they still won't be any more able to
>break it than they are now. The US government is sanctioning
>this haystack, so the idea that the haystack argument makes ITAR
>regs sensible is contradicted by the government's own actions.
This refutes nothing. It's the mass of cleartext traffic that's still
useful, and as long as mass applications like Office, Notes, etc. don't
contain hard crypto overseas because ITAR prevents it, this traffic will
continue to be available and accessible to the search of that haystack for
needles. The volumes are enormous, and any separate use of Tessera or
subsequently approved software crypto won't make a dent. Neither will
Clipper--most voice traffic is, and will remain unencrypted.
The thing I think the NSA is fighting against is the possibility that
"hard" crypto will be transparently embedded in mass market products such
that almost all traffic currently en clair will be routinely encrypted.
It's true that a some messages might be denied under the conditions you
mention, but I think mass scanning isn't designed to get _that_ traffic
anyway. Direct means are more useful for such traffic, and such messages
of interest are likely subjected to very strong attacks. In fact, mass
screening which as a by-product picks up attempts to "beat the system"
might provide a useful set of flags for other kinds of more direct
attention and the application of strong cryptanalytic resources, if
collateral information warrants it. A "kick me, I'm wearing iron pants"
sign is always a bad idea. You might get tripped, or punched in the mouth
instead. Someone might even try to rust you to death.
Claiming that individuals might superencrypt, etc. focusses on the wrong
problem with respect to the value of ITAR. That is--there will always be
ways to try to beat it. The NSA must know that perfectly well, and that's
not what ITAR is for.
Further there are lots of ways (we had some papers on that at Crypto) to
prevent such superencryption from being used with robust escrow systems.
Finally, if the NSA were monitoring foreign Clipper traffic with the keys
(not needing a court order for same), they'd spot such superencryption at
once and it would be yet another "kick me" sign, not a concealment.
>
>The only way that it makes sense is if clipper/whatever is the
>only encryption legally allowed, so that the mere discovery that
>you have used something better will be enough to put you in goal.
As you can see from the above, I don't accept the argument that Clipper is
intended to be "perfect" and thus don't accept the conclusion that since
it has to be perfect other crypto must be banned.
>Even then, the haystack argument fell over when the government
>sanctioned escrowed encryption.
Why? There's still tons of en clair traffic making up the haystack. Not
all needles will be encrypted--in fact most which mass search seeks will
probably not be. Remember the haystack take is, one assumes, feeding into
intelligence analysts, not prosecutors. The stuff going into prosecutors
comes, one assumes, from a wide variety of other sources, as well as the
committment of very strong cryptanalytical resources to targeted traffic,
rather than mass search.
> It cannot be a sensible reason
>for continuing the ITAR regs, so we have to look for another
>reason, which to me is obvious. They are being kept as a
>foothold for outlawing the *use* of strong encryption.
This has not been shown by your arguments. What's more, the US government
has repeatedly made statements to the contrary as far as domestic US
policy.
Thus it reads to me like paranoia, not analysis. Now I think a good
healthy paranoia is probably useful in civil liberties matters, but it
must be confronted by logic and analysis. It should be a "heads up" not a
conclusion or an attempt at proof by assertion. I think you've done a fair
job of setting such a context for considering this issue, but your
arguments don't seem to me to withstand scrutiny.
Best;
David
Iolo Davidson
> >> Not at all. The point I took and responded to was that since ITAR
> >> didn't prevent some exports it was useless.
> >
> >And it is. The fact that you cannot prevent all murders does not
> >make it a waste of time to try to prevent some, and to punish
> >murderers to dissuade others. BUT the same principle does not
> >apply to ITAR regs, because you only need one ITAR "murderer" to
> >"murder" everyone in the world.
>
> Nope. Despite the leaks of PGP, RIPEM, etc., the massive use of Microsoft
> Word and Lotus Notes outside the US is still unencrypted, and is likely to
> continue to be so for the indefinite future.
Sure, all the uninteresting stuff that people can't be bothered
to go the extra couple of inches to encrypt won't be strongly
encrypted (I thought Notes had some encryption? CC:Mail does).
The spooks can look at tonnes of that if they want. But the
sensitive stuff does not travel via Windows for Workgroups
and Lotus Notes.
Furthermore, as soon as the US Government mandated escrow
encryption is put into the mainline products, the strong
encryption the spooks want to see will be wrapped in it and they
won't even be able to look for it anymore without first getting a
court order (which would mean they already knew where it was).
> >ITAR is different than other laws. Even the drug laws have some
> >hope of reducing the amount of drugs available; ITAR has no hope
> >at all of reducing the spread of cryptography.
>
> As we've discussed many times, it's not the niche spread that's the issue,
> but the mass spread which converts the millions of daily foreign messages
> en clair into hard-encrypted traffic. It still hasn't happened nor is it
> likely to as long as products such as Microsoft Office, Lotus Notes, etc.
> have a decisive advantage in non-crypto areas--the main reason most buy
> them.
And the people who need strong encryption won't rely on them
(though they can wrap their strong encryption in a weakly or
escrowed encrypted envelope to hide in the "haystack".) ITAR
only affects the issue of concealment of interesting encrypted
messages amongst uninteresting encrypted ones, but commerce
needs good encryption, so the government is going to promote a
scheme that will itself destroy the possibility of monitoring
all encrypted traffic. There goes the haystack justification of
ITAR.
> >> But more to the point, we've been through this repeatedly in
> >> the context of the needle in the haystack argument.
> >
> >The haystack argument has been comprehensively refuted several
> >times, including in my column in SECURE Computing (hope you don't
> >mind being called a "Net personality").
>
> I've not seen it refuted yet.
There's no answer to that. I have seen the same points put to
you in this group a couple of times, once by me.
> >For those who have missed the earlier refutations in this group,
> >the haystack argument only holds water while there is little
> >encryption of any kind in use. As soon as clipper or whatever
> >is used in a big way, the haystack will become enormous. PGP
> >users will simply wrap their own strong encryption in the
> >escrowed stuff, and it will disappear from view. The authorities
> >will only be able to see it if they have already got a warrant
> >for the escrowed keys, and they still won't be any more able to
> >break it than they are now. The US government is sanctioning
> >this haystack, so the idea that the haystack argument makes ITAR
> >regs sensible is contradicted by the government's own actions.
>
> This refutes nothing. It's the mass of cleartext traffic that's still
> useful,
I doubt that it is useful. It is unencrypted because people
don't bother. If they have something sensitive to communicate,
they *will* bother. And the unencrypted traffic will disappear
(to the extent that you say it now is not encrypted because of
lack of encryption in mainstream software) when approved
encryption is adopted in the mainstream packages you mention.
> and as long as mass applications like Office, Notes, etc. don't
> contain hard crypto overseas because ITAR prevents it, this traffic will
> continue to be available and accessible to the search of that haystack for
> needles.
Government approved encryption schemes will destroy that
argument. You can't say ITAR prevents it while simultaneously
the government promotes strong escrowed systems, or even weak
systems. Both will act as concealment for strong crypto, and
the haystack has exploded.
> The volumes are enormous, and any separate use of Tessera or
> subsequently approved software crypto won't make a dent. Neither will
> Clipper--most voice traffic is, and will remain unencrypted.
Most traffic is of no use to law enforcement or spooks either.
The stuff that is will be encrypted. The haystack argument falls
down as soon as there is any substantial use of approved
encryption, because the unapproved kind will be wrapped in it.
Governments know that business needs strong encryption, and if
they don't get an escrowed system adopted, they will be
pre-empted. Either way, the haystack explodes.
> The thing I think the NSA is fighting against is the possibility that
> "hard" crypto will be transparently embedded in mass market products such
> that almost all traffic currently en clair will be routinely encrypted.
If they are fighting that, why promote an escrowed system which
can only be accessed with a court order? This is constructing
their own haystack. It will not stop the use of strong crypto,
only give it a wrapper. I think they know this perfectly well,
but can't do anything about it because business needs good
encryption. So, if they know the haystack is exploding anyway,
why cling to ITAR, and even strengthen it?
> It's true that a some messages might be denied under the conditions you
> mention, but I think mass scanning isn't designed to get _that_ traffic
> anyway.
Mass scanning won't get anything much once approved escrowed
crypto is in place in the mainstream software. It won't be able
to find the strong crypto wrapped in escrowed encryption either.
> Direct means are more useful for such traffic, and such messages
> of interest are likely subjected to very strong attacks.
Doesn't matter unless you believe that PGP is breakable in your
lifetime. I don't. If you mean other attacks than code
breaking, then the discussion has left the area of encryption.
> In fact, mass
> screening which as a by-product picks up attempts to "beat the system"
> might provide a useful set of flags for other kinds of more direct
> attention and the application of strong cryptanalytic resources, if
> collateral information warrants it.
Again, this doesn't matter unless you believe that PGP is
breakable in your lifetime. If there is a general belief that it
can be broken, something stronger will be developed. PGP itself
could be made much stronger for a small increase in processing
time. The only reason it hasn't been done is that the people who
know the most about it see no need.
And again, mass screening won't find strong crypto wrapped in
escrowed crypto.
> A "kick me, I'm wearing iron pants"
> sign is always a bad idea. You might get tripped, or punched in the mouth
> instead. Someone might even try to rust you to death.
This is the attitude that bothers me. Why should insisting on
privacy be considered to be "asking for it"? Reading my mail is
"asking for it".
You will only find unapproved crypto *after* getting a court
order for the escrowed keys when escrowed encryption is in place.
Or after breaking an approved commercial strength cipher.
At the moment, PGP usually travels bare; wrapping it will not
make it stand out more, but make it harder to find. The "kick
me" element is no greater than when it went bare.
> Claiming that individuals might superencrypt, etc. focusses on the wrong
> problem with respect to the value of ITAR. That is--there will always be
> ways to try to beat it. The NSA must know that perfectly well, and that's
> not what ITAR is for.
It is useless for any purpose. It stops mainstream software
producers from putting our choice of strong crypto into their
products, but the US government knows that such products need
strong crypto for legitimate business reasons, and is preparing
their own scheme. So the haystack is coming, regardless of ITAR.
This haystack idea would indeed be one thing that ITAR could
accomplish, except that the government itself will drive a coach
and horses through it. Not because it wants to, but because
encryption is needed for normal commerce.
> Further there are lots of ways (we had some papers on that at Crypto) to
> prevent such superencryption from being used with robust escrow systems.
Not incorporated into clipper though, were they?
How are you going to reconcile the use of such schemes with your
statement that the US government does not intend to outlaw
unapproved crypto? If they don't want to outlaw it, what is the
purpose of a scheme for preventing superencryption?
> Finally, if the NSA were monitoring foreign Clipper traffic with the keys
> (not needing a court order for same), they'd spot such superencryption at
> once and it would be yet another "kick me" sign, not a concealment.
First, what makes you think that they will get the keys for
foreign systems? Second, the "kick me" sign idea is nothing
extra over the use of bare PGP at the moment. They will just
have to dig through another layer to see it, once they have
distributed wrapper encryption to everyone. So it is still an
extra level of concealment, not an extra flag for their
attention.
> >The only way that it makes sense is if clipper/whatever is the
> >only encryption legally allowed, so that the mere discovery that
> >you have used something better will be enough to put you in goal.
>
> As you can see from the above, I don't accept the argument that Clipper is
> intended to be "perfect" and thus don't accept the conclusion that since
> it has to be perfect other crypto must be banned.
That isn't the argument. My argument is that the only way ITAR
makes any sense is if they intend to outlaw unapproved crypto.
It doesn't do them any good in stopping illicit export, and it
makes no difference to the legal export/haystack argument as they
are going to screw that concept themselves (or if they don't, it
will go anyway because of commercial pressures). This has
nothing to do with clipper being perfect.
> >Even then, the haystack argument fell over when the government
> >sanctioned escrowed encryption.
>
> Why? There's still tons of en clair traffic making up the haystack.
That there will still be a lot of traffic in clear doesn't matter
to the argument, which is about the amount of innocent encrypted
traffic they will have to deal with when looking for the stuff
they really want. Any reasonably good encryption adopted for a
substantial portion of commercial traffic will multiply the
current encrypted traffic by many times. And will be used as a
wrapper for strong crypto. As soon as a substantial amount of
the traffic is encrypted, using whatever system, your needle in
the haystack argument goes out the window.
> > It cannot be a sensible reason
> >for continuing the ITAR regs, so we have to look for another
> >reason, which to me is obvious. They are being kept as a
> >foothold for outlawing the *use* of strong encryption.
>
> This has not been shown by your arguments.
I didn't really expect you to accept it. I don't accept your
arguments either. Your explanations of ITAR's utility are
reaching further and further for less and less. How little
utility are you prepared to accept to justify the continued
existence of this law? It is costing the USA much more in image
problems alone than any good it is doing. You guys got laughed
at on UK national TV tonight.
> What's more, the US government
> has repeatedly made statements to the contrary as far as domestic US
> policy.
"We have no current plans" is not a statement to the contrary.
And by your own standards, the state cannot make any such
statement except by passing a bill into law and having it signed
by the president. There is no one who can believably say "We
will never do it".
> Thus it reads to me like paranoia, not analysis.
Paranoia is for motivation, not a form of reasoning. I certainly
know the difference, and use both in their proper places.
> Now I think a good
> healthy paranoia is probably useful in civil liberties matters, but it
> must be confronted by logic and analysis. It should be a "heads up" not a
> conclusion or an attempt at proof by assertion. I think you've done a fair
> job of setting such a context for considering this issue, but your
> arguments don't seem to me to withstand scrutiny.
This is because you are too willing to allow the spooks anything
they want. If you can see any possible tenuous benefit to them
for a draconian law that costs people their rights to privacy,
you are prepared to allow them to have it. My own inclination is
to allow the citizen to have any benefits that can be had by
removing a restriction which contributes essentially nothing to
their security. Both our viewpoints are thus biased, but in this
instance you are definitely grasping at straws.
Arno Schaefer
: Her worst fears have been realized. So have the NSA's. Will the sun
: bother to rise tomorrow?
;-)
: I guess we should all flee to France where crypto usage (unregistered)
: is illegal and thus the country is obviously a much safer place.
I am afraid that France actually _is_ a much safer place. But this is
definitely not due to crypto laws.
Arno
--
Arno Schaefer - Technische Hochschule Darmstadt, Fachbereich Informatik
scha...@rbg.informatik.th-darmstadt.de
The nice thing about Windows is - It does not just crash, it displays a
dialog box and lets you press 'OK' first.
Dean Ridgway
Iolo Davidson <io...@mist.demon.co.uk> wrote:
>If they are fighting that, why promote an escrowed system which
>can only be accessed with a court order? This is constructing
>their own haystack. It will not stop the use of strong crypto,
>only give it a wrapper. I think they know this perfectly well,
[...]
>Mass scanning won't get anything much once approved escrowed
>crypto is in place in the mainstream software. It won't be able
>to find the strong crypto wrapped in escrowed encryption either.
[...]
>You will only find unapproved crypto *after* getting a court
>order for the escrowed keys when escrowed encryption is in place.
All your arguments on this seem to imply that Clipper/Capstone is just
what the government says it is. If the past performance of our
government is any indication, I would be *VERY* much surprised if there
*WASN'T* a secret NSA back door in Clipper. The NSA probably already has
the Clipper back door programmed into their scanning software.
Just remember, if the government wants something like Clipper this badly
then its usually *BAD* for the Constitution and Bill of Rights.
/\-/\ Dean Ridgway | Two roads diverged in a wood, and I-
( - - ) InterNet rid...@peak.org | I took the one less traveled by,
=\_v_/= FidoNet 1:357/1.103 | And that has made all the difference.
CIS 73225,512 | "The Road Not Taken" - Robert Frost.
http://www.peak.org/~ridgwad/
PGP mail encouraged, finger for key: 28C577F3 2A5655AFD792B0FB 9BA31E6AB4683126
James R Ebright
>I would be *VERY* much surprised if there
>*WASN'T* a secret NSA back door in Clipper. The NSA probably already has
>the Clipper back door programmed into their scanning software.
No, they just take the ID, look it up in their database of keys, and
decrypt with the key. THEY ARE GIVEN ALL THE KEYS when the chips are
made...remember, they DON'T go to court to get them. They get them 'free'.
Don't make it more complicated than it is.
Iolo Davidson
> In article <810174...@mist.demon.co.uk>,
> Iolo Davidson <io...@mist.demon.co.uk> wrote:
>
> >You will only find unapproved crypto *after* getting a court
> >order for the escrowed keys when escrowed encryption is in place.
>
> All your arguments on this seem to imply that Clipper/Capstone is just
> what the government says it is.
I don't accept that this is going to be so in practice, it is
just a working hypothesis to allow me to argue another point with
Sternlight without bogging down in an argument about whether the
government is honest or not. My point in that argument is that
even accepting his views of benign government control, the ITAR
regs don't add up.
> If the past performance of our
> government is any indication, I would be *VERY* much surprised if there
> *WASN'T* a secret NSA back door in Clipper. The NSA probably already has
> the Clipper back door programmed into their scanning software.
I would have thought the safest way to do this is simply to have
their own copy of the key escrow. No need to use tricky
programming and risk someone noticing.
> Just remember, if the government wants something like Clipper this badly
> then its usually *BAD* for the Constitution and Bill of Rights.
I agree.
Steve Brinich
>Iolo Davidson <io...@mist.demon.co.uk> wrote:
>> If the past performance of our government is any indication, I would be
>>*VERY* much surprised if there *WASN'T* a secret NSA back door in Clipper.
>>The NSA probably already has the Clipper back door programmed into their
>>scanning software.
> I would have thought the safest way to do this is simply to have their own
>copy of the key escrow. No need to use tricky programming and risk someone
>noticing.
I think it probable that they did work up some sort of backdoor, as
insurance against the likelihood that somebody would eventually break
the tamper-proofing and reverse-engineer the chips.
--
Steve Brinich | We're investigating you | PGP 89B992BB
ste...@digex.net | to find out why | E67F7B2F64FD
GEnie: S.BRINICH | you don't trust the government | F2EA14374C3E
William Unruh
>Until the alt.anonymous.messages posting saved me. And it came with none of
>those "I will not export this" promises being made, so I am free now to export
>it as I wish. (I haven't, but a visitor from Sweden was at my party, and we all
>got a good laugh at the utter unenforceability of ITARs.)
Tim: You know better than to make a silly statement like this. The
restrictions on crypto export are NOT subject to any agreement on your
part. They are a condition of your living in the USA. (Ie, they are
criminal law not civil agreement law.) ITAR may be unenforceable and
silly in this specific context, but it is more serious than you take
it.
--
Bill Unruh
un...@physics.ubc.ca
Robert Mashlan
On 06 Sep 1995 02:26:45 GMT, Matthew....@comp.vuw.ac.nz (Matthew James Sheppard) said in article <MATT.95S...@circa.comp.vuw.ac.nz>:
>
>My question is, can the US reasonably expect Microsoft (or other
>quantity vendor) to produce both versions.
>
>Those in the software world know that this would be as easy as two
>versions of CRYPTLIB.DLL but as with Adam Cain and NCSA httpd, the NSA
>find mere hooks in code far to easy a target for others to implement
>crypto. Thus, the NSA want the cryptographic functionality embedded
>throughout the application to prevent easy replacement or key
>lengthening.
>
>I find it difficult to imagine a unified win95 release push being
>complicated by two versions.
Actually, this is already the case. As a subscriber to the Microsoft
Developer Network, I get a bunch of CDs every quarter with Microsoft's
released operating systems. In Windows for Workgroups, encryption was
added for sending binary files using fax protocols. I'm not sure if there
is a difference between the US version and the international encryption, (I
think it uses RC4), but there are two versions of French Windows for
Workgroups. One for France, and one for French speakers in the free[er]
world. The for France version excludes the encryption completely. In
fact, Microsoft has to press different versions of the CDs for subscribers
in France.
>And as mentioned above, there would have to be two "significantly" (in
>the eyes of the NSA) versions. This would only serve to complicate
>the design and concurrency issues. I would find it attractive to use
>the US version as it would get more attention wrt bug fixes,
>compatibility and even binary patches. MS would find it attractive to
>simplify on one development. This issue would propagate into all
>related applications as there could never be a CRYPTLIB.DLL.
I'm sorry to say this, but I don't think you can justify revoking ITAR with
just this reason. It doesn't cost Microsoft much more to do split
development, which they must do anyway for each language version of
Windows.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQEVAwUBME04KYZcjR1OWxdNAQEC5wf/V+wInv6RSMW6ajy991XU5+fGNMcEMzls
8g5xgpOnHyK0e6kEIQqPWIz9PV5jiJJ73QNqz1ymUyao+hsRQ5EyDp4GTY9WPjpF
WhnNzNj/K1TmH++2nG0FZxB/ybfVFbON+fD8OvXOAJwe49G+CmlaqUKVP/lvEBe+
u5QZjHsSgVtQWsbFUwAqssp6THo15SzAO6tOeR4eJQbd+UJmfQHClcueXKOJDhUs
oGPoto2xjTQRUYafgmKrz7IdhkYguHbmNTIeCE15cMtYYtuFAIACD8K052+TYuet
EgpCZtfjTnfH+PRKs9JFtJ1r6eVXDJE+IaK2ZzeZ2TXX33YNZmTGOg==
=S4Ix
-----END PGP SIGNATURE-----
--
Arno Schaefer
: >I would be *VERY* much surprised if there
: >the Clipper back door programmed into their scanning software.
: No, they just take the ID, look it up in their database of keys, and
: decrypt with the key. THEY ARE GIVEN ALL THE KEYS when the chips are
: made...remember, they DON'T go to court to get them. They get them 'free'.
Just as a help for further discussion: can you cite a reference for this
claim?
Arno Schaefer
: Tim May <tc...@got.net> writes:
: >Until the alt.anonymous.messages posting saved me. And it came with none of
: >those "I will not export this" promises being made, so I am free now to export
: >it as I wish. (I haven't, but a visitor from Sweden was at my party, and we all
: >got a good laugh at the utter unenforceability of ITARs.)
: Tim: You know better than to make a silly statement like this. The
: restrictions on crypto export are NOT subject to any agreement on your
: part. They are a condition of your living in the USA.
Still wrong. They apply to anybody, not only to people living in the
USA. Otherwise American companies could use employees of their European
dependencies to export their products.
Yet Tim's statement is correct. He didn't _export_ it, so he is free
to distribute it in any way he wishes. ITAR does not apply anymore once
the SW has left the USA.
William Unruh
>: Tim: You know better than to make a silly statement like this. The
>: restrictions on crypto export are NOT subject to any agreement on your
>: part. They are a condition of your living in the USA.
>Still wrong. They apply to anybody, not only to people living in the
>USA. Otherwise American companies could use employees of their European
>dependencies to export their products.
Repeat after me " US laws apply only to US persons and people on the
territory of the USA." If the American company sends the crypto to their
European dependency, they are then exporting the software. If they do so
knowing that it will then be further distributed in violation of the
license, they are breaking the law. If their European dependency further
distributes it and they can prove that it was without their knowledge
and agianst their explicit conditions they placed on their foreign
dependency, they might be able to bring a breach of contract suit
against that foreign dependency, but neither they or the person in
Wurope who distributed it would have violated US law, since the action
did not take place on US soil (I think).
>Yet Tim's statement is correct. He didn't _export_ it, so he is free
>to distribute it in any way he wishes. ITAR does not apply anymore once
No he is not. He is NOT free to export it. And he was in the USA at the
time he got it I understood.
>the SW has left the USA.
If it came back into the USA after it had been exported, it still falls
fully under the ITAR regs and cannot be exported withour a license.
All crypto, no matter what the origin falls under the regs.
The above statements are my lay understanding and do not constitute
competent legal opinion or legal advice.
--
Bill Unruh
un...@physics.ubc.ca
David Sternlight
scha...@rbg.informatik.th-darmstadt.de (Arno Schaefer) wrote:
>Yet Tim's statement is correct. He didn't _export_ it, so he is free
>to distribute it in any way he wishes. ITAR does not apply anymore once
>the SW has left the USA.
This discussion is getting confusing. I thought the original claim was
that of a person in the US who said that since he hadn't signed the "no
export" agreement imposed by the distributor in getting the software, he
was free to export it. That's false--ITAR has nothing to do with whether
you signed an agreement or not. The agreement is just protection for the
distributor--it doesn't protect the recipient of the software at all and
if that recipient is in the US he's covered by the ITAR.
You, on the other hand, are responding to the case of someone _outside_
the US who you say is free to export it further. That's true to the extent
his local laws don't prohibit it and to the extent that there's nothing in
what he's exporting that's covered by international copyrights.
David
Jim Gillogly
In article <42ip87$4...@charm.magnus.acs.ohio-state.edu>,
James R Ebright <jebr...@magnus.acs.ohio-state.edu> wrote:
>Anyway, it came from a variety of sources the most important of which was
>a meeting held between the skipjack folks and research.att.com folks, one
>of whom was, I believe, Matt Blaze.
>
>Matt, I believe, posted a summary of the meeting. You had to do a little
>reading between the lines to come to the conclusion ... but very very little.
I think this is the excerpt you wanted from Matt's message:
> Subject: Notes on key escrow meeting with NSA
> Date: Wed, 2 Feb 1994 21:02:55 GMT
> Message-Id: <mab.760222975@merckx>
> A group from NSA and FBI met the other day with a group of us at Bell
> Labs to discuss the key escrow proposal. They were surprisingly
> forthcoming and open to discussion and debate, and were willing to at
> least listen to hard questions. They didn't object when asked if we
> could summarize what we learned to the net.
> ...
> The NSA did not answer a question as to whether the national security
> community would obtain keys from the same escrow mechanism for their
> (legally authorized) intelligence gathering or whether some other
> mechanism would exist for them to get the keys.
There's probably more than one way to read a non-answer to this particular
question, including perhaps "We don't discuss our methods" or "FISA Court"
or "We don't care much about Clipper traffic" as well as the one suggested
in this thread: "We slurp them off when they're created."
--
Jim Gillogly
Mersday, 15 Halimath S.R. 1995, 01:34
Robert Mashlan
On 5 Sep 1995 22:21:33 GMT, un...@physics.ubc.ca (William Unruh) said in article <42iihd$4...@nntp.ucs.ubc.ca>:
>
>Repeat after me " US laws apply only to US persons and people on the
>territory of the USA."
It should be this way, but it isn't. Just ask the former dictator of
Panama, General Noriega. Ask the crew of a Columbian fishing boat captured
by the U.S. Coast Guard in international waters of the coast off the coast
of Peru, who now face drug charges in San Diego. If I'm not mistaken,
there was a terrorist kidnapped from Cyprus by the FBI, who was charged and
convicted with the deaths of U.S. servicemen in Europe a few years ago. Of
course, it can be argued that US Law doesn't apply until the alleged
offender is brought to the US. At any rate, I'd be wary of any US
law-enforcement officer even if you are not in this country. The U.S.
justice system has grown some pretty long arms in recent years.
However, I doubt the same fate will happen to an out-of-country ITAR
violator.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQEVAwUBME0PsoZcjR1OWxdNAQG0HAf/bdyfH7oXo+yV9wS6qaNg72aPvDuOfJEM
XPwobsdGgI2soFXHTiqSwD2avh2XSnJWs9JYhcRgLgi+njCbza29vBp4rGM5RRX3
oKnm3tsLeE9c7E5Jn9ZhNy5XNYHV2WEQuoCevr6ABRgu1TMr4LQEgZ8zy0T+2aJQ
xdriJbxn97QWpwDwb79anbFH56yMg17kU8rxYIkUapy0cWnPGvW1XJLU988re0VJ
fnqUKcs+2shY2J49FQAE5q87lWrEGz14UAhfH9Owc2ND5MRIdGNkcytbOi1xn0M2
e4seETJk/wczKB2uz8pUTNCtM8jNdsALEgJqIo94AvJX5Aes9Klqrw==
=IH+B
-----END PGP SIGNATURE-----
--
James R Ebright
Arno Schaefer <scha...@rbg.informatik.th-darmstadt.de> wrote:
>James R Ebright (jebr...@magnus.acs.ohio-state.edu) wrote:
>: No, they just take the ID, look it up in their database of keys, and
>: decrypt with the key. THEY ARE GIVEN ALL THE KEYS when the chips are
>: made...remember, they DON'T go to court to get them. They get them 'free'.
>
>Just as a help for further discussion: can you cite a reference for this
>claim?
I have looked into my archives and can't find the post. I have looked
at the sci.crypt archives (found it net.surfing two days ago) at
ftp:://rpub.cl.msu.edu/pub/crypt/sci.crypt
and find they are just grouped in tar files which make it a real pain
to find anything...
Anyway, it came from a variety of sources the most important of which was
a meeting held between the skipjack folks and research.att.com folks, one
of whom was, I believe, Matt Blaze.
Matt, I believe, posted a summary of the meeting. You had to do a little
reading between the lines to come to the conclusion ... but very very little.
I have a giant sun at work...I'll download all the tar's this week
and see what I can find. (While I'm doing all this...anyone know how
to set up wais searchers? Maybe I'll be able to set this up as a net.resource
if it looks worthwhile.)
Matthew James Sheppard
> The ITAR (leaving aside whether Phil will be prosecuted and that will
> compel caution) s honest citizens from overtly violating the law. Thus
> they are very effective in preventing Microsoft from exporting transparent
> secure crypto in every copy of Word; preventing Lotus from doing the same
> in Notes.
But ITAR shouldn't prevent US users from using strong crypto, or MS
from developing it. I reckon it does...
What would happen if a big software manufacturer like MS produced both
a strong crypto version and an export-able version, and distributed
them in accordance with ITAR. Obviously the strong crypto version
would get exported through private channels judging by the success :-)
of pgp, nautilus, pgpfone, cfs... but I assume law abiding
international commercial firms.
My question is, can the US reasonably expect Microsoft (or other
quantity vendor) to produce both versions.
Those in the software world know that this would be as easy as two
versions of CRYPTLIB.DLL but as with Adam Cain and NCSA httpd, the NSA
find mere hooks in code far to easy a target for others to implement
crypto. Thus, the NSA want the cryptographic functionality embedded
throughout the application to prevent easy replacement or key
lengthening.
I find it difficult to imagine a unified win95 release push being
complicated by two versions.
And as mentioned above, there would have to be two "significantly" (in
the eyes of the NSA) versions. This would only serve to complicate
the design and concurrency issues. I would find it attractive to use
the US version as it would get more attention wrt bug fixes,
compatibility and even binary patches. MS would find it attractive to
simplify on one development. This issue would propagate into all
related applications as there could never be a CRYPTLIB.DLL.
IMO while it is _possible_ for US software vendors to use crypto, it
is simply out of reach for MS & others. Thus ITAR holds back both
domestic and international software authored in the US.
--
<URL:http://www.comp.vuw.ac.nz/~matt>
.sig$tin
nETSCAPE@FTP.
.@' LYNX
IP MAIL
:% o_) WWW
'' _/\ PINE
/( $SPAM
`-ASCIIART
ARCHIEGOPHER
SURFTHEINTERNET
Charlie Mingo
Unruh) wrote:
>Repeat after me " US laws apply only to US persons and people on the
>territory of the USA."
International law is not quite as simple as that; just ask the captain of
the Spanish fishing trawler Estai, who recently had his boat siezed
(hijacked?) by Canadian fishing authorities, while in international
waters.
Generally speaking, one country can criminally punish an act committed in
another if it has a "sufficient" jurisdictional nexus to the act.
For example, the US punishes the killing of US citizens by anyone,
anywhere in the world. It also require US citizens living abroad to pay
US income tax (and criminally punishes them if they fail to do so). The
US and Canada both punish people living abroad who facilitate the
importation of drugs into that country. None of these things are at all
controversial under international law.
Canada recently tried to convict a person of genocide for acts committed
in the Nazi-occupied portion of the former Soviet Union, as crimes against
humanity are considered to be punishable by any country. (The prosecution
failed for reasons unrelated to jurisdiction.)
As a Canadian, you should know that Canada has export control laws that
very closely mirror those of the United States. That is why most US
export-controlled materials may be sent to Canada without a license, as if
Canada were not really a foreign country. As a rule of thumb, you should
assume that any item which a US resident cannot export from the US, a
Canadian resident may not export from Canada.
William Unruh
>-----BEGIN PGP SIGNED MESSAGE-----
>On 5 Sep 1995 22:21:33 GMT, un...@physics.ubc.ca (William Unruh) said in article <42iihd$4...@nntp.ucs.ubc.ca>:
>>
>>Repeat after me " US laws apply only to US persons and people on the
>>territory of the USA."
>It should be this way, but it isn't. Just ask the former dictator of
>Panama, General Noriega. Ask the crew of a Columbian fishing boat captured
There is the rule of force and the rule of law. In international law,
there is no international police force or international legal system
with sanctions. Thus nations can and do break the law, and of no country
is willing to stand up to them they will get away with it.
>However, I doubt the same fate will happen to an out-of-country ITAR
>violator.
Precisely my point, at least with respect to PGP. They might well lose
the case once they got the person to the USA as well.
However if someone was smuggling A bombs, I suspect they would get away
with out of country ITAR violators. (Remember that ITAR is much more
than crypto, and in many of its sections makes a lot of sense. It is
with respect to one very small section of ITAR that it bcomes hard to
justify.
Remember that lots of the chemicals which ITAR controls are almost as
easily ( or more easily) manufactured than is PGP.
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>iQEVAwUBME0PsoZcjR1OWxdNAQG0HAf/bdyfH7oXo+yV9wS6qaNg72aPvDuOfJEM
>XPwobsdGgI2soFXHTiqSwD2avh2XSnJWs9JYhcRgLgi+njCbza29vBp4rGM5RRX3
>oKnm3tsLeE9c7E5Jn9ZhNy5XNYHV2WEQuoCevr6ABRgu1TMr4LQEgZ8zy0T+2aJQ
>xdriJbxn97QWpwDwb79anbFH56yMg17kU8rxYIkUapy0cWnPGvW1XJLU988re0VJ
>fnqUKcs+2shY2J49FQAE5q87lWrEGz14UAhfH9Owc2ND5MRIdGNkcytbOi1xn0M2
>e4seETJk/wczKB2uz8pUTNCtM8jNdsALEgJqIo94AvJX5Aes9Klqrw==
>=IH+B
>-----END PGP SIGNATURE-----
>--
--
Bill Unruh
un...@physics.ubc.ca
Geoff Lane
: In <42090d$g...@charm.magnus.acs.ohio-state.edu>,
: jebr...@magnus.acs.ohio-state.edu (James R Ebright) writes:
: >and 4 hours judging from the difference in times between Shiller's
: >PGPfone posting and the announcement that it is available for import
: >from Europe...
: >Ah...for 3 days the NSA thought the world was a safer place ;)
: I see. So because there are murders you think we should repeal the laws
: against murder?
If they were unenforceable, why not? But as society takes a particularly
grave view over murder it expends it's resources in attempting to prevent
and if necessary solve murders. Society believes that this view is better
than the alternative and is prepared to go to almost any lengths to enforce
the law.
I cannot see society taking a similar view over cryptography. Prosecuting
people for exporting idea's already available in scientific publications
while you friendly local drug pusher is still walking the streets is not
going to be popular.
--
Geoff. Lane. | mailto:zza...@cs6400.mcc.ac.uk | http://gl.mcc.ac.uk/
CS6400 Admin, MCC, Manchester University, Oxford Rd, Manchester, M13 9PL, UK
Elwood: It's a 106 miles to Chicago. We've got a full tank of gas, and a
half a pack of cigarettes. It's dark, and we're wearing subglasses.
Jake: Hit it!
Geoff Lane
: The only way to eliminate overtime parking entirely is to make it a
: capital offense and wait for natural selection to take its course. You'd
: be surprised how many who are executed for crimes do not become repeat
: offenders. :-)
Of course, there is the alternative. End the parking time limit. Fire the
traffic wardens. Fire the lawyers who prosecute the cases. Fire the judges
who spend all their time in traffic courts. Reduce taxes because of all the
money saved.
or,telling the cops to shoot out the windscreens of any car that is parked
over the limit is another possibilty (and probably would be quite popular
with the cops :-)
Charlie Mingo
Unruh) wrote:
>>>Repeat after me " US laws apply only to US persons and people on the
>>>territory of the USA."
>
>>It should be this way, but it isn't. Just ask the former dictator of
>>Panama, General Noriega. ...
>
>There is the rule of force and the rule of law. In international law,
>there is no international police force or international legal system
>with sanctions. Thus nations can and do break the law, and of no country
>is willing to stand up to them they will get away with it.
There isn't the same KIND of legal system for international law as for
domestic, but real rules do exist (don't kidnap diplomats), tribunals
(World Court, GATT, Security Council) decide cases, and sometimes
penalties ARE imposed.
Some of these penalties are relatively minor (no air flights to Lybia); on
the other hand, the Kuwait War and subsequent anti-Iraq sanctions can be
seen as an example of a "real" penalty. Ditto the bombardment of the
Serbs.
It's much more then a political matter: there are many countries on the US
govt's enemies list (Iran, No Korea, Cuba), but it can never get UN
permission to invade any of them. Iraq broke the rules when it invaded
Kuwait, and gave the US a rare opportunity to get UN sanction for the use
of force.
To go back to the original point about jurisdiction: there have have
always been recognized forms of extraterritorial jurisdiction: eg,
conduct outside a state but designed to have an effect within (eg, drug
smuggling), or crimes against humanity (eg, genocide, slavery, piracy).
In most cases where the US claims extraterritorial jurisdiction, it has to
ask another country to extradite the individual. Extradition does not
work unless the other country recognizes the legitimacy of the claim of US
jurisdiction.
Thus, when Canada extradites a person to the US to face drug smuggling
charges (a routine event) it is recognizing the legitimacy of US
extraterritorial jurisdiction. Canada does this because it makes similar
demands of the US.
David Sternlight
Matthew....@comp.vuw.ac.nz (Matthew James Sheppard) wrote:
>In article <david-03099...@192.0.2.1> da...@sternlight.com (David
Sternlight) writes:
>> The ITAR (leaving aside whether Phil will be prosecuted and that will
>> compel caution) s honest citizens from overtly violating the law. Thus
>> they are very effective in preventing Microsoft from exporting transparent
>> secure crypto in every copy of Word; preventing Lotus from doing the same
>> in Notes.
>
>But ITAR shouldn't prevent US users from using strong crypto, or MS
>from developing it. I reckon it does...
>
>What would happen if a big software manufacturer like MS produced both
>a strong crypto version and an export-able version, and distributed
>them in accordance with ITAR. Obviously the strong crypto version
>would get exported through private channels judging by the success :-)
>of pgp, nautilus, pgpfone, cfs... but I assume law abiding
>international commercial firms.
>
>My question is, can the US reasonably expect Microsoft (or other
>quantity vendor) to produce both versions.
The counterexamples are the many cars (or electrical products, or other
products to a unique standard) made for sale in the UK (with the steering
wheel on the right) by factories in other countries. That's a vastly more
complex and expensive undertaking than two versions of software. It was
profitable even before computers made such tailored production easier. The
profit margins were much smaller. The market sizes (given the existing
competition) were comparable. The fragmentation of markets due to varying
local standards is vastly greater than a fragmentation into US and non-US
versions (only two alternatives).
What's more, software companies today routinely produce local language
versions of their products--a vastly more complex and costly undertaking
(except perhaps for Apple with their "localization"--but that took heavy
capital investment--) than two versions with respect to crypto features.
If companies aren't willing to to that, then they can manufacture just for
the US market, and leave crypto out or put weak crypto in for export.
Again, the proof this is profitable is that it's been happening for a
number of years.
No, the issue is "extra" profits, not making something infeasible. Thus
that can, and should be traded off against the incremental economic loss
through weaker national security.
David
Herb Sutter
da...@sternlight.com (David Sternlight) wrote:
>[Why or why not to avoid writing two versions of software, one for export and
one not]
>No, the issue is "extra" profits, not making something infeasible. Thus
>that can, and should be traded off against the incremental economic loss
>through weaker national security.
In that case, perhaps you could shed some light on a problem I'm facing now
(and note that the issue is not "extra" profits <grin>): I'm writing a
distributed app being developed in Canada that will be used by a charity
both within and outside North America, but which also requires security -- a
public-key system for session authentication, and a private cipher system for
session keys. The issue is that all sites must be compatible and able to talk
to each other, meaning consistent encryption (no incompatible "N.Am. version"
and "international version" differences). Assuming that N.Am. export laws
don't change anytime soon, this seems to mean I can't use something like 3DES
or RSA, right?
So, then, what are my options? Here are the critical questions:
1. What is the strongest exportable royalty-free private cipher? (I'll
probably need to end up using a variable-length cipher for the private cipher
just to be able to obey export regs (cripple the international version to 40
bits) while maintaining the same cipher consistently at all installations so
that they cal talk to each other.)
2. What is the strongest exportable royalty-free public-key cipher? (Are
there variable-length public-key ciphers? I would consider RSA anyway, but
even for this nonprofit app they want per-user royalties, which are high
enough that the charity cannot afford them. Clearly I suppose I could use RSA
anyway by using RIPEM(?) or some other library, but that would only solve the
royalty problem outside the U.S. -- since I do need to be able to use the app
in U.S. sites, this approach fails because of its patent infringement, and so
it looks like RSA can't be a candidate in my situation.)
So, what does one do when one must have a secure international app _without_
source code (i.e., cipher) differences? (And when the issue is not "extra
profits"?) Thanks in advance,
Herb
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Herb Sutter 2228 Urwin, Ste 102 voice (416) 618-0184
Connected Object Solutions Oakville ON Canada L6L 2T2 fax (905) 847-6019
Alan Lovejoy
>
>-----BEGIN PGP SIGNED MESSAGE-----
>
>On 5 Sep 1995 22:21:33 GMT, un...@physics.ubc.ca (William Unruh) said
in article <42iihd$4...@nntp.ucs.ubc.ca>:
>>
>>territory of the USA."
>
>It should be this way, but it isn't. Just ask the former dictator of
captured
coast
>of Peru, who now face drug charges in San Diego. If I'm not mistaken,
>there was a terrorist kidnapped from Cyprus by the FBI, who was
charged and
>convicted with the deaths of U.S. servicemen in Europe a few years
ago. Of
>course, it can be argued that US Law doesn't apply until the alleged
>offender is brought to the US. At any rate, I'd be wary of any US
>law-enforcement officer even if you are not in this country. The U.S.
>justice system has grown some pretty long arms in recent years.
>
>However, I doubt the same fate will happen to an out-of-country ITAR
>violator.
The idea of U.S. law enforcement actually trying to enforce US law on
a global basis is laughable in view of their obvious difficulty in
effectively enforcing U.S. law within U.S. borders.
But that doesn't mean that those who pose some especially severe
level of annoyance to U.S. authorities might not be targeted for
extra-territorial enforcement action--as history has shown.
The U.S. Constitution even countenances extraterritorial law
enforcement by the federal government. At the time the Constitution
was written, there was a significant problem with piracy on the
high seas. To combat this problem, the Constitution gives the
government the right to issue "letters of marque and reprisal,"
which essentially means an international bounty hunter license,
international arrest warrant and authorization of tit-for-tat
retaliation (piracy was sometimes done under state sponsorship,
not as political terrorism but simply as covert action to cause
grief to the enemy). Although piracy was the motivation for the
power to grant "letters of marque and reprisal," there is no
Constitutional limitation on the apprehension of "criminals" from
outside U.S. borders.
Whether a US court will decide that US law can be applied to what you
do outside of U.S territory is at best problematical. Foreign
nationals who engage in activities that are legal in the country
in which they took place, and whose government is willing to
stand behind them, would almost certinaly not be bothered in any way,
with the possible exception of activities relating to controlled
substances, or which are deemed to violate securities trading
rules with respect to transactions involving American citizens.
The danger rises substantially for American citizens, for activities
that were also not legal in the country where they ocurred, or
where the current government of the person's country of citizenship
has no interest in defending the rights of that particular
citizen (Noriega, for instance). Another bad sign would be any
action that is deemed to harm American citizens--this is probably
the single most likely reason a US court would consider it had
jurisdiction over the actions of a foreign national beyond the
borders of the U.S.
The income of American citizens is subject to income tax regardless of
where they live, where they earn their money, or what other
citizenships they may jointly have. The U.S. is just about the only
country in the world that does this. Even Americans who have renounced
their US citizenship are subject to income tax for ten years after
giving up their citizenship. (And people still want to come here?!)
Being an American citizen is a full time job. You can't take a
vacation from it by going to another country.
As for ITAR, it is not clear that the law as interpreted by the federal
government would be upheld as Constitutional by the courts. An
American citizen's defense against a charge of violating ITAR might
succeed on Constitutional grounds, and it might succeed because he
can convince the court that the alleged violations actually involve
actions that occurred entirely outside US borders and therefore no
"export" can be deemed to have ocurred. Simply arguing that the
US has no jurisdiction over the actions of citizens beyond US borders
would be a very weak argument in practice (regardless of its moral
weight)--the IRS has already won that battle.
Please note: these comments should in no way be interpreted as an
endorsement or condemnation of federal policy or past actions. I am
simply trying to explain my understanding of actual practice. Editorial
opinions on these issues are probably not appropriate to this
newsgroup.
Alan Lovejoy
writes:
>Geoff. Lane. | mailto:zza...@cs6400.mcc.ac.uk |
http://gl.mcc.ac.uk/
>CS6400 Admin, MCC, Manchester University, Oxford Rd, Manchester, M13
9PL, UK
The crux of this issue is very simple: preventing even one death by
outlawing murder, and attempting to enforce the murder law, would
be enough justification to keep the murder law on the books and the
homicide detectives gainfully employed. Conversely, a secret only
has to get past the export barrier once to render any further attempts
to control its distribution utterly pointless.
For an export restriction to have any rational justification, there has
to be probable cause to believe:
1) that the secrets, knowledge, expertise, technology and/or
science that one is trying to protect are not already freely
available beyond the nation's borders (attempting to enforce
an export restriction when you know--or should know--that this
point doesn't hold should itself be a felony);
2) that enforcement of the export restriction has some reasonable
chance of keeping the secret for long enough time to make any
difference to national security;
3) that the benefits of keeping the secret outweigh the costs
of foregoing the income that could be earned by selling the
technology globally.
Attempting to keep technological secrets is not a priori a bad policy.
But trying to "keep a secret" that no longer is a secret by
psychotically pretending that laws against revealing the secret
can and should still be applied...is criminally insane.
Padgett 0sirius
>Attempting to keep technological secrets is not a priori a bad policy.
>But trying to "keep a secret" that no longer is a secret by
>psychotically pretending that laws against revealing the secret
>can and should still be applied...is criminally insane.
Think this is part of a broader problem:
1) Laws must be enforced (laws which are not enforced dilute all laws)
2) Laws which cannot be or are not being enforced should be repealed
3) Proposed laws should be required to pass an "enforcibility" test before
being enacted.
4) Lack of funding/resources is not an excuse.
However, if you consider that the purpose of ITAR is not to keep a secret
but rather to inhibit domestic market development, it works very well.
A. Padgett Peterson, P.E.
Cybernetic Psychophysicist
Totally Obsessed with TransOceanics
My other car is a Pontiac too
We also walk dogs
PGP 2.7 Public Key Available
David Sternlight
Sutter) wrote:
>So, what does one do when one must have a secure international app _without_
>source code (i.e., cipher) differences? (And when the issue is not "extra
>profits"?) Thanks in advance,
Your requirement for no source code differences violates both the law and
current non-crypto practice. Most applications sold around the world
already have country-specific source code differences.
You may use shorter key exportable systems, or use PGP-US in the US and
PGP international outside. They are message compatible.
In the public policy discussion about changing the law, companies are
arguing lost sales which, given the market sizes they think viable, has to
do not with the occasional "niche" user such as you, but the mass market.
Thus it's about incremental profits for them. Even when they sell to
non-profits, it's incremental profits for them.
It's perfectly correct that a small organization can invent a case where
it's not lost profits but feasibility, but that's not what the policy
debate is about. You, sir, developing your own software, don't count when
it comes to the thinking of the Microsofts of the world. And there aren't
enough of you to swing the policy debate. The gummint isn't going to
assure new and tiny fantasized profits of niche players or increasing the
convenience of such small niche players by dumping what they see as
national security overboard.
David
David Sternlight
(Alan Lovejoy ) wrote:
>The crux of this issue is very simple: preventing even one death by
>outlawing murder, and attempting to enforce the murder law, would
>be enough justification to keep the murder law on the books and the
>homicide detectives gainfully employed. Conversely, a secret only
>has to get past the export barrier once to render any further attempts
>to control its distribution utterly pointless.
You misstate the issue badly. ITAR isn't there only to keep secrets from
traveling. It's there in the case of crypto to prevent law-abiding US
companies which have most of the global software market from including
transparent "hard" crypto in their exported applications, thus vastly
increasing the volume of encrypted traffic which the USG would otherwise
be lawfully reading without difficulty.
David
Alan Lovejoy
(Padgett 0sirius) writes:
>
>In article <42p2go$b...@ixnews4.ix.netcom.com> love...@ix.netcom.com
(Alan Lovejoy ) writes:
>>Attempting to keep technological secrets is not a priori a bad
policy.
>>But trying to "keep a secret" that no longer is a secret by
>>psychotically pretending that laws against revealing the secret
>>can and should still be applied...is criminally insane.
>
>Think this is part of a broader problem:
>1) Laws must be enforced (laws which are not enforced dilute all laws)
>2) Laws which cannot be or are not being enforced should be repealed
I would reformulate this as "laws must either be enforced or repealed."
>3) Proposed laws should be required to pass an "enforcibility" test
before
> being enacted.
>4) Lack of funding/resources is not an excuse.
>
>However, if you consider that the purpose of ITAR is not to keep a
secret
>but rather to inhibit domestic market development, it works very well.
In the short run, perhaps.
> A. Padgett Peterson, P.E.
> Cybernetic Psychophysicist
> Totally Obsessed with TransOceanics
> My other car is a Pontiac too
> We also walk dogs
> PGP 2.7 Public Key Available
If ITAR is not modified to reflect reality, the eventual result will be
almost identical to repealing it totally. The only important
difference will be that non-US software companies will control the
standards for and marketshare of crypto-based software programs.
Whether the US can prevent the widespread adoption of strong
NSA-unbreakable encryption is simply not an open question: it cannot,
no matter how draconian the laws that may be passed or enforced.
The only open question is who will sell and profit from such programs.
US law enforcement should start considering how it will be effective
in the coming world of strong unbreakable crypto, not hiding their
heads in the sand of false hope called ITAR.
Charlie Mingo
>The crux of this issue is very simple: preventing even one death by
>outlawing murder, and attempting to enforce the murder law, would
>be enough justification to keep the murder law on the books and the
>homicide detectives gainfully employed.
Well, actually, no: society looks at the magnitude of a risk when deciding
how much resources to allocate to prevent a negative outcome. There are
lots of low-level risks that society generally ignores: say, the risk of
being killed by a meteorite or of having an airplane crash onto your
house.
If we ever concluded that there was only going to be, at most, one (1)
murder committed in the future, we would no longer assign tens of
thousands of policemen to investigate homicide, because they would no
longer have anything to do. The size of your local homicide team is
directly related to the local murder rate.
>Conversely, a secret only
>has to get past the export barrier once to render any further attempts
>to control its distribution utterly pointless.
That depends on what the person who smuggled the secret out does with it.
If they keep that information to themselves, the export controls still
make sense.
Charlie Mingo
pad...@goat.orl.mmc.com (Padgett 0sirius) wrote:
>Think this is part of a broader problem:
>1) Laws must be enforced (laws which are not enforced dilute all laws)
>2) Laws which cannot be or are not being enforced should be repealed
Not all laws are enforced in the same way. Sometimes an act is declared
to be criminal merely for declaratory purposes, and not because we plan on
arresting anyone.
For example, many drugs and pesticides tell you that it is a violation of
federal law to use this product in a manner inconsistent with its
labelling; not because they plan to arrest you if you take too many
tylenols, but so that they deny all liability for the consequences of your
doing so.
Similarly, I don't think too many people are arrested for bigamy; the law
merely exists to tell you what you are not allowed to do. You might say
that it is self-enforcing.
>3) Proposed laws should be required to pass an "enforcibility" test before
> being enacted.
>4) Lack of funding/resources is not an excuse.
What if it is physically impossible to catch -everybody- who breaks the
law, but it quite possible to catch a great number of them. Is that an
"enforcible" or an "unenforcible" law? What percentage do you have to
reach before you consider the law to be "enforcible?"
If we were to have an epidemic of unsolved murders, would you really
advocate repealing the law against murder? What -practical- benefit would
result from that?
I understand that you think people would respect the laws more than they
do now, but would this abstract benefit justify all the additional deaths
that would surely occur if the law against murder were repealed?
David Sternlight
>
>However, if you consider that the purpose of ITAR is not to keep a secret
>but rather to inhibit domestic market development, it works very well.
Nope. Domestic market development is alive and well, thank you very much.
It's to inhibit the export of strong crypto in widely-used US-made
applications, thus preventing the routine conversion of a vast volume of
foreign plaintext traffic into encrypted traffic.
David
Alan Lovejoy
Those who find themselves in Herb Sutter's situation will simply have
the software they need and want developed in India or some other
free country.
We should rename ITAR "The Foreign Programmer Full Employment And
National Security Irrelevancy Act." Let's call a spade a spade.
ITAR actually hurts national security: It gives foreigners the
impression that Americans--or at least the American national security
apparatus--isn't very bright. This could lead to very dangerous
miscalculations.
Herb Sutter
>>enough of you to swing the policy debate. The gummint isn't going to
>>assure new and tiny fantasized profits of niche players or increasing
>>the convenience of such small niche players by dumping what they see as
>>national security overboard.
Dear me, now I see the reason (for the other thread about politeness or lack
thereof from certain people). :)
Just to clear up any confusion: David, while I don't quite know how I managed
to offend you, all I wanted to know was what public and private encryption
methods are out there -- that I can use and distribute -- to achieve having
the same cipher here and overseas. When I wrote "no source code differences"
I meant it, and wanting that does not violate the law AFAIK; one example is
using a variable-length cipher, which means I can use the same cipher in all
products and simply put a limit on the key length. Changing one "const int
MAX_KEY_LEN = 40" and rebuilding is not a meaningful source code difference to
me; the same body of code and the same cipher still targets all environments.
However, my problem (which I hoped those in the group could help me with) was
that I didn't know _what_ variable-length private ciphers were freely
available or where I could get source for them (and similarly for public-key
cryptosystems for authentication).
>Those who find themselves in Herb Sutter's situation will simply have
>the software they need and want developed in India or some other
>free country.
Not this time (I hasten to add, lest I give the wrong impression)... however,
I do see your point that others might do so.
Now that you mention it... were a software product using strong crypto
developed somewhere like India, would I be correct in assuming it would be
freely distributable in North America because of free import (assuming it
didn't violate any patents valid in target countries, and assuming that import
continues to be free)?
If so, what prevents someone from developing the bulk of a product here,
moving development and testing to India for the crypto, and then importing
the completed system? (I am not repeat NOT trying to fan the flames or incite
illegal activity; I just would like to know. I am also not repeat NOT
interested in breaking the law, and apart from occasional speeding am not
aware that I have ever broken any law in the past decade, not even in a minor
way.)
>We should rename ITAR "The Foreign Programmer Full Employment And
>National Security Irrelevancy Act." Let's call a spade a spade.
>
>ITAR actually hurts national security: It gives foreigners the
>impression that Americans--or at least the American national security
>apparatus--isn't very bright. This could lead to very dangerous
>miscalculations.
While I seem to have stepped into a minefield, I have no intention of taking
either side in a political debate. My only concern is knowing what is
available and legal for me to use given my target and constraints.
Alan Lovejoy
(Charlie Mingo) writes:
>
>In article <42p2go$b...@ixnews4.ix.netcom.com>, love...@ix.netcom.com
>(Alan Lovejoy ) wrote:
>
>>The crux of this issue is very simple: preventing even one death by
>>outlawing murder, and attempting to enforce the murder law, would
>>be enough justification to keep the murder law on the books and the
>>homicide detectives gainfully employed.
>
>Well, actually, no: society looks at the magnitude of a risk when
deciding
>how much resources to allocate to prevent a negative outcome. There
are
>lots of low-level risks that society generally ignores: say, the risk
of
>being killed by a meteorite or of having an airplane crash onto your
>house.
>
>If we ever concluded that there was only going to be, at most, one (1)
>murder committed in the future, we would no longer assign tens of
>thousands of policemen to investigate homicide, because they would no
>longer have anything to do. The size of your local homicide team is
>directly related to the local murder rate.
I don't disagree with your point per se, but it misses the point of
what I was trying to say. I wasn't arguing that society would
necessarily decide to spend a constant amount of money on homicide
prevention regardless of the murder rate. My point was rather that
society would not condider that spending resources on the prevention of
homicide would be pointless or completely wasted as long as at least
one life might thereby be saved. By "keep..the homicide detectives
gainfully employed" I didn't mean to specify a constant number.
>>Conversely, a secret only
>>has to get past the export barrier once to render any further
attempts
>>to control its distribution utterly pointless.
>
>That depends on what the person who smuggled the secret out does with
it.
>If they keep that information to themselves, the export controls still
>make sense.
Again, what you say is true per se, but misses the point. I very
carefully didn't say that getting the secret past the export barrier
necessarily makes the barrier moot. I said that a secret only has
to breach the export barrier once in order to make the barrier moot.
That statement in no way implies that a single breach would always
result in the barrier becoming moot, but only that even just one
breach has the potential to do so. The distinction is subtle, but
renders your comment non-sequitur with respect to my original post.
Iolo Davidson
love...@ix.netcom.com "Alan Lovejoy " writes:
> A judge has the legal power to order me to turn
> my diaries over to the court, but he can't torture my two
> year old child to death in order to coerce my compliance.
Too right. That's Janet Reno's job.
--
AS YOU JOURNEY THE GLASS THAT CHEERS
DOWN THE YEARS IF YOU USE
YOUR MIRROR IS Burma-Shave
Alan Lovejoy
Sternlight) writes:
>
>In article <42p2go$b...@ixnews4.ix.netcom.com>, love...@ix.netcom.com
>(Alan Lovejoy ) wrote:
>
>>The crux of this issue is very simple: preventing even one death by
>>outlawing murder, and attempting to enforce the murder law, would
>>be enough justification to keep the murder law on the books and the
>>has to get past the export barrier once to render any further
attempts
>>to control its distribution utterly pointless.
>
from
>traveling. It's there in the case of crypto to prevent law-abiding US
>companies which have most of the global software market from including
>transparent "hard" crypto in their exported applications, thus vastly
>increasing the volume of encrypted traffic which the USG would
otherwise
>be lawfully reading without difficulty.
>
>David
I knew that already, David. And we all know that at best this only
delays the inevitable day when governments won't be able to read
the majority of private communications anywhere in the world.
Just because it is legal for the USGov to intercept and read a message
does not imply that the government can violate the Constitution in
order to guarantee that it will physically be able to intercept the
message and/or be linguistically competent to understand its content.
The fact that it has the legal right to attempt to intercept the
message does not mean that it can therefore commit murder in order to
obtain the message. A judge has the legal power to order me to turn
my diaries over to the court, but he can't torture my two year old
child to death in order to coerce my compliance.
My Constitutional right to freedom of speech and privacy supercedes
the government's right to intercept and/or read messages that cross
US borders. The government has every right to try to intercept this
message and to try to decrypt it. But they are Constitutionally
prohibited from censoring my right to send the message in any way:
They can't make me encode the message in English instead of Russian.
They can't force me to use EBCDIC instead of ASCII. They can't make
me use e-mail instead of paper mail. And they can't force me to use
Skipjack instead of RSA. And they certainly can't censor the content
of my message. I have the Constitutionally protected right to send
any message I choose without any prior restraint. A computer program
is a message, and its transmittal (including export) is therefore
Constitutionally protected.
If the above is not true, then the US cannot claim to be a free
country--and the US Constition is null and void. And the very fact
that I have to mention this caveat should send a chill down your
spine...
Alan Lovejoy
writes:
>...stuff deleted...
>>Those who find themselves in Herb Sutter's situation will simply have
>>the software they need and want developed in India or some other
>>free country.
>
>Not this time (I hasten to add, lest I give the wrong impression)...
however,
>I do see your point that others might do so.
>
>Now that you mention it... were a software product using strong crypto
>developed somewhere like India, would I be correct in assuming it
would be
>freely distributable in North America because of free import (assuming
it
>didn't violate any patents valid in target countries, and assuming
that import
>continues to be free)?
You could import it into the US. You could sell to US customers from
a US site. Foreign customers would have to order it from a foreign
site, and it would have to be fabricated and shipped to them from a
foreign site.
>If so, what prevents someone from developing the bulk of a product
here,
>moving development and testing to India for the crypto, and then
importing
>the completed system? (I am not repeat NOT trying to fan the flames
or incite
>illegal activity; I just would like to know. I am also not repeat NOT
Nothing prevents this other than economic issues. Many companies
have already opened up software development organizations in India.
When Microsoft decides they want to put strong crypto into Word, or
Visa decides they want strong crypto in their charge processing
system on a global basis, this is probably how they'll get the job
done.
ITAR is irrelevant over a strategic time scale.
>interested in breaking the law, and apart from occasional speeding am
not
>aware that I have ever broken any law in the past decade, not even in
a minor
>way.)
>
>>We should rename ITAR "The Foreign Programmer Full Employment And
>>National Security Irrelevancy Act." Let's call a spade a spade.
>>
>>ITAR actually hurts national security: It gives foreigners the
>>impression that Americans--or at least the American national security
>>apparatus--isn't very bright. This could lead to very dangerous
>>miscalculations.
>
>While I seem to have stepped into a minefield, I have no intention of
taking
>either side in a political debate. My only concern is knowing what is
>available and legal for me to use given my target and constraints.
>
>Herb
Get legal advice before selling any product with strong crypto in it.
You'll sleep better at night.
And remember the fear that prompted you to disclaim any particular
political position the next time you hear America referred to as a free
country.
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Charlie Mingo
(Alan Lovejoy ) wrote:
>>If we ever concluded that there was only going to be, at most, one (1)
>>murder committed in the future, we would no longer assign tens of
>>thousands of policemen to investigate homicide, because they would no
>>longer have anything to do. The size of your local homicide team is
>>directly related to the local murder rate.
>
>I don't disagree with your point per se, but it misses the point of
>what I was trying to say. I wasn't arguing that society would
>necessarily decide to spend a constant amount of money on homicide
>prevention regardless of the murder rate. My point was rather that
>society would not condider that spending resources on the prevention of
>homicide would be pointless or completely wasted as long as at least
>one life might thereby be saved.
You seem to have missed the point yourself: is your claim that, as long as
a single life is saved, the resources won't be COMPLETELY wasted? That
may be true, but society doesn't care whether resources are COMPLETELY
wasted, but rather on whether they could more usefully be employed
elsewhere.
If we ever were in a situation where there was at most one (1) murder
possible, then preventing murder would be assigned the same relatively low
priority we assign to (say) preventing death by bee-stings.
>That statement in no way implies that a single breach would always
>result in the barrier becoming moot, but only that even just one
>breach has the potential to do so.
The export control people don't care so much as to whether the barriers
have the POTENTIAL of becoming moot, but whether they have ACTUALLY become
so. As long as there is a possibility that a one-time-exported technology
would not become widely available abroad, they can logically claim that
the controls serve a purpose.
Think about it: if you are trying to keep something secret, and you know
that at least one outside person has found it out, you will not ASSUME
that your secret has become widely known. Rather, you would wait to see
if this has acually happened, and if not you would continue to keep the
secret.
David Sternlight
(Alan Lovejoy ) wrote:
>My Constitutional right to freedom of speech and privacy supercedes
>the government's right to intercept and/or read messages that cross
>US borders. The government has every right to try to intercept this
>message and to try to decrypt it. But they are Constitutionally
>prohibited from censoring my right to send the message in any way:
>They can't make me encode the message in English instead of Russian.
>They can't force me to use EBCDIC instead of ASCII. They can't make
>me use e-mail instead of paper mail. And they can't force me to use
>Skipjack instead of RSA. And they certainly can't censor the content
>of my message. I have the Constitutionally protected right to send
>any message I choose without any prior restraint. A computer program
>is a message, and its transmittal (including export) is therefore
>Constitutionally protected.
>
>If the above is not true, then the US cannot claim to be a free
>country--and the US Constition is null and void. And the very fact
>that I have to mention this caveat should send a chill down your
>spine...
1. Equating the right to encryption with freedom of speech is a political
advocacy, not a statement of the law unless and until there is a court
test on the matter.
2. The degree to which there is a Constitutional "right to privacy" and
what is included in that right is a subject of disagreement even among
Supreme Court justices. As a consequence, that "right" is specific and
defined over time by various court decisions. Any claims about a general
right are a political advocacy, not a statement of the law.
David
Iolo Davidson
da...@sternlight.com "David Sternlight" writes:
> You are ignoring the discussion to date.
Much of which has been refutation of your support for ITAR.
> The national security
> apparatus has made a determination that preserving all those
> plaintext messages sent via US software systems in the overseas
> market is more valuable than satisfying the few Sutters of the
> world.
I have seen you say put this view, but not seen any quote or
other indication that the NSA or other agency have gone public on
it themselves. This seems to be a new claim from you.
> I am sympathetic to that argument
The problem with that argument, leaving aside the counter
argument that has been put several times and which you seem
determined not to take into account, is that the ITAR provisions
are supposed to be about keeping arms out of the hands of
enemies, not making it easy to read the everyday communications
of your friends.
You can make an argument that encryption is a weapon in the hands
of foreign armies, diplomats, or spies but not when it is in the
hands of your commercial business partners overseas. The ITAR
regs by your argument, keep encryption out of the hands of
foreign businesses, purely on the convenience factor of it not
being integrated into common software, but have no effect on the
ability of foreign armies, diplomats, and spies to get strong
encryption from the USA.
Why is the US government using arms control laws to aid
commercial and information gathering? It is another example of
the hidden agenda in the ITAR regs. I would like to see any
government announcement that this is their purpose. It seems to
me that they can't announce it without revealing that the arms
control excuse is bogus as far as encryption is concerned.
The hidden agenda has to remain hidden or it gives away the fact
that they are using arms control excuses not to deny arms to the
enemy, but to make it easier to spy on the commerce of their
friends.
> Perhaps you'd like to enter into an adult discussion of this
> topic. If not, you're wasting your time and ours.
We've had that. You simply dismiss the other fellows position
and return to repeating your own at every opportunity. (*My*
gratuitous two line dig. Why do you always add one?)
David Sternlight
(Alan Lovejoy ) wrote:
>Those who find themselves in Herb Sutter's situation will simply have
>the software they need and want developed in India or some other
>free country.
Probably true except for the totally gratuitous ideological slur of "free"
country. If you think that India is a "free" country compared to the U.S.
you don't know much about India.
>
>ITAR actually hurts national security: It gives foreigners the
>impression that Americans--or at least the American national security
>apparatus--isn't very bright. This could lead to very dangerous
>miscalculations.
You are ignoring the discussion to date. The national security apparatus
has made a determination that preserving all those plaintext messages sent
via US software systems in the overseas market is more valuable than
satisfying the few Sutters of the world. What is more, they have convinced
successive administrations and Congresses of both parties of the validity
of their assertions, since that is still the state of the law and attempts
to change it have, to date, failed. I am sympathetic to that argument--it
makes logical sense to anyone who has read the many books on the history
of intelligence and the kinds of successes through putting pieces of
innocent-seeming open information together.
Even if you come to a different assessment than I do, the government is
behaving rationally, and the charge of "not very bright" is yet another
one arising out of either ignorance or malice, not logic.
Perhaps you'd like to enter into an adult discussion of this topic. If
not, you're wasting your time and ours.
David
David Sternlight
Sutter) wrote:
>In article <42qbd6$e...@ixnews6.ix.netcom.com>,
> love...@ix.netcom.com (Alan Lovejoy ) wrote:
>>In <david-08099...@192.0.2.1> da...@sternlight.com (David
>>Sternlight) writes:
>>>You, sir, developing your own software, don't count [...]
>>>enough of you to swing the policy debate. The gummint isn't going to
>>>assure new and tiny fantasized profits of niche players or increasing
>>>the convenience of such small niche players by dumping what they see as
>>>national security overboard.
>
>Dear me, now I see the reason (for the other thread about politeness or lack
>thereof from certain people). :)
This seems to me to be a totally dishonest selective quote. I'm not going
to repeat what was a perfectly clear and legitimate point about Microsoft,
which you excised and replaced by [...] totally changing my meaning.
As to your later protestations of innocence, you entered directly in the
substance of the sub-thread about whether people were pursuing incremental
profits, and it ill behooves you now to assert that you were posting just
for information about cryptosystems you could use and are bewildered at
the response you got.
David
Iolo Davidson
da...@sternlight.com "David Sternlight" writes:
> In article <810695...@mist.demon.co.uk>, io...@mist.demon.co.uk wrote:
>
> >In article <david-09099...@192.0.2.1>
> > da...@sternlight.com "David Sternlight" writes:
> >
> >> You are ignoring the discussion to date.
> >
> >Much of which has been refutation of your support for ITAR.
>
> Not so. It's mostly been a straw man side sequence which ignores the
> needle in the haystack argument
I have posted a strong refutation of your haystack argument at
least twice. The first time you did not respond to it at all.
The second time you dismissed it with "nice try". I have seen
other posts from other people also dealing with your haystack
argument and pointing out that it will not hold once *any* form
of crypto, even the government mandated escrowed stuff, is
integrated into mainstream software.
You cannot claim that your haystack argument has been ignored.
Nor can you ignore the counter arguments and go on claiming that
it is unassailed. The haystack argument is in dispute (I would
say refuted) so it is not a base to build on further, not until
it is accepted. But my argument is on this occassion not about
whether your haystack argument is valid, but what the
consequences of accepting it are.
> and instead makes the entirely different,
> irrelevant-to-the-haystack and also incorrect argument that if
> ITAR isn't perfect at keeping crypto from being exported it's
> useless. It is simple logical error to assert that if something
> isn't perfect it's useless and should be abandoned.
The relevancy is to the hidden agenda in USA crypto regulation.
As arms control the ITAR crypto provisions are useless. The
haystack argument (in dispute) does not effect the arms control
aspect. Even if the haystack argument is accepted, it is a
hidden agenda in ITAR and not an arms control measure.
> >> The national security
> >> apparatus has made a determination that preserving all those
> >> plaintext messages sent via US software systems in the overseas
> >> market is more valuable than satisfying the few Sutters of the
> >> world.
> >
> >I have seen you say put this view, but not seen any quote or
> >other indication that the NSA or other agency have gone public on
> >it themselves. This seems to be a new claim from you.
>
> It's a reasonable man inference from the legislative history. The proof is
> the state of the law--the legislators have refused thus far to modify it
> to take account of the Sutters of the world. Thus the inference is
> perfectly straightforward.
I accept your argument that it can be inferred (though not the
inference itself), but the quote above, "The national security
apparatus has made a determination" is not an announcement that
you have inferred something (which others have disputed with you)
but that the NSA/etc have themselves come to this decision. How
do you know? If it is just your inference, you went too far in
the statement I quote, which is using your inference about what
they think as evidence to support your inference, circular logic
if I ever saw it.
> >> I am sympathetic to that argument
> >
> >The problem with that argument, leaving aside the counter
> >argument that has been put several times and which you seem
> >determined not to take into account,
>
> a false statement of the discussion to date--see above
Above you say your haystack argument has been ignored. I say it
has been refuted, several times, and you are ignoring that.
Shall we move on?
> > is that the ITAR provisions
> >are supposed to be about keeping arms out of the hands of
> >enemies, not making it easy to read the everyday communications
> >of your friends.
>
> And where do you find that in the langugage of the law or the
> legislative history, pray tell? It's something you're inventing
> out of whole cloth so that you can then use it as a given in
> argumentation. It is by no means a given.
It is what arms control means. Do you hold the position that
"arms control" means "facilitation of commercial espionage"? Do
you think the US legislature would pass a bill that was openly
and avowedly designed to facilitate commercial espionage? You
are using this aspect of the effect of ITAR on crypto to justify
its continued value. What is the continued value of the ITAR
restrictions on crypto _as_arms_control_?
My point is that your haystack argument is itself an argument for
the fact that there is a hidden agenda in USA crypto control
legislation. If the haystack argument is accepted, the hidden
agenda must be accepted.
> >You can make an argument that encryption is a weapon in the hands
> >of foreign armies, diplomats, or spies but not when it is in the
> >hands of your commercial business partners overseas. The ITAR
> >regs by your argument, keep encryption out of the hands of
> >foreign businesses, purely on the convenience factor of it not
> >being integrated into common software, but have no effect on the
> >ability of foreign armies, diplomats, and spies to get strong
> >encryption from the USA.
>
> Since I reject your assertion that ITAR is only to keep weapons out
> of the hands of enemies, the above collapses as a logical argument.
If you reject the assertion that legislation passed under the
heading of arms control and presented to the US population as
arms control is only supposed to be _about_ arms control, then
you are accepting that there is a hidden agenda.
That was the point I wanted you to accept. Now we can get on to
the business of worrying about all the other aspects of the
hidden agenda in crypto regulation without you continually
claiming that there is none, that the state cannot be proven to
have suppoorted one, and all that smoke.
> >Why is the US government using arms control laws to aid
> >commercial and information gathering? It is another example of
> >the hidden agenda in the ITAR regs. I would like to see any
> >government announcement that this is their purpose. It seems to
> >me that they can't announce it without revealing that the arms
> >control excuse is bogus as far as encryption is concerned.
>
> Can you say "multiple objectives"?
Can you say "hidden agenda"?
The legislation is presented and defended on the basis of denying
arms to possible enemies. It is a stretch to get crypto covered
by that at all. Now we find that it isn't about use by enemies,
you just want to read everyone's mail, all the time, enemy or
friend, and the fact that the legislation is useless at keeping
strong crypto out of the hands of actual enemies is no longer the
point. That is a hidden agenda. You cannot use it as an excuse
for ITAR crypto regs without accepting it as evidence of a hidden
agenda.
> >The hidden agenda has to remain hidden or it gives away the fact
> >that they are using arms control excuses not to deny arms to the
> >enemy, but to make it easier to spy on the commerce of their
> >friends.
>
> There is nothing hidden about economic intelligence.
It is not arms control. I don't claim that economic intelligence
is hidden, I claim that the legislation used to enable and
facilitate it is hidden in an arms control law, which has never
been presented to the American people as "The Facilitation of
Commercial Espionage Bill".
> It is widely
> discussed the the public press, and there have been any number of
> governmental and non-governmental papers published on the topic.
Not the issue. I accept that you spy on commerce. It isn't arms
control.
> That you
> aren't familiar with them speaks to your own uh, er, um, lack of
> current awareness, not the state of the policy debate.
Standard gratuitous two line dig to close. Did you know you are
becoming predictable? It is a bad sign in one who relies on
clever intellectual footwork.
David Sternlight
>In article <david-09099...@192.0.2.1>
> da...@sternlight.com "David Sternlight" writes:
>
>> You are ignoring the discussion to date.
>
>Much of which has been refutation of your support for ITAR.
Not so. It's mostly been a straw man side sequence which ignores the
needle in the haystack argument and instead makes the entirely different,
irrelevant-to-the-haystack and also incorrect argument that if ITAR isn't
perfect at keeping crypto from being exported it's useless. It is simple
logical error to assert that if something isn't perfect it's useless and
should be abandoned.
>
>> The national security
>> apparatus has made a determination that preserving all those
>> plaintext messages sent via US software systems in the overseas
>> market is more valuable than satisfying the few Sutters of the
>> world.
>
>I have seen you say put this view, but not seen any quote or
>other indication that the NSA or other agency have gone public on
>it themselves. This seems to be a new claim from you.
It's a reasonable man inference from the legislative history. The proof is
the state of the law--the legislators have refused thus far to modify it
to take account of the Sutters of the world. Thus the inference is
perfectly straightforward.
>
>> I am sympathetic to that argument
>
>The problem with that argument, leaving aside the counter
>argument that has been put several times and which you seem
>determined not to take into account,
a false statement of the discussion to date--see above
> is that the ITAR provisions
>are supposed to be about keeping arms out of the hands of
>enemies, not making it easy to read the everyday communications
>of your friends.
And where do you find that in the langugage of the law or the legislative
history, pray tell? It's something you're inventing out of whole cloth so
that you can then use it as a given in argumentation. It is by no means a
given.
>
>You can make an argument that encryption is a weapon in the hands
>of foreign armies, diplomats, or spies but not when it is in the
>hands of your commercial business partners overseas. The ITAR
>regs by your argument, keep encryption out of the hands of
>foreign businesses, purely on the convenience factor of it not
>being integrated into common software, but have no effect on the
>ability of foreign armies, diplomats, and spies to get strong
>encryption from the USA.
Since I reject your assertion that ITAR is only to keep weapons out of the
hands of enemies, the above collapses as a logical argument.
>
>Why is the US government using arms control laws to aid
>commercial and information gathering? It is another example of
>the hidden agenda in the ITAR regs. I would like to see any
>government announcement that this is their purpose. It seems to
>me that they can't announce it without revealing that the arms
>control excuse is bogus as far as encryption is concerned.
Can you say "multiple objectives"?
>
>The hidden agenda has to remain hidden or it gives away the fact
>that they are using arms control excuses not to deny arms to the
>enemy, but to make it easier to spy on the commerce of their
>friends.
There is nothing hidden about economic intelligence. It is widely
discussed the the public press, and there have been any number of
governmental and non-governmental papers published on the topic. That you
aren't familiar with them speaks to your own uh, er, um, lack of current
awareness, not the state of the policy debate.
David
Alan Lovejoy
(Charlie Mingo) writes:
>
>In article <42riho$a...@ixnews4.ix.netcom.com>, love...@ix.netcom.com
>(Alan Lovejoy ) wrote:
>
>>>If we ever concluded that there was only going to be, at most, one
(1)
>>>murder committed in the future, we would no longer assign tens of
>>>thousands of policemen to investigate homicide, because they would
no
>>>longer have anything to do. The size of your local homicide team is
>>>directly related to the local murder rate.
>>
>>I don't disagree with your point per se, but it misses the point of
>>what I was trying to say. I wasn't arguing that society would
>>necessarily decide to spend a constant amount of money on homicide
>>prevention regardless of the murder rate. My point was rather that
>>society would not condider that spending resources on the prevention
of
>>homicide would be pointless or completely wasted as long as at least
>>one life might thereby be saved.
>
>You seem to have missed the point yourself: is your claim that, as
long as
>a single life is saved, the resources won't be COMPLETELY wasted?
That
>may be true, but society doesn't care whether resources are COMPLETELY
>wasted, but rather on whether they could more usefully be employed
>elsewhere.
But it's not an all or nothing choice. The allocation of resources
can vary continuously with the perceived level of threat. This is why
your point was both valid and non-sequitur.
>If we ever were in a situation where there was at most one (1) murder
>possible, then preventing murder would be assigned the same relatively
low
>priority we assign to (say) preventing death by bee-stings.
Actually, it would vary also based on the importance of the individual
to be protected. More might be allocated to the protection of heads
of state, for instance.
Of course, once a person has been murdered, there is no more point
to allocating any resources at all to the protection of that person's
life.
The secret life of PKC is already dead and buried. The
anti-assasination squad deployed around the dead body is a waste of
resources.
>>That statement in no way implies that a single breach would always
>>result in the barrier becoming moot, but only that even just one
>>breach has the potential to do so.
>
>The export control people don't care so much as to whether the
barriers
>have the POTENTIAL of becoming moot, but whether they have ACTUALLY
become
>so. As long as there is a possibility that a one-time-exported
technology
>would not become widely available abroad, they can logically claim
that
>the controls serve a purpose.
>
>Think about it: if you are trying to keep something secret, and you
know
>that at least one outside person has found it out, you will not ASSUME
>that your secret has become widely known. Rather, you would wait to
see
>if this has acually happened, and if not you would continue to keep
the
>secret.
Your analysis is only valid from a short-term, non-strategic point of
view. Over the next ten years or so, if we assume this strategy
"works" in that US companies don't sell strong crypto to foreigners,
the price that the US will pay for this short-sighted strategy will
definitely not be worth the cost to domestic industry. Much more
likely, US companies will simply manufacture these products overseas,
costing US jobs but not much else.
Keeping the export ban on strong crypto in force until the world is
already flooded with strong crypto products is analogous to keeping
that anti-assassination squad in place around the dead body until it
rots. Checkmate has already been announced. To force everyone to play
the game to the bitter end is just a senseless waste of resources.
Alan Lovejoy
Sternlight) writes:
>
>In article <42qbd6$e...@ixnews6.ix.netcom.com>, love...@ix.netcom.com
>(Alan Lovejoy ) wrote:
>
>>Those who find themselves in Herb Sutter's situation will simply have
>>the software they need and want developed in India or some other
>>free country.
>
>Probably true except for the totally gratuitous ideological slur of
"free"
>country. If you think that India is a "free" country compared to the
U.S.
>you don't know much about India.
I had every intention of making an ideological slur. The US governemnt
has earned them in full measure for its disemboweling of the
Constitution.
I was fully aware that India is on balance not as free as the US. The
point is that at least in this one area it is a freer country than the
US.
>>ITAR actually hurts national security: It gives foreigners the
>>impression that Americans--or at least the American national security
>>apparatus--isn't very bright. This could lead to very dangerous
>>miscalculations.
>
>You are ignoring the discussion to date. The national security
apparatus
>has made a determination that preserving all those plaintext messages
sent
>via US software systems in the overseas market is more valuable than
>satisfying the few Sutters of the world. What is more, they have
convinced
>successive administrations and Congresses of both parties of the
validity
>of their assertions, since that is still the state of the law and
attempts
>to change it have, to date, failed. I am sympathetic to that
argument--it
>makes logical sense to anyone who has read the many books on the
history
>of intelligence and the kinds of successes through putting pieces of
>innocent-seeming open information together.
>
>Even if you come to a different assessment than I do, the government
is
>behaving rationally, and the charge of "not very bright" is yet
another
>one arising out of either ignorance or malice, not logic.
>
>Perhaps you'd like to enter into an adult discussion of this topic. If
>not, you're wasting your time and ours.
>
>David
David, have I made any ad-hominem attacks against you or any other
poster? I can get rather vitriolic against policies I don't like, but I
try to avoid turning it into a personal thing. Unless you are the
author of said policy, why would you take such attacks personally?
The intelligence value of being able to read all that foreign message
traffic is rather obvious. Current policy may preserve that advantage
for a few more years. The cost, however, is high. First of all,
there is the damage to US competetiveness. Secondly, it is one more
case where the Constitution is being sacrificed on the altar of
national security. If we can't accept the idea that the Constitution
must be respected no matter what, then what's the point of protecting
national security? Whose security are we then protecting? You can't
defend freedom by making your Constitution null and void, merely a
document to be obeyed at your convenience.
Rahul Dhesi
>...app being developed in Canada...
>but which...requires security -- a
>public-key system for session authentication, and a private cipher system for
>session keys. The issue is that all sites must be compatible and able to talk
>to each other, meaning consistent encryption...
>So, then, what are my options?
sprint(buf, "pgp %s <%s >%s", options, infile, outfile);
status = system(buf);
--
Rahul Dhesi <dh...@rahul.net>
"please ignore Dhesi" -- Mark Crispin <m...@CAC.Washington.EDU>
David Sternlight
(Alan Lovejoy ) wrote:
>We are in agreement! My post was intended as "political advocacy", as
>you call it, and not a statement of the de facto law.
>
>I am completely guilty of stating what I think should be. I fully
>recognize that the freedoms the Constitution says I have are in
>fact in dispute. This concerns me greatly, to say the least!
That's very helpful, since everyone has the right to his opinion. Your
example would serve many of us well in avoiding flame wars when they are
caused by opinion about matters in dispute, presented as fact.
Just a small bit of trim tabbing here, though. Perhaps you mean 'the
freedoms I think the Constitution says I have', since it is precisely what
some of these are which is in dispute right up to the Supreme Court. Often
the dispute is the result of using imprecise language--for example the
famous "right to privacy", which seems to mean whatever the speaker of the
moment here wants it to mean.
Best;
David
--
This writer now uses author filters. Posters with low signal to noise ratio are no longer read. Silence thus does not constitute assent.
Alan Lovejoy
>
>David
David Sternlight
>In article <david-10099...@192.0.2.1>
> da...@sternlight.com "David Sternlight" writes:
>
>> In article <810695...@mist.demon.co.uk>, io...@mist.demon.co.uk wrote:
>>
>> >In article <david-09099...@192.0.2.1>
>> > da...@sternlight.com "David Sternlight" writes:
>> >
>> >> You are ignoring the discussion to date.
>> >
>> >Much of which has been refutation of your support for ITAR.
>>
>> Not so. It's mostly been a straw man side sequence which ignores the
>> needle in the haystack argument
>
>I have posted a strong refutation of your haystack argument at
>least twice. The first time you did not respond to it at all.
>The second time you dismissed it with "nice try". I have seen
>other posts from other people also dealing with your haystack
>argument and pointing out that it will not hold once *any* form
>of crypto, even the government mandated escrowed stuff, is
>integrated into mainstream software.
I have refuted your argument in detail at least once. On first reading it
isn't consistent but since you keep insisting on it, I posted a detailed
refutation. Your statement that I didn't is false.
>
>You cannot claim that your haystack argument has been ignored.
>Nor can you ignore the counter arguments and go on claiming that
>it is unassailed. The haystack argument is in dispute (I would
>say refuted) so it is not a base to build on further, not until
>it is accepted. But my argument is on this occassion not about
>whether your haystack argument is valid, but what the
>consequences of accepting it are.
Chin music. I'm happy to go through this yet again for you if you like.
Repost a paraphrased version (I already dealt with the original one) of
your argument, and I'll post a paraphrased version of the refutation. That
will be twice and if you then persist, without refuting the refutation, it
is you who will be shown to be ignoring posts here for your own propaganda
purposes.
>
>> and instead makes the entirely different,
>> irrelevant-to-the-haystack and also incorrect argument that if
>> ITAR isn't perfect at keeping crypto from being exported it's
>> useless. It is simple logical error to assert that if something
>> isn't perfect it's useless and should be abandoned.
>
>The relevancy is to the hidden agenda in USA crypto regulation.
There is no hidden agenda. The assertion there is is propaganda invention
for which no evidence has been adduced.
>
>As arms control the ITAR crypto provisions are useless. The
>haystack argument (in dispute) does not effect the arms control
>aspect. Even if the haystack argument is accepted, it is a
>hidden agenda in ITAR and not an arms control measure.
You continue to ignore my posts and play your monotone. I have responded
that what you claim is a "hidden agenda" is quite overt and the product of
many published studies and white papers in and out of government--namely
economic intelligence and economic security. Can you not read?
>> a false statement of the discussion to date--see above
>
>Above you say your haystack argument has been ignored. I say it
>has been refuted, several times, and you are ignoring that.
>Shall we move on?
No. You posted a claimed refutation, and I refuted that. Thus your
statement as to the state of the discussion is false.
>
>> > is that the ITAR provisions
>> >are supposed to be about keeping arms out of the hands of
>> >enemies, not making it easy to read the everyday communications
>> >of your friends.
>>
>> And where do you find that in the langugage of the law or the
>> legislative history, pray tell? It's something you're inventing
>> out of whole cloth so that you can then use it as a given in
>> argumentation. It is by no means a given.
>
>It is what arms control means. Do you hold the position that
>"arms control" means "facilitation of commercial espionage"?
You seem to continue to make up as you go, out of whole cloth. ITAR isn't
"arms control" it is "international traffic in arms regulation". That's
what the title says.
>Do
>you think the US legislature would pass a bill that was openly
>and avowedly designed to facilitate commercial espionage?
"Commercial intelligence" was what I said. Again you distort my words in
aid of your own propaganda screed. Have you no shame?
>
>My point is that your haystack argument is itself an argument for
>the fact that there is a hidden agenda in USA crypto control
>legislation. If the haystack argument is accepted, the hidden
>agenda must be accepted.
Nothing hidden about it. Read my lips: "economic intelligence". Perfectly
overt and widely practiced. If you don't know the difference between
intelligence and espionage then you are in deep trouble with respect to
your ability to think about these issues.
>The legislation is presented and defended on the basis of denying
>arms to possible enemies.
Nope. Not the only basis. Where did you get this statement anyway? Made it
up? Hearsay? Repeating what someone else said? Find it in the legislative
history or the law itself please, or stop making stuff up.
>> There is nothing hidden about economic intelligence.
>
>It is not arms control. I don't claim that economic intelligence
>is hidden, I claim that the legislation used to enable and
>facilitate it is hidden in an arms control law, which has never
>been presented to the American people as "The Facilitation of
>Commercial Espionage Bill".
Seems to me you are falsifying what I said, and within a few lines. I say
"economic intelligence" and you act as if I've said "commercial
espionage". How brazen can you get?
>> That you
>> aren't familiar with them speaks to your own uh, er, um, lack of
>> current awareness, not the state of the policy debate.
>
>Standard gratuitous two line dig to close. Did you know you are
>becoming predictable? It is a bad sign in one who relies on
>clever intellectual footwork.
Nope. I say you show your ignorance of the extensive policy debate on
economic intelligence in the US, both by the government and by many
distinguished think tanks. I'll betcha the British Institute for Strategic
Studies in London has also addressed this issue. I am making a substantive
point about your statements. Instead of acknowledging your lack of
information and moving on, you seemingly attempt to hide it by
misclassifying my comment as a "dig". It's not.
Many readers here have spend much time on the policy discussions, and are
aware of their status. You, clearly, are not and instead of shutting up
and doing your homework you throw around what I think to be slurs,
misrepresentations, ignorance, and outright false statements. Read the
preceeding sentence as substantive--each word refers to specific acts of
yours documented in this reply via quotes of your own material. It is not
a "dig" but an accurate description of the substance of your material.
Deal with it!
David
P.S. I'm gonna start using a new version of Newswatcher with kill file
capability. I simply can't take the time for some of the nonsense
consistently associated with some here. As usual, I invite anyone who
doesn't wish to read my stuff to kill file me as they wish. It's your
right, and I take no offense from it.
William Unruh
>You continue to ignore my posts and play your monotone. I have responded
>that what you claim is a "hidden agenda" is quite overt and the product of
>many published studies and white papers in and out of government--namely
>economic intelligence and economic security. Can you not read?
....
>You seem to continue to make up as you go, out of whole cloth. ITAR isn't
>"arms control" it is "international traffic in arms regulation". That's
>what the title says.
If what you say is correct, that the crypto provisions are kept in ITAR
for economic reasons, then they don't belong there at all. As you point
out, ITAR is trade in arms, not all trade, or economic competition.
If the gov't really felt that they had a legitimate concern re economic
security and intelligence, they should design a bill to incorporate just
those concerns, and not try to hide it in a bill designed to further
the physical (not economic) security of the country.
At least then one could argue the position on the real grounds, and not
have it obfuscated by concerns about the physical security of the
country.
--
Bill Unruh
un...@physics.ubc.ca
David Sternlight
(Alan Lovejoy ) wrote:
>I had every intention of making an ideological slur. The US governemnt
>has earned them in full measure for its disemboweling of the
>Constitution.
>
>I was fully aware that India is on balance not as free as the US. The
>point is that at least in this one area it is a freer country than the
>US.
Is it? Are you at familiar with crypto laws in India, or are you pulling
something out of thin air? Your e-mail would suggest the latter. In the
interests of harmony I'd have ignored the above comment of yours, but it's
critical to what I have to say below.
>
>David, have I made any ad-hominem attacks against you or any other
>poster? I can get rather vitriolic against policies I don't like, but I
>try to avoid turning it into a personal thing. Unless you are the
>author of said policy, why would you take such attacks personally?
I don't take it personally, but I point out a tone which I find
infelicitous to rational policy discussion--the pseudo-speciation and
subsequent defamation of the Government. Unlike some countries, in the US
the government is "us" and if we don't like it we impeach people, vote
them out of office, etc. I have visited the Soviet Union many times, and
worked to improve conditions is developing countries, and I must tell you
that you should kiss the ground on which you walk in the US. Those who are
raised here, never see other systems, and are pretty much spoiled by
having a lot paid for by their parents or the government as they grow up
offend me when they turn and then attack that government not for specific
wrongs (which should always be pointed out and remedied) but in the way I
just mention--pseudospeciatively and in a hostile manner.
I am neither jingoist nor blind, but I recognize what we have here that's
precious, unlike some posters. In the American tradition the government is
"us" not "them". Rights here, as some never tire of properly pointing out,
are granted to us by ourselves as a collective people (as in "We, the
people"), using the government as our collective instrument.
(Note that that doesn't mean (as some would like) it's an individual
instrument. YOU don't have the right to go into the White House Oval
Office uninvited, for example.)
>
>The intelligence value of being able to read all that foreign message
>traffic is rather obvious. Current policy may preserve that advantage
>for a few more years. The cost, however, is high. First of all,
>there is the damage to US competetiveness.
Lots of assertion, little evidence on the latter point from posters here.
Even if there is some damage, it must be traded off against the benefits
to the country of reading such traffic for as long as it lasts.
> Secondly, it is one more
>case where the Constitution is being sacrificed on the altar of
>national security. If we can't accept the idea that the Constitution
>must be respected no matter what, then what's the point of protecting
>national security? Whose security are we then protecting? You can't
>defend freedom by making your Constitution null and void, merely a
>document to be obeyed at your convenience.
That ITAR is unconstitutional is an assertion. It is not by any means a
consensus, and the legal system has not ruled on the matter, except to the
extent it has been silent and thus permits it thus far. If you THINK it's
unconstitutional there are clear paths, within the American system, to
test that if you think it important enough so to do (i.e. put your money
where your mouth is--nothing personal).
That big, rich software companies have not mounted a Constitutional court
test (i.e. put _their_ money where their mouth is) suggests to me some
combination of:
1. Not that much is _really_ involved competitively--talk is cheap;
lawyers aren't.
2. They think they'd lose a Constitutional test in court.
Iolo Davidson
important. In it, David Sternlight responds to everything but
the issue I have raised, my contention that his "needle in the
haystack" justification of ITAR is in itself evidence that there
is currently a hidden agenda in place in USA legislation of
crypto.
In article <david-10099...@192.0.2.1>
da...@sternlight.com "David Sternlight" writes:
> In article <810730...@mist.demon.co.uk>, io...@mist.demon.co.uk wrote:
>
> >In article <david-10099...@192.0.2.1>
> > da...@sternlight.com "David Sternlight" writes:
> >
> >> In article <810695...@mist.demon.co.uk>, io...@mist.demon.co.uk wrote:
> >>
> >> >In article <david-09099...@192.0.2.1>
> >> > da...@sternlight.com "David Sternlight" writes:
> >> >
> >> >> You are ignoring the discussion to date.
> >> >
> >> >Much of which has been refutation of your support for ITAR.
> >>
> >> Not so. It's mostly been a straw man side sequence which ignores the
> >> needle in the haystack argument
> >
> >I have posted a strong refutation of your haystack argument at
> >least twice. The first time you did not respond to it at all.
> >The second time you dismissed it with "nice try". I have seen
> >other posts from other people also dealing with your haystack
> >argument and pointing out that it will not hold once *any* form
> >of crypto, even the government mandated escrowed stuff, is
> >integrated into mainstream software.
>
> I have refuted your argument in detail at least once. On first reading it
> isn't consistent but since you keep insisting on it, I posted a detailed
> refutation. Your statement that I didn't is false.
I take this as an admission that you did not respond the first
time you saw it. I do not accept that you refuted it at all on
the second occasion I posted it, although I agree that you
attempted to do so, and summed up your attempt with a "nice try"
comment, as if you had indeed refuted it.
Your statement above that your haystack argument has been ignored
is the false statement. The haystack argument has received a lot
of discussion, much of which you seem to have ignored.
> >You cannot claim that your haystack argument has been ignored.
> >Nor can you ignore the counter arguments and go on claiming that
> >it is unassailed. The haystack argument is in dispute (I would
> >say refuted) so it is not a base to build on further, not until
> >it is accepted. But my argument is on this occassion not about
> >whether your haystack argument is valid, but what the
> >consequences of accepting it are.
>
> Chin music. I'm happy to go through this yet again for you if you
> like. Repost a paraphrased version (I already dealt with the
> original one) of your argument, and I'll post a paraphrased
> version of the refutation.
Not the original, but the second.
I have already posted a follow-up to what you call your
refutation, to which you did not respond. You refusal to
respond does not constitute the end of the dispute.
> That will be twice and if you then
> persist, without refuting the refutation, it is you who will be
> shown to be ignoring posts here for your own propaganda purposes.
I have refuted the refutation. So far I have posted once on the
subject without a reply from you, once with reply, and once
without reply again. It seems that I must post twice as often as
you or you will not deal with the points I raise.
It remains in dispute. I do not accept that your "chin music" on
the last occasion refuted it, nor that the dispute is over.
> >> and instead makes the entirely different,
> >> irrelevant-to-the-haystack and also incorrect argument that if
> >> ITAR isn't perfect at keeping crypto from being exported it's
> >> useless. It is simple logical error to assert that if something
> >> isn't perfect it's useless and should be abandoned.
> >
> >The relevancy is to the hidden agenda in USA crypto regulation.
>
> There is no hidden agenda. The assertion there is is propaganda
> invention for which no evidence has been adduced.
The evidence is your own often trumpeted haystack argument. You
cannot have the haystack argument, which justifies ITAR on the
basis that it facilitates commercial and economic intelligence
gathering of everyday traffic, and still maintain that ITAR or US
crypto legislation in general does not have a hidden agenda.
You have said yourself that the evidence for your haystack
justification is inferred. Since there appears to be nothing in
the bill that openly states the purpose of facilitating
commercial and economic intelligence gathering, that purpose is
hidden. Your own argument supports a hidden agenda as the
justification for ITAR.
> >As arms control the ITAR crypto provisions are useless. The
> >haystack argument (in dispute) does not effect the arms control
> >aspect. Even if the haystack argument is accepted, it is a
> >hidden agenda in ITAR and not an arms control measure.
>
> You continue to ignore my posts and play your monotone.
I am covering your current post point by point, as I did in my
last reply. Pay attention. I am making a link between your
contention that the value of commercial and economic espionage in
traffic which remains unencrypted by virtue of ITAR regulations
effectively keeping mainstream software from using encryption
justifies ITAR, and the issue of the hidden agenda in USA crypto
legislation.
I don't have to accept your haystack contention in order to show
that it is itself an argument that the hidden agenda exists.
> I have responded
> that what you claim is a "hidden agenda" is quite overt and the product of
> many published studies and white papers in and out of government--namely
> economic intelligence and economic security. Can you not read?
I can read, and I can see exactly how you are trying to sidestep
the point at issue. The point at issue is not whether such
intelligence gathering is overt or hidden, but whether it is
openly stated as one of the purposes of ITAR.
Where in the bill is there any mention of ITAR being designed to
facilitate commercial and economic intelligence gathering?
Yes, I know the NSA and other agencies do this kind of thing, but
that is not the issue. The issue is whether legislation to make
it easy for them to do it is disguised as a measure for control
of arms traffic.
No flummery about how the fact that the security agencies are
open about whatever they do will cover the fact that the ITAR
legislation presents itself in terms of control of arms, and not
as a bill to enable of facilitate commercial and economic
espionage.
If this purpose exists, or if this is the justification for the
continuation of this law when the arms control aspect has been
shown to be bogus and useless where cryptography is concerned,
then it is a hidden purpose, and evidence of a hidden agenda.
> >> a false statement of the discussion to date--see above
> >
> >Above you say your haystack argument has been ignored. I say it
> >has been refuted, several times, and you are ignoring that.
> >Shall we move on?
>
> No. You posted a claimed refutation, and I refuted that. Thus your
> statement as to the state of the discussion is false.
My statement is that the matter is still in dispute. The fact
that you think you are right is not the end of the matter. On
this occasion, I am not disputing the haystack argument itself,
but demonstrating that your own haystack argument is itself an
acceptance that there is a hidden agenda in US crypto
legislation.
> >> > is that the ITAR provisions
> >> >are supposed to be about keeping arms out of the hands of
> >> >enemies, not making it easy to read the everyday communications
> >> >of your friends.
> >>
> >> And where do you find that in the langugage of the law or the
> >> legislative history, pray tell? It's something you're inventing
> >> out of whole cloth so that you can then use it as a given in
> >> argumentation. It is by no means a given.
> >
> >It is what arms control means. Do you hold the position that
> >"arms control" means "facilitation of commercial espionage"?
>
> You seem to continue to make up as you go, out of whole cloth. ITAR isn't
> "arms control" it is "international traffic in arms regulation". That's
> what the title says.
Thank you. Since we are down to arguing the exact wording, and
you don't accept that "international traffic in arms regulation"
is about arms control, I will rephrase the above question, which
I am sure everyone else understood, to read:
Do you hold the position that "international traffic in arms
regulation" means "facilitation of the gathering of commercial
and economic intelligence from trading partners, allies and
friends, including totally legal confidential business
transactions and trade secrets"?
> "Commercial intelligence" was what I said. Again you distort my words in
> aid of your own propaganda screed. Have you no shame?
I have no shame, stipulated. My lack of shame is not the issue.
I call attention to your attempt to divert the argument by an ad
hominem attack.
Again, I further restate the question to suit your very narrow
requirements:
Do you think the US legislature would pass a bill that was openly
and avowedly designed to facilitate the gathering of commercial
and economic intelligence from your trading partners, allies and
friends, including totally legal confidential business
transactions and trade secrets?
Do you think that the phrase "international traffic in arms
regulation" describes such a law?
To anticipate your next wriggle, you have already conceded that
ITAR does nothing to keep strong crypto out of the hands of those
whose commercial transactions are in armament, or anyone else who
has a reason to use it more compelling than the inconvenience of
not having it integrated into their word processor.
> >My point is that your haystack argument is itself an argument for
> >the fact that there is a hidden agenda in USA crypto control
> >legislation. If the haystack argument is accepted, the hidden
> >agenda must be accepted.
>
> Nothing hidden about it. Read my lips: "economic intelligence".
> Perfectly overt and widely practiced.
But not an openly stated objective of ITAR. I have not said
that the practice is hidden, only that it is not the published
justification of ITAR. I don't even have to read the bill. If
this was in ITAR, you would have cited the reference yourself,
rather than your inference that it is the remaining sensible
justification of ITAR. If it is such a justification, it is an
unpublished, and therefore hidden justification. That is a
hidden agenda.
> If you don't know the difference between
> intelligence and espionage then you are in deep trouble with respect to
> your ability to think about these issues.
I am not the one in trouble if your whole defence rests on the
difference between these two words.
Where in the ITAR legislation is the facilitation or enabling of
the gathering of commercial and economic intelligence openly
stated as a reason or justification for the measures in the bill?
If you cannot show that the bill was openly designed for such a
purpose, then the purpose is hidden, and it therefore represents
the hidden agenda already in place in current USA crypto
legislation.
> >The legislation is presented and defended on the basis of denying
> >arms to possible enemies.
>
> Nope. Not the only basis. Where did you get this statement
> anyway? Made it up? Hearsay? Repeating what someone else said?
> Find it in the legislative history or the law itself please, or
> stop making stuff up.
I found this in the same manner that you say you discovered the
haystack defence, by inference. I infer that there is no mention
of the bill having the purpose of facilitating the gathering of
economic and commercial intelligence, or you would have used it
to support your haystack argument, by saying "look, here is the
evidence, in the bill, that the haystack justification is the
reason for ITARs regulation of crypto". You may post such
evidence at any time.
It is not possible to find the *absence* of any particular
statement in a bill and post its *absence* without posting the
entire bill. I am surprised that you make such a demand, when it
can so easily be shown to be an impossible task. I think it
better that you obtain a copy of the bill yourself, and find the
statement that refutes my contention that it is not there.
I don't think you can. If you could, you would have posted it
already, in support of your own haystack argument.
I note also that you have clipped from this message a line of
your own which I had quoted in my previous response. That line
was:
> > Can you say "multiple objectives"?
I take this as an assertion and acceptance by you that ITAR has
more than one purpose or objective. The question is, does it
have a purpose or objective which is not openly stated? As you
have stated that your haystack defence of ITAR is derived by
inference, I infer that it is not openly stated in the
legislation.
Therefore, when you hold that the haystack is the true purpose
for ITAR regulation of crypto, then you are also holding that
ITAR is justified by a hidden purpose.
> >> There is nothing hidden about economic intelligence.
> >
> >It is not arms control. I don't claim that economic intelligence
> >is hidden, I claim that the legislation used to enable and
> >facilitate it is hidden in an arms control law, which has never
> >been presented to the American people as "The Facilitation of
> >Commercial Espionage Bill".
>
> Seems to me you are falsifying what I said, and within a few lines.
> I say "economic intelligence" and you act as if I've said
> "commercial espionage". How brazen can you get?
As one of those being spied upon, I regard your "intelligence
gathering" as spying on me and my countrymen. No doubt it is a
question of perspective. I also note that you are using minor
quibbles over wording to avoid answering the question. Here it
is again, restated to conform to your narrow requirements.
Please answer it this time:
Do you think the US legislature would pass a bill that was openly
and avowedly designed to facilitate the gathering of commercial
and economic intelligence from your trading partners, allies and
friends, including totally legal confidential business
transactions and trade secrets?
> >> That you
> >> aren't familiar with them speaks to your own uh, er, um, lack of
> >> current awareness, not the state of the policy debate.
> >
> >Standard gratuitous two line dig to close. Did you know you are
> >becoming predictable? It is a bad sign in one who relies on
> >clever intellectual footwork.
>
> Nope. I say you show your ignorance of the extensive policy debate on
> economic intelligence in the US, both by the government and by many
> distinguished think tanks.
This is not the issue. I have accepted several times that
security agencies indulge in such intelligence gathering, and I
stipulate that they are open about it. The question is "Is it
an openly stated objective in the ITAR bill?"
This is the question I would like you to answer. Or anyone. I
am prepared to be proven wrong. If I am wrong, it ought to be
easy to conclusively demonstrate the fact.
If it is not an openly stated objective of ITAR, then every time
you argue that your haystack defence justifies ITAR, you are
yourself arguing that there is a hidden agenda, and that ITAR is
justified by the needs of that hidden agenda.
> I'll betcha the British Institute for Strategic
> Studies in London has also addressed this issue.
Now if I wished to be rude to you, I might reply along the lines
of, "Where did you get this statement anyway? Made it up?
Hearsay? Repeating what someone else said?"
But I couldn't care less. It has nothing to do with whether the
facilitation of commercial and economic intelligence gathering is
a stated purpose of ITAR or not.
> I am making a substantive
> point about your statements. Instead of acknowledging your lack of
> information and moving on, you seemingly attempt to hide it by
> misclassifying my comment as a "dig". It's not.
Your comment was a dig. You end almost all your messages with a
little two line dig. Maybe you don't realise you are doing it,
in which case I would suggest you review your message style.
> Many readers here have spend much time on the policy discussions, and are
> aware of their status. You, clearly, are not and instead of shutting up
> and doing your homework you throw around what I think to be slurs,
> misrepresentations, ignorance, and outright false statements.
I have been following the discussion closely, and contributing to
it. Your responses to myself and others indicate that there are
a number of issues that you cannot get rid of. You say you have
refuted them, others don't accept it. In the absence of some
independent referee, the only thing that can be said about these
issues is that they are undecided, still in dispute, still being
argued.
In this exchange, I am addressing a single point, while you
use every trick in the book to direct attention eleswhere.
Is the facilitation of commercial and economic intelligence
gathering an openly stated objective in the ITAR bill?
> Read the preceeding sentence as substantive--each word refers to
> specific acts of yours documented in this reply via quotes of
> your own material. It is not a "dig" but an accurate description
> of the substance of your material. Deal with it!
I have done. It is a load of minor quibbles about wording
designed to dodge the issue I am confronting you with. I have,
above, changed the wordings that you so object to, and would now
like you to attempt to answer the question.
> P.S. I'm gonna start using a new version of Newswatcher with kill file
> capability. I simply can't take the time for some of the nonsense
> consistently associated with some here. As usual, I invite anyone who
> doesn't wish to read my stuff to kill file me as they wish. It's your
> right, and I take no offense from it.
Yes, I can see that you have come to the conclusion that you
cannot deal with many of the arguments presented to you, and are
now retreating to the position of a year or so ago, where you
killfiled so many people that you were living in a world of your
own as far as usenet was concerned.
I point out that the moment you killfile any contributor to the
discussion, your own statement above where you claim that I have
not followed the discussion will apply to you.
If you refuse to address the issue I have raised, I will assume
that you cannot, and deem that I have demonstrated that the
commercial and economic intelligence gathering justification of
ITAR, as you champion it, is a hidden purpose in the bill, and
evidence that there is a hidden agenda already in place in USA
crypto legislation.
I do not intend to killfile you. I will respond to every
reiteration of your haystack defence of ITAR with my contention
that it is itself a demonstration of the hidden agenda in USA
crypto legislation. I will write a brief exposition of my
contention, in words that suit me, and post it every time I see
the word haystack. You cannot avoid this by failing to respond.
It really doesn't matter if you can no longer see my messages or
not. You are not who I am writing for. I have never had any
realistic hope of convincing you of anything, and I recognise
that fact.
I am giving you every opportunity to address the issue I have
raised, and other readers will draw their own conclusions when
you continue to fail to do so, as you failed to do in the post to
which I have just replied.
Arno Schaefer
: In article <810730...@mist.demon.co.uk>, io...@mist.demon.co.uk wrote:
: >It is what arms control means. Do you hold the position that
: >"arms control" means "facilitation of commercial espionage"?
: You seem to continue to make up as you go, out of whole cloth. ITAR isn't
: "arms control" it is "international traffic in arms regulation". That's
: what the title says.
I don't think that nitpicking will aid in this argument. What, pray tell,
is the basic difference between 'arms control' and 'arms traffic
regulation'?
: >My point is that your haystack argument is itself an argument for
: >the fact that there is a hidden agenda in USA crypto control
: >legislation. If the haystack argument is accepted, the hidden
: >agenda must be accepted.
: Nothing hidden about it. Read my lips: "economic intelligence". Perfectly
: overt and widely practiced. If you don't know the difference between
: intelligence and espionage then you are in deep trouble with respect to
: your ability to think about these issues.
Very easy. Intelligence is what one's own government does, espionage is
what other governments do. Same thing here in germany - after the fall
of the wall, spies from the former GDR were prosecuted, while spies from
the FRG went unharmed. I call this double standards.
: >The legislation is presented and defended on the basis of denying
: >arms to possible enemies.
: Nope. Not the only basis. Where did you get this statement anyway? Made it
: up? Hearsay? Repeating what someone else said? Find it in the legislative
: history or the law itself please, or stop making stuff up.
I find it quite obvious that a bill called 'international traffic in
arms regulation' should be about regulating the international traffic
in arms and not about commercial espionage (or intelligence, if you
like that better).
: Nope. I say you show your ignorance of the extensive policy debate on
: economic intelligence in the US, both by the government and by many
: distinguished think tanks. I'll betcha the British Institute for Strategic
: Studies in London has also addressed this issue. I am making a substantive
: point about your statements. Instead of acknowledging your lack of
: information and moving on, you seemingly attempt to hide it by
: misclassifying my comment as a "dig". It's not.
That's not the point. The point is not whether or not commercial intel-
ligence is a good thing (TM), but whether it should be hidden in a bill
about arms traffic.
: Many readers here have spend much time on the policy discussions, and are
: aware of their status.
This is not a policy discussion.
: P.S. I'm gonna start using a new version of Newswatcher with kill file
: capability. I simply can't take the time for some of the nonsense
: consistently associated with some here. As usual, I invite anyone who
: doesn't wish to read my stuff to kill file me as they wish. It's your
: right, and I take no offense from it.
Why don't you just say that you are not interested in this discussion
any more, instead of critizising your opponents' postings in such a
polemic way?
Arno
--
Arno Schaefer - Technische Hochschule Darmstadt, Fachbereich Informatik
scha...@rbg.informatik.th-darmstadt.de
The nice thing about Windows is - It does not just crash, it displays a
dialog box and lets you press 'OK' first.
Joe Francis
>That big, rich software companies have not mounted a Constitutional court
>test (i.e. put _their_ money where their mouth is) suggests to me some
>combination of:
>
>1. Not that much is _really_ involved competitively--talk is cheap;
>lawyers aren't.
>
>2. They think they'd lose a Constitutional test in court.
So? Believing that the Supreme Court would be likely to uphold the
constitutionality of ITAR does not imply believing that ITAR is right -
morally, economically, or otherwise. In such a case it seems that the
correct action is to express disaproval and stimulate public debate.
Isn't that precisely what they did at the NIST SonOfClipper workshop?
I should make clear that I don't know what those companies think.
Perhaps they do not sue because there is an ITAR suit already. Perhaps
they have even helped that suit or are party to it; I do not know.
--------------------------------------------------------------------------
I believe I have the right to speak any mathematics I want.
--------------------------------------------------------------------------
David Sternlight
Vast farrago of non-responsive nonsense omitted. The issue is simple.
Davidson claims to have refuted the "haystack" argument. I say he has not,
since I have refuted his refutation, and invite him to post a paraphrased
"refutation" yet again to which I will respond with a paraphrased
refutation of THAT. Instead of doing that he posts a long exegis on "you
didn't" "I did" etc. which is a huge waste of everybody's time.
>The evidence is your own often trumpeted haystack argument. You
>cannot have the haystack argument, which justifies ITAR on the
>basis that it facilitates commercial and economic intelligence
>gathering of everyday traffic, and still maintain that ITAR or US
>crypto legislation in general does not have a hidden agenda.
Thus is a total red herring. Whether there is a "hidden agenda" (as Iolo
claims) or not is totally irrelevant to the validity of the "haystack"
argument, which stands on its own.
>
>You have said yourself that the evidence for your haystack
>justification is inferred. Since there appears to be nothing in
>the bill that openly states the purpose of facilitating
>commercial and economic intelligence gathering, that purpose is
>hidden. Your own argument supports a hidden agenda as the
>justification for ITAR.
Read my lips. The "haystack" argument is that right now much of the world
uses US software and posts in cleartext as a consequence. Revising ITAR to
permit transparent inclusion of "hard" crypto in such exported software
would convert the vast body of such plaintext traffic to
harder-to-deal-with encrypted traffic. This is not a "good thing" from the
point of view of the Intelligence Community. That's IT! Nothing about
agendas, hidden or not. It's simple logic.
>
>I am covering your current post point by point, as I did in my
>last reply. Pay attention. I am making a link between your
>contention that the value of commercial and economic espionage in
>traffic which remains unencrypted by virtue of ITAR regulations
>effectively keeping mainstream software from using encryption
>justifies ITAR,
Claiming there is a hidden agenda has nothing to do with the validity of
the haystack argument, and does not refute the haystack argument. Thus
your claim to have refuted it (your words) is bogus.
>and the issue of the hidden agenda in USA crypto
>legislation.
>
>I don't have to accept your haystack contention in order to show
>that it is itself an argument that the hidden agenda exists.
Here you come as close as I've seen that despite all your huffing and
puffing about the haystack argument having been refuted, you're doing no
such thing but rather raising and entirely separate (and I say
misdirecting) "hidden agenda" argument. What could be clearer?
I'm not discussing the allegation of hidden agenda in the context of the
haystack argument, since it has nothing to do with the validity of the
haystack argument. I refute the hidden agenda argument independently by
saying that there's nothing hidden about it. The government has been quite
up front about it. But note that that is a separate topic from the
"haystack" argument. The "haystack" argument is simply an argument for why
the government would like to keep ITAR as it is even if some crypto
software has leaked, since the big software firms are law-abiding and
won't include strong crypto in exported products in violation of law.
You seem to be the only one here who still doesn't understand this simple
and straightforward point, which is acknowledged even by the software
companies themselves.
>
>> I have responded
>> that what you claim is a "hidden agenda" is quite overt and the product of
>> many published studies and white papers in and out of government--namely
>> economic intelligence and economic security. Can you not read?
>
>I can read, and I can see exactly how you are trying to sidestep
>the point at issue. The point at issue is not whether such
>intelligence gathering is overt or hidden, but whether it is
>openly stated as one of the purposes of ITAR.
This is a third red herring. There is no such issue. You made it up. It
has nothing to do with the validity of the "haystack" argument, which is a
factual one:
1. Lots of foreigners use US software.
2. That software produces plaintext messages.
3. If the US manufacturers started including transparent strong crypto,
that software would then produce encrypted messages.
4. That would make it harder for the intel folks.
5. Therefore the intel folks don't want to permit it.
Q.E.D.
>
>On
>this occasion, I am not disputing the haystack argument itself,
>but demonstrating that your own haystack argument is itself an
>acceptance that there is a hidden agenda in US crypto
>legislation.
I'm fed up. After repeatedly claiming you've refuted the haystack
argument, and refusing to repost that refutation so I can refute THAT yet
again, you now throw into this thread that for this occasion you're not
disputing it.
That puts your signal to noise ratio well under the threshold. As to the
new and separate issue you've tried to introduce, as to whether ITAR
covers economic intelligence, I'm not going to get into it further.
Discussing with you becomes a labyrinth where if you cannot respond to the
main point you attempt to introduce a number of other points. I don't know
whether that's an inability to focus on your part, an inability to back up
your claims and thus a shifting of your ground (what I call a red
herring), or undisciplined mental processes. Whatever it is, it's noise in
the context of the main point discussion and life is too short to play
silly games with you any longer.
Plonk!
Alan Lovejoy
Sternlight) writes:
>
>In article <430pkg$7...@ixnews6.ix.netcom.com>, love...@ix.netcom.com
>(Alan Lovejoy ) wrote:
>
>>I had every intention of making an ideological slur. The US
governemnt
>>has earned them in full measure for its disemboweling of the
>>Constitution.
>>
>>I was fully aware that India is on balance not as free as the US.
The
>>point is that at least in this one area it is a freer country than
the
>>US.
>
>Is it? Are you at familiar with crypto laws in India, or are you
pulling
>something out of thin air? Your e-mail would suggest the latter. In
the
>interests of harmony I'd have ignored the above comment of yours, but
it's
>critical to what I have to say below.
The company I work for (a software consulting firm) has a software
development group in India. In a conversation with the owner of the
company, it was stated that there were no export restrictions on
cryptographic software in India. Legally, this is hearsay. I have
certainly not researched the issue with any due dilligence.
Perhaps someone with concrete knowledge on this issue would care to
comment?
>>
>>David, have I made any ad-hominem attacks against you or any other
>>poster? I can get rather vitriolic against policies I don't like, but
I
>>try to avoid turning it into a personal thing. Unless you are the
>>author of said policy, why would you take such attacks personally?
>
>I don't take it personally, but I point out a tone which I find
>infelicitous to rational policy discussion--the pseudo-speciation and
>subsequent defamation of the Government. Unlike some countries, in the
US
>the government is "us" and if we don't like it we impeach people, vote
>them out of office, etc. I have visited the Soviet Union many times,
and
>worked to improve conditions is developing countries, and I must tell
you
>that you should kiss the ground on which you walk in the US. Those who
are
>raised here, never see other systems, and are pretty much spoiled by
>having a lot paid for by their parents or the government as they grow
up
>offend me when they turn and then attack that government not for
specific
>wrongs (which should always be pointed out and remedied) but in the
way I
>just mention--pseudospeciatively and in a hostile manner.
Utopia doesn't exist. Maybe it never will. And most places are closer
to hell than to heaven. The United States is without question one of
the better places to be. But that doesn't mean that other places
aren't sometimes better in some areas. "Amerika Uber Alles" is not
a psychologically healthy attitude--pride comes before a fall.
And one very bad sign is when the system closes its ears to criticism.
Believing your own propaganda (lying to yourself) is the first step
toward mental illness.
The qustion isn't "where have we been?" or even "where are we now?" but
rather "where are we going?" I don't like the answers I'm getting to
this last question.
>I am neither jingoist nor blind, but I recognize what we have here
that's
>precious, unlike some posters. In the American tradition the
government is
>"us" not "them". Rights here, as some never tire of properly pointing
out,
>are granted to us by ourselves as a collective people (as in "We, the
>people"), using the government as our collective instrument.
>
>(Note that that doesn't mean (as some would like) it's an individual
>instrument. YOU don't have the right to go into the White House Oval
>Office uninvited, for example.)
The Constitution is not a grant of power to the individual by the
group, but a limited grant of power to the group by the individual.
The Ninth and Tenth Ammendments make this explicit. James Madison
didn't want to have a "Bill Of Rights" precisely because he feared
that it would cause people to think that the rights enumerated in
the Constitution were 1) granted to the individual by the government,
and 2) the only rights the individual had. He was very right. The
idea that the individual only has the rights explicitly enumerated
in the Bill Of Rights now pervades our society and our legal system.
The philosophy of the founding fathers was the reverse: the
Constitution was intended as an enumeration of the limited powers
of the government--whatever the government was not explicitly
empowered to do it was forbidden to do.
>>
>>The intelligence value of being able to read all that foreign message
>>traffic is rather obvious. Current policy may preserve that
advantage
>>for a few more years. The cost, however, is high. First of all,
>>there is the damage to US competetiveness.
>
>Lots of assertion, little evidence on the latter point from posters
here.
>Even if there is some damage, it must be traded off against the
benefits
>to the country of reading such traffic for as long as it lasts.
That sword cuts both ways. The burden of proof is Constitutionally
on the government to show that its legitimate intelligence needs
outweigh the sovereign freedom of individual citizens.
>> Secondly, it is one more
>>case where the Constitution is being sacrificed on the altar of
>>national security. If we can't accept the idea that the Constitution
>>must be respected no matter what, then what's the point of protecting
>>national security? Whose security are we then protecting? You can't
>>defend freedom by making your Constitution null and void, merely a
>>document to be obeyed at your convenience.
>
>That ITAR is unconstitutional is an assertion. It is not by any means
a
>consensus, and the legal system has not ruled on the matter, except to
the
>extent it has been silent and thus permits it thus far. If you THINK
it's
>unconstitutional there are clear paths, within the American system, to
>test that if you think it important enough so to do (i.e. put your
money
>where your mouth is--nothing personal).
In context, my point was the damage to the Constitution that would
result from a formal Supreme Court finding that the ITAR restrictions
on the export of crypto software is not a violation of the First
Ammendment. That the language of the First Ammendment specifies an
absolute freedom to communicate (synonymous with "transmit information"
by formal definition) is obvious to any native speaker of English.
Transmitting the source code or binary code of a computer program
is the transmission of information--also by definition. The law
recognizes this because it permits computer programs--even the binary
code--to be "copyrighted" as though the program were a work of
literature.
The government's interpretation of ITAR abridges the freedom of
citizens to publish/transmit copyrightable information (the code of
crypto programs). That is a prima facie violation of the First
Ammendment. Excuse me, but I can only credit disagreement with this
reasoning by any reasonably educated person as a sign of intellectual
dishonesty. What part of "Congress shall make no law abridging
freedom of speech" don't you understand? You can use a dictionary
if you need to. I suggest American Heritage.
I don't need to be told that the Supreme Court may come to a different
conclustion. I know that. Should that happen, say good bye to the
First Ammendment.
>That big, rich software companies have not mounted a Constitutional
court
>test (i.e. put _their_ money where their mouth is) suggests to me some
>combination of:
>
>1. Not that much is _really_ involved competitively--talk is cheap;
>lawyers aren't.
>
>2. They think they'd lose a Constitutional test in court.
>
>David
>--
>This writer now uses author filters. Posters with low signal to noise
ratio are no longer read. Silence thus does not constitute assent.
Or it may just mean that the evolution of the use of computers,
networks and cryptography in commerce hasn't yet reached the point
where the issue must come to a head.
It may also be that the major software companies have figured out
a way around ITAR--such as foreign production of software.
It's also interesting that the government has yet to prosecute anyone
for exporting crypto software, even though this has undeniably ocurred.
Could it be that the government is afraid it would lose on
Constitutional grounds?
David Sternlight
(Alan Lovejoy ) wrote:
>The Constitution is not a grant of power to the individual by the
>group, but a limited grant of power to the group by the individual.
>The Ninth and Tenth Ammendments make this explicit. James Madison
>didn't want to have a "Bill Of Rights" precisely because he feared
>that it would cause people to think that the rights enumerated in
>the Constitution were 1) granted to the individual by the government,
>and 2) the only rights the individual had. He was very right. The
>idea that the individual only has the rights explicitly enumerated
>in the Bill Of Rights now pervades our society and our legal system.
>The philosophy of the founding fathers was the reverse: the
>Constitution was intended as an enumeration of the limited powers
>of the government--whatever the government was not explicitly
>empowered to do it was forbidden to do.
I guess what you're saying is that Madison's view prevailed and we don't
have a Bill of Rights, eh? :-) (Yeah, I know it's a cheap shot but you
set yourself up for it.)
>That sword cuts both ways. The burden of proof is Constitutionally
>on the government to show that its legitimate intelligence needs
>outweigh the sovereign freedom of individual citizens.
There is no such burden. The Constitution gives absolute power and
authority, limited only by the explicit language of the other provisions,
to the central government (Congress as the people's representative) on
some matters, including defense, interstate commerce, etc. Subsequent
laws, held Constitutional, give additional powers in economic affairs,
civil rights, etc.
>
>>> Secondly, it is one more
>>>case where the Constitution is being sacrificed on the altar of
>>>national security. If we can't accept the idea that the Constitution
>>>must be respected no matter what, then what's the point of protecting
>>>national security?
Are you another who reads selectively? National defense is in the
Constitution explicitly. Sounds like another "Power to the People" means
'Power to me and my friends' argument--you take what you like and reject
what you don't from the Constitution. It's clear that when provisions in
the Constitution seem to come in conflict with each other, it's a
trade-off by Congress, as interpreted by the Courts.
>
>In context, my point was the damage to the Constitution that would
>result from a formal Supreme Court finding that the ITAR restrictions
>on the export of crypto software is not a violation of the First
>Ammendment.
Uh, sorry? The Supreme Court supports the Constitution when it comes up
with findings you like, and damages the Constitution when it comes up with
findings you don't? That's a very peculiar view of our system. You seem to
have your own version of the Constitution in your head, and whip it out to
compare with the "real" Constitution as interpreted by the courts when
something happens you don't like.
> That the language of the First Ammendment specifies an
>absolute freedom to communicate (synonymous with "transmit information"
>by formal definition) is obvious to any native speaker of English.
>Transmitting the source code or binary code of a computer program
>is the transmission of information--also by definition. The law
>recognizes this because it permits computer programs--even the binary
>code--to be "copyrighted" as though the program were a work of
>literature.
I'm not certified to practice before the Supreme Court, nor have I a law
degree with concentration in Constitutional Law, so I'm not competent to
deal with your argument. Are you competent to make it? Before you rush to
defend your argument on a "native speaker of English" basis, consider that
many laws are so ill-related to "native English" that they must be
preceeded with formal definitions of their key terms.
>
>The government's interpretation of ITAR abridges the freedom of
>citizens to publish/transmit copyrightable information (the code of
>crypto programs). That is a prima facie violation of the First
>Ammendment. Excuse me, but I can only credit disagreement with this
>reasoning by any reasonably educated person as a sign of intellectual
>dishonesty. What part of "Congress shall make no law abridging
>freedom of speech" don't you understand? You can use a dictionary
>if you need to. I suggest American Heritage.
First of all court decisions regarding "speech" make it clear they don't
use the narrow dictionary definition. My Webster (Merriam Webster's
Collegiate Dictionary, Tenth Edition) doesn't include flag-burning as
speech.
But if you're going to rely on dictionary definitions for a "native
English" argument, then my Webster says speech is:
"1.a. the communication or expression of thoughts in spoken words;
b. exchange of spoken words;
2.a. something that is spoken;
b. a usu. public discourse;
3. language, dialect
b. an individual manner or style of speaking;
4. the power of expressing or communicating thoughts by speaking"
It's clear that crypto isn't speech in the above. 2b is a subset of
"spoken" and 3b. is a subset of "language, dialect" Encrypted matter per
se doesn't meet the test of being a language or dialect since it is
essentially random (if it is any good).
Thus crypto fails to meet the test of being spoken and fails to conform to
the dictionary definition of speech, no matter how loudly you cry "obvious
to any native speaker of English".
Without that, we're forced to rely on the law as written, as subsequently
modified by court tests. So far ITAR is the law of the land and there has
been no court finding that it's unconstitutional.
>
>I don't need to be told that the Supreme Court may come to a different
>conclustion. I know that. Should that happen, say good bye to the
>First Ammendment.
So you think the Court is only Constitutional when it finds according to
your liking? Funny, I don't find anything in the Constitution's
description of the Supreme Court that says that.
David Sternlight
scha...@rbg.informatik.th-darmstadt.de (Arno Schaefer) wrote:
>
>Very easy. Intelligence is what one's own government does, espionage is
>what other governments do. Same thing here in germany - after the fall
>of the wall, spies from the former GDR were prosecuted, while spies from
>the FRG went unharmed. I call this double standards.
That's both defamatory and prejudicial. It's also wrong--the distinction
isn't who does it but whether it involves spies, clandestine means, etc.
Some espionage can lead to intelligence and much intelligence doesn't
require espionage.
As to espionage itself, we weren't discussing that so I won't get into
that unrelated side issue.
>
>: >The legislation is presented and defended on the basis of denying
>: >arms to possible enemies.
>
>: Nope. Not the only basis. Where did you get this statement anyway? Made it
>: up? Hearsay? Repeating what someone else said? Find it in the legislative
>: history or the law itself please, or stop making stuff up.
>
>I find it quite obvious that a bill called 'international traffic in
>arms regulation' should be about regulating the international traffic
>in arms and not about commercial espionage (or intelligence, if you
>like that better).
I see. So you've backed off from "is presented and defended" to "I find it
obvious". A few more like that and you'll trigger my signal to noise
threshold.
>
>: Nope. I say you show your ignorance of the extensive policy debate on
>: economic intelligence in the US, both by the government and by many
>: distinguished think tanks. I'll betcha the British Institute for Strategic
>: Studies in London has also addressed this issue. I am making a substantive
>: point about your statements. Instead of acknowledging your lack of
>: information and moving on, you seemingly attempt to hide it by
>: misclassifying my comment as a "dig". It's not.
>
>That's not the point. The point is not whether or not commercial intel-
>ligence is a good thing (TM), but whether it should be hidden in a bill
>about arms traffic.
There's no evidence that it's "hidden". Under our Constitution,
intelligence comes under the heading of "provide for the common defense",
and we have many laws making economic security a matter of national
security. For many years now there have been articles in the foreign
affairs journals on that very topic, and not just in the US.
Besides, the ability to read foreign plaintext has military as well as
economic significance.
>: P.S. I'm gonna start using a new version of Newswatcher with kill file
>: capability. I simply can't take the time for some of the nonsense
>: consistently associated with some here. As usual, I invite anyone who
>: doesn't wish to read my stuff to kill file me as they wish. It's your
>: right, and I take no offense from it.
>
>Why don't you just say that you are not interested in this discussion
>any more, instead of critizising your opponents' postings in such a
>polemic way?
Because some who disagree with me post with a high signal to noise ratio,
and others post mostly crap. I don't filter the first group and in fact
they have my respect, but henceforth I most assuredly filter the second.
Others are certainly entitled to do the same for my posts, and each of us
is free to define "crap" however he likes. Nobody owes one reading one's
posts here.
Iolo Davidson
da...@sternlight.com "David Sternlight" writes:
> Vast farrago of non-responsive nonsense omitted. The issue is simple.
> Davidson claims to have refuted the "haystack" argument.
That actually is the side issue. Dispense with it for now.
> >The evidence is your own often trumpeted haystack argument. You
> >cannot have the haystack argument, which justifies ITAR on the
> >basis that it facilitates commercial and economic intelligence
> >gathering of everyday traffic, and still maintain that ITAR or US
> >crypto legislation in general does not have a hidden agenda.
>
> Thus is a total red herring. Whether there is a "hidden agenda" (as Iolo
> claims) or not is totally irrelevant to the validity of the "haystack"
> argument, which stands on its own.
I do not claim that your haystack argument is invalidated by the
hidden agenda. You have either misunderstood the point, which I
doubt, or are trying to dodge it. Others have posted showing
that they understand the point.
I claim that your haystack argument is itself evidence of the
hidden agenda. You have denied the existence of a hidden agenda
in US crypto legislation. You have claimed that there is no
evidence of a hidden agenda in US crypto legislation.
But your haystack argument relies on there being a hidden agenda
in ITAR itself, a purpose for the continuation of ITAR which you
have determined only by inference, and which I therefore infer (I
can do this too) that you cannot demonstrate is an openly
proclaimed purpose in the ITAR bill.
> The "haystack" argument is that right now much of the world
> uses US software and posts in cleartext as a consequence. Revising ITAR to
> permit transparent inclusion of "hard" crypto in such exported software
> would convert the vast body of such plaintext traffic to
> harder-to-deal-with encrypted traffic. This is not a "good thing" from the
> point of view of the Intelligence Community. That's IT! Nothing about
> agendas, hidden or not. It's simple logic.
Another justification of the continuation of ITAR for a purpose
which is not the overt purpose of the legislation. That IS the
proof of the hidden agenda.
> Claiming there is a hidden agenda has nothing to do with the validity of
> the haystack argument, and does not refute the haystack argument. Thus
> your claim to have refuted it (your words) is bogus.
I maintain that I have refuted it. This is a different deal. I
am now showing you why your arguing for your haystack argument is
providing evidence that there is a hidden agenda. You are trying
to maintain two things, the validity of the haystack argument,
and the contention that there is no hidden agenda in the US
government's legislation of crypto.
If the haystack argument is true, then it is evidence that ITAR
contains a hidden agenda. You are going to have to give up one
of these contentions. They will not live together.
> I'm not discussing the allegation of hidden agenda in the context of the
> haystack argument, since it has nothing to do with the validity of the
> haystack argument.
I know you want to keep these two issues separate. You have
been trying desparately to keep them apart for several posts.
> I refute the hidden agenda argument independently by
> saying that there's nothing hidden about it. The government
> has been quite up front about it.
No you haven't. You have repeatedly stated that there is no
hidden agenda behind the clipper proposals and other upcoming
legislation, and have challenged people to show "a shred of
evidence" that there is.
Your haystack argument is itself evidence that the US government
put hidden provisions into crypto legislation, that they have
done it already. You further use the haystack argument to
justify their current strengthening of the ITAR regs on crypto,
which means that they are still operating the hidden agenda.
That is more than "a shred of evidence" that they have a hidden
agenda, and that they are slipping it into legislation
unannounced.
That the government is upfront about the fact that they gather
intelligence is not the point. They were not upfront about the
slipping of a provision into ITAR to facilitate intelligence
gathering. They did it without saying what it was.
In fact, they actually disguised it as a measure to keep strong
crypto out of the hands of enemies as if it were a weapon that
could be contriolled in this way. This has been shown to be a
cover story.
> But note that that is a separate topic from the
> "haystack" argument. The "haystack" argument is simply an argument for why
> the government would like to keep ITAR as it is even if some crypto
> software has leaked, since the big software firms are law-abiding and
> won't include strong crypto in exported products in violation of law.
I know you don't want your discovery that there is a hidden
agenda in the ITAR regs, which taints the current and future US
crypto legislation, to be brought up at the same time that you
are using the same discovery to defend the usefulness of the
legislation to your secret agencies. But it is the issue.
If you want the haystack for defending ITAR, you have to accept
the revelation that ITAR has been tainted by the hidden agenda.
And that it is currently being strengthened for the purposes of
the hidden agenda. And that this means the US government lies
about the purposes for which their legislation of crypto is
passed.
> You seem to be the only one here who still doesn't understand this simple
> and straightforward point, which is acknowledged even by the software
> companies themselves.
I do understand it, but I don't accept it. I will argue it
again on another occasion.
> >I can read, and I can see exactly how you are trying to sidestep
> >the point at issue. The point at issue is not whether such
> >intelligence gathering is overt or hidden, but whether it is
> >openly stated as one of the purposes of ITAR.
>
> This is a third red herring. There is no such issue. You made it up.
I can raise any issue I like, but this one happens to be yours.
You are the one that maintains the US government is honest in its
objectives when framing crypto legislation. You are also the one
that has caught them out in a hidden provision in ITAR, if your
haystack argument is valid.
> I'm fed up. After repeatedly claiming you've refuted the haystack
> argument, and refusing to repost that refutation so I can refute THAT yet
> again, you now throw into this thread that for this occasion you're not
> disputing it.
I haven't been disputing the haystack in this thread, from the
first, and I am pretty sure you understand that. Others have
posted showing they got the point. I have mentioned my
refutation in the context of making it clear that I was not
accepting the haystack argument (I reserve my position), but
merely arguing the consequences of it, which are that it
demonstrates a hidden agenda in US crypto legislation.
I have clipped your obligatory closing dig, as it was rather long
this time, and had nothing interesting in it.
> Plonk!
I spent a long time in your kill file before. It is a cosy
place, where I can lounge in comfort, pointing out your errors
without becoming subject to a flurry of accusations and
misdirection. I am afraid you won't like it though. You will
lose track of the debate, which after all does not centre on
yourself. And there will be fewer and fewer people to argue
with, as each one makes a point you cannot deal with and
disappears from view.
Iolo Davidson
Organization: Lair of the Mist Demon
Reply-To: io...@mist.demon.co.uk
Followup-To:
In article <david-12099...@192.0.2.1>
da...@sternlight.com "David Sternlight" writes:
> In article <433pii$1h...@rs18.hrz.th-darmstadt.de>,
> scha...@rbg.informatik.th-darmstadt.de (Arno Schaefer) wrote:
>
> >: >The legislation is presented and defended on the basis of denying
> >: >arms to possible enemies.
> >
> >: Nope. Not the only basis. Where did you get this statement anyway? Made it
> >: up? Hearsay? Repeating what someone else said? Find it in the legislative
> >: history or the law itself please, or stop making stuff up.
> >
> >I find it quite obvious that a bill called 'international traffic in
> >arms regulation' should be about regulating the international traffic
> >in arms and not about commercial espionage (or intelligence, if you
> >like that better).
>
> I see. So you've backed off from "is presented and defended" to "I find it
> obvious". A few more like that and you'll trigger my signal to noise
> threshold.
You've confused Arno with me. He didn't say "presented and
defended", I did. We are both talking about the same obvious
point, that ITAR is not openly a bill for facilitating
intelligence gathering, but supposedly for the regulation of
trade in armaments.
Your haystack argument that ITAR is useful to intelligence
gathering, even if it has no effect on the availability of strong
crypto to foreign enemies, gives away the US Government's
insertion of a hidden purpose in the bill.
> >That's not the point. The point is not whether or not commercial intel-
> >ligence is a good thing (TM), but whether it should be hidden in a bill
> >about arms traffic.
>
> There's no evidence that it's "hidden". Under our Constitution,
> intelligence comes under the heading of "provide for the common defense",
> and we have many laws making economic security a matter of national
> security. For many years now there have been articles in the foreign
> affairs journals on that very topic, and not just in the US.
Dodged the point. As far as ITAR is concerned, the purpose is
hidden, and has even been provided with a cover story. The bill
was passed for the open purpose of regulating arms traffic, not
for making spying on the commercial traffic of your friends and
trading partners easier. It is an example of the US government
dishonestly framing bills regulating crypto.
> Because some who disagree with me post with a high signal to noise ratio,
> and others post mostly crap. I don't filter the first group and in fact
> they have my respect, but henceforth I most assuredly filter the second.
> Others are certainly entitled to do the same for my posts, and each of us
> is free to define "crap" however he likes. Nobody owes one reading one's
> posts here.
David is no longer properly following this discussion, as he
cannot see at least one person's contributions. He has already
confused quoted text that I wrote with that of another poster.
Bill Unruh
>has nothing to do with the validity of the "haystack" argument, which is a
>factual one:
>1. Lots of foreigners use US software.
>2. That software produces plaintext messages.
>3. If the US manufacturers started including transparent strong crypto,
>that software would then produce encrypted messages.
>4. That would make it harder for the intel folks.
>5. Therefore the intel folks don't want to permit it.
Let us grant this arguement as a reason why the government does not want
crypto to be allowed to be exported. The problem is whether or not this
arguement is sufficient justification for an executive branch decision
to include crypto in a set of regulations promulgated under the
authority of and act designed to control the export of "defense"
materials.
Once there was definitely a justification since crypto was an esoteric
field, with clear defense implications. That is much less true now.
Although there may be economic arguements, they cannot be a
justification under an act to control arms export, just as the arms
export act cannot be used to control the export of grain or of computer
games.
D. J. Bernstein
David Sternlight <da...@sternlight.com> wrote:
> In article <810695...@mist.demon.co.uk>, io...@mist.demon.co.uk wrote:
> > the ITAR provisions
> > are supposed to be about keeping arms out of the hands of
> > enemies, not making it easy to read the everyday communications
> > of your friends.
> And where do you find that in the langugage of the law or the legislative
> history, pray tell? It's something you're inventing out of whole cloth
Congress states the objectives of AECA in section 2751:
As declared by the Congress in the Arms Control and Disarmament Act
[22 U.S.C.A. sec. 2551 et seq.], an ultimate goal of the United
States continues to be a world which is free from the scourge of war
and the dangers and burdens of armaments; in which the use of force
has been subordinated to the rule of law; and in which international
adjustments to a changing world are achieved peacefully. ...
---Dan
Ralf Brown
}of my message. I have the Constitutionally protected right to send
}any message I choose without any prior restraint. A computer program
}is a message, and its transmittal (including export) is therefore
}Constitutionally protected.
}
}If the above is not true, then the US cannot claim to be a free
}country--and the US Constition is null and void. And the very fact
Didn't you know? The Constitution was suspended 60 years ago....
(see http://www.cs.cmu.edu/afs/cs/user/ralf/pub/WWW/wep-txt.txt)
--
My employer will | I'net: ra...@telerama.lm.com Fido: Ralf Brown 1:129/26.1
deny knowing of | "Man is the only kind of varmint sets his own trap, baits
this message... | it, then steps in it." -- John Steinbeck, _Sweet_Thursday_
David Sternlight
<Joe.F...@dartmouth.edu> wrote:
>David Sternlight, da...@sternlight.com writes:
>>That big, rich software companies have not mounted a Constitutional court
>>test (i.e. put _their_ money where their mouth is) suggests to me some
>>combination of:
>>
>>1. Not that much is _really_ involved competitively--talk is cheap;
>>lawyers aren't.
>>
>>2. They think they'd lose a Constitutional test in court.
>
>
>So? Believing that the Supreme Court would be likely to uphold the
>constitutionality of ITAR does not imply believing that ITAR is right -
>morally, economically, or otherwise. In such a case it seems that the
>correct action is to express disaproval and stimulate public debate.
>Isn't that precisely what they did at the NIST SonOfClipper workshop?
They had years to file a court test if they were really, as they claim,
losing lots of money because of this. Thus I don't think they were.
Software companies do not strike moral poses about export laws. They are
not Internet ideologues. What they DO do is go to court and Congress.
That the sovereign bans export of crypto is not a moral issue but a legal
and policy issue. I know those who wrap themselves in "morality" on every
street corner and at every opportunity do so on this one, but it isn't a
moral issue.
As an economic issue if one disagrees the thing to do is present contrary
economic _studies and analyses_, not shout propaganda. The software
companies have not so done. As to "otherwise" I leave that catch-all for a
trollee.
I think the "amend ITAR" folks are going to get slightly longer keys but
that's all. A reading of "Economics and the Art of Controversy" by John
Kenneth Galbraith suggests they've lost on this one. Paraphrasing: In a
negotiation, as long as both sides are quiet in the public press, the
negotiation is still ongoing and either side thinks it may obtain a
satisfactory outcome. When one party starts public screaming about its
side, takes out ads, etc. it's a sign they've lost.
David Sternlight
(quoting another):
>}A computer program
>}is a message, and its transmittal (including export) is therefore
>}Constitutionally protected.
Relax. The statement that "a computer program is a message" is a very
dubious proposition and at best a metaphor, not an identity. The writer,
having no case, is reaching into the further reaches of his mind's ability
to free-associate.
David Sternlight
>da...@sternlight.com (David Sternlight) writes:
>>has nothing to do with the validity of the "haystack" argument, which is a
>>factual one:
>
>>1. Lots of foreigners use US software.
>>2. That software produces plaintext messages.
>>3. If the US manufacturers started including transparent strong crypto,
>>that software would then produce encrypted messages.
>>4. That would make it harder for the intel folks.
>>5. Therefore the intel folks don't want to permit it.
>
>Let us grant this arguement as a reason why the government does not want
>crypto to be allowed to be exported. The problem is whether or not this
>arguement is sufficient justification for an executive branch decision
>to include crypto in a set of regulations promulgated under the
>authority of and act designed to control the export of "defense"
>materials.
I have answered this objection in my reply to Bernstein. Since he
redirected replies to his message (properly, I think) to
talk.politics.crypto, you will find it there. Since I don't participate in
that group, if you have anything further to say to me on this topic, I
suggest e-mail.
Note, by the way, that you list "talk.politics.crypt" in your header. As I
recall that's pretty much a defunct group--the active one is
"talk.politics.crypto". If you disagree, let's discuss THAT via e-mail as
well.
Arthur Chance
(David Sternlight) writes:
> In article <3055859a@ralf>, Ralf Brown <ra...@telerama.lm.com> wrote
> (quoting another):
> >}A computer program
> >}is a message, and its transmittal (including export) is therefore
> >}Constitutionally protected.
> Relax. The statement that "a computer program is a message" is a very
> dubious proposition and at best a metaphor, not an identity.
Almost anyone who programs for a living (or hobby for that matter) can
validly contradict you. I get email from a friend saying how do you do
such and such and do I have any code for it. I reply by sending C code
and nothing but C code (well, maybe it starts with "here you are"). My
reply is a message carrying significance for a human. It also happens
to be a full computer program. Programs, surprise, surprise, can an
excellent way to communicate algorithms between *people*. If the
formal specification guys get their way, pure mathematics notation
which, AFAIK, is currently protected by your 1st Amendment, will
become machine executable. At that point, the USG has the choice
between removing software from ITAR restrictions or burning the maths
books.
--
What if there were no hypothetical questions?
David Sternlight
art...@Smallworld.co.uk (Arthur Chance) wrote:
You continue the metaphorical argument. The point is that under the law a
computer program is in the language of the ITAR which prohibits export of
crypto computer programs without a license.
You can argue 'til the cows come home about metaphors, but the law is as
written. What's more, if you THINK, in your vast layman's wisdom, that you
have found a contradiction _between code sections_ (a contradiction
between metaphors won't do it), then the law is still unaffected and your
only course of action is to get a court to throw out the law. Chin music
on the Internet won't cut it.
Iolo Davidson
da...@sternlight.com "David Sternlight" writes:
> In article <435pns$3...@nnrp.ucs.ubc.ca>, un...@unixg.ubc.ca
> (Bill Unruh) wrote:
>
> >Let us grant this arguement as a reason why the government does not want
> >crypto to be allowed to be exported. The problem is whether or not this
> >arguement is sufficient justification for an executive branch decision
> >to include crypto in a set of regulations promulgated under the
> >authority of and act designed to control the export of "defense"
> >materials.
>
> I have answered this objection in my reply to Bernstein. Since he
> redirected replies to his message (properly, I think) to
> talk.politics.crypto, you will find it there. Since I don't participate in
> that group, if you have anything further to say to me on this topic, I
> suggest e-mail.
Sounds like you don't have an answer you want anyone in here to
see. I doubt it has impressed anyone in talk.politics.crypto
either, but you can't see their replies anymore than you can see
mine.
> Silence thus does not constitute assent.
Silence doesn't answer any questions.
E. David Neufeld
>In article <ARTHUR.95S...@gold.Smallworld.co.uk>,
>art...@Smallworld.co.uk (Arthur Chance) wrote:
>
>>In article <david-13099...@192.0.2.1> da...@sternlight.com
>>(David Sternlight) writes:
>>> In article <3055859a@ralf>, Ralf Brown <ra...@telerama.lm.com> wrote
>>> (quoting another):
>>
>>> >}A computer program
>>> >}is a message, and its transmittal (including export) is therefore
>>> >}Constitutionally protected.
>
>computer program is in the language of the ITAR which prohibits export of
>crypto computer programs without a license.
>
>You can argue 'til the cows come home about metaphors, but the law is as
>written. What's more, if you THINK, in your vast layman's wisdom, that you
>have found a contradiction _between code sections_ (a contradiction
>between metaphors won't do it), then the law is still unaffected and your
>only course of action is to get a court to throw out the law. Chin music
>on the Internet won't cut it.
>
>David
>--
David Sternlight must have made his parents very proud. He *ALWAYS*
follows the rules. Even when the rules are wrong, he never questions
them.
Christopher Davis
DS> You continue the metaphorical argument. The point is that under the law a
DS> computer program is in the language of the ITAR which prohibits export of
DS> crypto computer programs without a license.
Then why can _Applied Cryptography_ the book leave the country with the
code listings intact?
--
Christopher Davis * <c...@kei.com> * <URL:http://www.kei.com/homepages/ckd/>
512/03829F89 = D7 C9 A7 80 8C 84 3F B2 27 E1 48 61 BF FC 18 B4
1024/66CB73DD = 46 8E FD F5 12 8E 13 4C 2C 8A 92 A3 B0 D5 2A 5E
[ Public keys available by finger, WWW, or keyserver ]
Mark McCutcheon
In article <david-13099...@192.0.2.1> da...@sternlight.com
(David Sternlight) writes:
> In article <434ruh$2...@dartvax.dartmouth.edu>, Joe Francis
> <Joe.F...@dartmouth.edu> wrote:
>> David Sternlight, da...@sternlight.com writes:
DS2> That big, rich software companies have not mounted a Constitutional court
DS2> test (i.e. put _their_ money where their mouth is) suggests to me some
DS2> combination of:
DS2>
DS2> 1. Not that much is _really_ involved competitively--talk is cheap;
DS2> lawyers aren't.
DS2>
DS2> 2. They think they'd lose a Constitutional test in court.
JF>
JF>
JF> So? Believing that the Supreme Court would be likely to uphold the
JF> constitutionality of ITAR does not imply believing that ITAR is right -
JF> morally, economically, or otherwise.....
<SNIP>
DS>
DS> They had years to file a court test if they were really, as they claim,
DS> losing lots of money because of this. Thus I don't think they were.
DS>
DS> Software companies do not strike moral poses about export laws. They are
DS> not Internet ideologues. What they DO do is go to court and Congress.
DS>
<SNIP>
DS> As an economic issue if one disagrees the thing to do is present contrary
DS> economic _studies and analyses_, not shout propaganda. The software
DS> companies have not so done.
<SNIP>
DS>
DS> David
You may be interested to see the article "Upgrading the Internet" (John
Adam) in the September 1995 issue of IEEE Spectrum. It features a panel
discussion among the "giants of networking" at the 1995 Internet Society
meeting. Strong authentication, and strong privacy through encryption,
were generally agreed to be major issues respecting the future of the
internet. Vinton Cerf, Senior Vice-President of MCI, founder of the
Internet Society, and one of 2 "acknowledged progenitors" (sic) of the
internet, states:
"Actually, the terms for export get negotiated for each particular
product. Often products can be exported anywhere, except certain
proscribed countries. And that has worked just fine. It's just that
the strength or quality of the cryptography hasn't been very good.
So this worries me a lot because international commerce needs to be
properly protected. We're doing everyone, including our own economy,
a great disservice by allowing a large amount of electronic commerce
to take place without suitable protection.
That has nothing to do with software companies struggling with two
versions of a product. It has everything to do with multi-trillion
dollars of business transactions not being properly protected."
Perhaps Cerf is an "Internet ideologue" but I suspect he is speaking as
a representative of MCI as well in this discussion. If so, I suspect
that they are already in close contact with Congress, if not the courts.
--
Mark McCutcheon
Chris BeHanna
:>That the sovereign bans export of crypto is not a moral issue but a legal
:>and policy issue.
The federal government is *not* "the sovereign". We the people
are the sovereigns, who delegate our authority to our state governments, which,
in turn, delegated authority to the federal government via the Constitution.
For someone who pretends to be as knowledgeable as you do, David, you
show a remarkable lack of understanding of the concept of republican
government.
Followups trimmed--this has nothing to do with sci.crypt.
Regards,
Chris BeHanna Director, New Jersey Self Defense Coalition
NJ-RKBA List Maintainer P.O. Box 239
beh...@syl.nj.nec.com Milford, NJ 08848-0239
kore wa NEC no iken de gozaimasen.
Lon Horiuchi: Will Murder Women for Food PGP 2.6.1 public key available
Only in America can a homeless veteran sleep in a cardboard box while a draft
dodger sleeps in the White House.
Bill Unruh
>They had years to file a court test if they were really, as they claim,
>losing lots of money because of this. Thus I don't think they were.
>Software companies do not strike moral poses about export laws. They are
>not Internet ideologues. What they DO do is go to court and Congress.
Most software companies do not know anything about either security or
ezpecially cryptography. Microsoft has a total crypto expertise of abotu
two people. The possibility and need for the public use of crypto is
about 2 years old. Remember that 7 years ago the biggest workstation
vendor of the time shipped thier operationg system so that anyone in the
world could mount disks on your computer without your permission, and
shipped an operating system with programs whose only purpose was to give
any user root access. The internet has caught everyone by surprise, and
the need for cryptography has certainly not sunk in at higher levels
anywhere yet.
The need for good crypto is going to hit hard and fast, and companies
will scramble like mad to supply it ( usually badly). It is at that
point that it will suddenly hit American companies that they are not
cappable of supplying the market, the of necessity world wide market.
(How in the hell can you sell an internet tool which is built to the
lowest denominator, and how do you supply the millions of escrowed keys
when there is no mechanism to do so. Maybe you cobble together something
and a year later discover that some criminal or hacker organisation has
just lifted the whole escrow)
Kenneth J. Hendrickson
>That big, rich software companies have not mounted a Constitutional court
>
>2. They think they'd lose a Constitutional test in court.
The US government did worse than shoot themselves in the foot when in
1954 they declared that crypto is munitions.
The 2nd Ammendment to the US Constitution says that every person has a
God-given right to keep and bear arms, and the government does not have
the authority to trample upon that right.
The ITAR prevents me from giving PGP to my friend Alin, a Romanian
national residing in the US. However, Alin has a God-given right to
keep and bear arms (which includes crypto according to the US gov't.)
and which must also include a God-given right to obtain said arms. The
ITAR is therefore unconstitional.
If I give PGP to Alin, I've broken the unconstitional ITAR law. If I'm
prosecuted, and if the case gets to the Supreme Court, then certain
portions of the ITAR may be overturned.
I don't want to comment further, cuz I'm a sensible engineer, not a
lawyer. I don't understand the [convoluted|lack of] logic involved in
many court decisions. I'm also not going to be the test case.
--
http://www-scf.usc.edu/~khendric k...@seas.smu.edu, k...@usc.edu
"Prior planning must be done in advance." -- Ken Hendrickson N8DGN/5
Robert Mashlan
On 14 Sep 1995 16:06:26 -0700, k...@pollux.usc.edu (Kenneth J. Hendrickson) said in article <43achi$1...@pollux.usc.edu>:
>David Sternlight, da...@sternlight.com writes:
>>That big, rich software companies have not mounted a Constitutional court
>>test (i.e. put _their_ money where their mouth is) suggests to me:
>>
>>2. They think they'd lose a Constitutional test in court.
>
>The US government did worse than shoot themselves in the foot when in
>1954 they declared that crypto is munitions.
>
>The 2nd Ammendment to the US Constitution says that every person has a
>God-given right to keep and bear arms, and the government does not have
>the authority to trample upon that right.
I'm afraid Sternlight will eat you alive on this one. I agree with your
sentiment, but the problem is that the Constitution supposedly protects
your right to bear arms, not munitions. Munitions are not arms, arms are a
subset of munitions. For instance, the second ammendment doesn't
specifically protect your right to own and wear a bullet-proof vest.
>If I give PGP to Alin, I've broken the unconstitional ITAR law. If I'm
>prosecuted, and if the case gets to the Supreme Court, then certain
>portions of the ITAR may be overturned.
Well, the Supreme court is hostile to the second amendment. The standing
Supreme Court position on the right to bear arms uses that convulted logic
that the people have the right to bear arms as part of a state militia,
therefore, your state national guard has the right to bear arms, but you
don't. The main reason this is convulted (ignoring the fact that the
language of the ammendment doesn't firmly connect "people" to a "well
regulated militia") is that there is no autonomy of state national guards
from federal control, because national guard units fought in Vietnam under
control of the president.
The best constitutional basis to fight the ITAR crypto provisions is the
constitutionally protected right to be secure in your "effects" (4th
ammendment), as well as your un-enumerated rights protected by ammendments
9 and 10.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQEVAwUBMFjRpYZcjR1OWxdNAQGJzQf9HNckpsmHi36ug2Ytu4z7I4POD7HhqsHI
zK0lwWKEHy4Yrvrc4CChHVID5Q7dxw3Fakyp9gJaY/11/VH7K+Ulzho/ZzBCRvM2
3DkWblA4IztqINmC38k2GqatGDUQ1+M+y1jH+pcfV6lCsvSNJxI0328evuSmVEuY
X/NUyCd2UbmqIHhfyABBxV2t1GOT2EzPVwaWXyFkNPKPgw4teE8z81sDckjCZK48
Ly7lw5ybJ8BJcZZddiYAfCwAhplLwWOhi37PoLzIUqATbOgRFy5YD35qYZDU8bDm
FhdDPNal66xZ//GSLCCiYzalo2wMbNS+FIV8N1WBRV3FOuHEasF8iA==
=3w16
-----END PGP SIGNATURE-----
--
Robert Mashlan R2M Software Company Programmer for Hire
mailto:rmas...@r2m.com http://www.csn.net/~rmashlan PGP key available
Resources for Windows Developers - http://www.csn.net/~rmashlan/windev
Windows Developers FAQ - http://www.csn.net/~rmashlan/win-developer-FAQ
Scott Weiser
>The 2nd Ammendment to the US Constitution says that every person has a
>God-given right to keep and bear arms, and the government does not have
>the authority to trample upon that right.
Arms are not necessarily munitions, nor are all munitions arms.
>
>The ITAR prevents me from giving PGP to my friend Alin, a Romanian
>national residing in the US. However, Alin has a God-given right to
>keep and bear arms (which includes crypto according to the US gov't.)
>and which must also include a God-given right to obtain said arms. The
>ITAR is therefore unconstitional.
See above
>If I give PGP to Alin, I've broken the unconstitional ITAR law. If I'm
>prosecuted, and if the case gets to the Supreme Court, then certain
>portions of the ITAR may be overturned.
Only if Alin tries to take PGP out of the country...or he is designated
as a subversive alien. And if you give it to him inside the US, you have
not committed a crime, unless he is a spy and you knew it, and knew he
intended to smuggle it out.
Scott
Scott Weiser
>Well, the Supreme court is hostile to the second amendment. The standing
>Supreme Court position on the right to bear arms uses that convulted logic
>that the people have the right to bear arms as part of a state militia,
>therefore, your state national guard has the right to bear arms, but you
>don't.
Whoa! Excuse me, but you are misrepresenting both the Constitution and the
Supreme Court's stand. The Court has consistantly ruled that the wording
"the right of the people" means exactly the same "people", which is every
single individual person, that are spoken of in all the rest of the parts of
the Constitution. There is *no* statutory or case-law basis for your
conclusion.
But then, this doesn't have anything to do with ITAR or PGP....
Scott Weiser
Arthur Chance
[The "you" in the next quote is me.]
> You continue the metaphorical argument.
I was not arguing, I was not using metaphor. In response to your remark
> >> The statement that "a computer program is a message" is a very
> >> dubious proposition and at best a metaphor, not an identity.
I gave a factual and accurate report of the fact that I and my friends
with programming skills exchange (humanly) meaningful messages between
ourselves which also happen to be computer programs. I'm sure there
are many others here who have exactly the same experience. Unless you
think I'm lying or you learnt your logic the wrong side of the looking
glass, that means that the statement "a computer program is a message"
*is*, under regularly realised circumstances, an identity, not a
metaphor, and definitely not a dubious proposition.
I'm sure you must have analogous experiences of communicating with
your peers using specialist economics notation, rather than English,
and anyone who has ever worked with mathematicians knows they use all
sorts of odd maths notations as speech between themselves. Why then
deny that computer code can also be a form of *human* communication?
COBOL, in particular, was specifically designed to be its own
commentary, thus serving the dual purpose of allowing the programmer
to control a computer *and* communicate with her successors the means
and purpose of that control.
> The point is that under the law a computer program is in the
> language of the ITAR which prohibits export of crypto computer
> programs without a license.
If you change that "under the law" to "under the current US establishment
interpretation of US law and export regulations" I have not the
slightest disagreement with it, and never in any way suggested that I
did. You're introducing red herrings.
[Rest snipped as DS was arguing with what he thought I said, not what
I actually said, and in a gratuitously insulting fashion as well.
(Very reminiscent of Basil Fawlty being sarcastic.) Yes David, as you
said, you really do have a problem with finding an appropriate
register in this medium. Might I suggest in particular that "getting
your retaliation in first" is nonoptimal, especially when you're not
even being attacked.]
David Sternlight
>In article <david-13099...@192.0.2.1> David Sternlight
(da...@sternlight.com) wrote:
>:>That the sovereign bans export of crypto is not a moral issue but a legal
>:>and policy issue.
>
> The federal government is *not* "the sovereign". We the people
>are the sovereigns, who delegate our authority to our state governments, which,
>in turn, delegated authority to the federal government via the Constitution.
>
> For someone who pretends to be as knowledgeable as you do, David, you
>show a remarkable lack of understanding of the concept of republican
>government.
>
>Followups trimmed--this has nothing to do with sci.crypt.
"The sovereign" in this case is the people, acting through their elected
representatives, the Congress. ITAR is a law passed by that Congress. You
seem not to be familiar with the use of "sovereign" in U.S. Constitutional
discussions.
Personal remarks aren't useful, especially if they might end up being wrong.
Why do so many have so much trouble understanding that the Congress' laws
are passed by the mechanism established by "We the people" for the use of
"We the people" in the Constitution--the Congress? Why do they constantly
try to pretend that somehow the parts of the Constitution they like are in
there, but the parts they don't aren't?
I agree that this is off-topic for sci.crypt. Like most Usenet posters, I
don't constantly check the headers of posts I'm replying to--thus the
originator of a topic or the one who changes the subject without changing
the topic name bears the onus. In the case of this topic I did not
originate this thread.
I am adding back sci.crypt to the headers to clear up the latter point,
but via the "Followups" line, taking replies back out, as you have
suggested by your action.
David
--
This writer now uses author filters. Posters with low signal to noise ratio are no longer read. Silence thus does not constitute assent.
David Sternlight
>da...@sternlight.com (David Sternlight) writes:
>
>>They had years to file a court test if they were really, as they claim,
>>losing lots of money because of this. Thus I don't think they were.
>
>>Software companies do not strike moral poses about export laws. They are
>>not Internet ideologues. What they DO do is go to court and Congress.
>
>Most software companies do not know anything about either security or
>ezpecially cryptography. Microsoft has a total crypto expertise of abotu
>two people. The possibility and need for the public use of crypto is
>about 2 years old. Remember that 7 years ago the biggest workstation
>vendor of the time shipped thier operationg system so that anyone in the
>world could mount disks on your computer without your permission, and
>shipped an operating system with programs whose only purpose was to give
>any user root access. The internet has caught everyone by surprise, and
>the need for cryptography has certainly not sunk in at higher levels
>anywhere yet.
I suggest you review the history of RSADSI and its licensees, with
particular reference to dates. Then I suggest you review the history of
public use of crypto, again with specific reference to dates.
Next repeat after me: "The Internet is not the history of computing."
Finally, that some operating systems as recently as 7 years ago, had the
ability for anyone to get root access didn't mean that all did. The first
operating system I used was in 1952 and that didn't give everyone root
access, nor did most of those I used of many differing flavors since. One
of the early commercial time-sharing remote-access systems. IBM's CP/CMS
is a LOT older than 7 years--maybe 20 or more. It was widely used both in
the US and elsewhere to provide commercial "time-sharing" services. Though
IBM's commercial mainframes in the 1960's had poor file security, Control
Data's did not. The encryption of passwords is a LOT older than 7 years,
even for UNIX.
Your assertions show a regrettable lack of historical knowledge. If you
wish to have the last word, you may do so. Please include the preceding
sentence in any reply, as a reminder.
>
>The need for good crypto is going to hit hard and fast, and companies
>will scramble like mad to supply it ( usually badly). It is at that
>point that it will suddenly hit American companies that they are not
>cappable of supplying the market, the of necessity world wide market.
>(How in the hell can you sell an internet tool which is built to the
>lowest denominator, and how do you supply the millions of escrowed keys
>when there is no mechanism to do so. Maybe you cobble together something
>and a year later discover that some criminal or hacker organisation has
>just lifted the whole escrow)
The above is an opinion though your use of "is" might mislead readers into
thinking it is a statement of fact. I think much in the above paragraph
will be proven incorrect by events, but think it is not worth a side
discussion.
William Unruh
>>
>>The ITAR prevents me from giving PGP to my friend Alin, a Romanian
>>national residing in the US. However, Alin has a God-given right to
...
>>If I give PGP to Alin, I've broken the unconstitional ITAR law. If I'm
>Only if Alin tries to take PGP out of the country...or he is designated
>as a subversive alien. And if you give it to him inside the US, you have
>not committed a crime, unless he is a spy and you knew it, and knew he
>intended to smuggle it out.
This may well be true. As I ( not a lawyer) read ITAR, "export" for articles
(defense srticles" ) means taking them out of the country. However, "export"
for technical data or defense services (IE helping someone) is defined also to apply to
people inside the country. So I would read this that your friend can get PGP but
you cannot help him use it.
--
Bill Unruh
un...@physics.ubc.ca
David Sternlight
(E. David Neufeld) wrote:
>
>David Sternlight must have made his parents very proud. He *ALWAYS*
>follows the rules. Even when the rules are wrong, he never questions
>them.
Plonk!
William Unruh
>I gave a factual and accurate report of the fact that I and my friends
>with programming skills exchange (humanly) meaningful messages between
>ourselves which also happen to be computer programs. I'm sure there
Courts rule on individual cases not on abstracts. If the purpose of the exchange is
for you and your friend to directly communicate with each other, the
"program" would probably be found to be protected speach. Ig the purpose of the
exchange is for him to run the program on his computer, then it would probably
be found to be "software" which is not necessarily portected. The law has been
happy for millenia in dealing with concepts such as intent and purpose.
After all if you kill someone, your intent makes a huge difference to
the legal situation- sometimes youwill bear no penalty whatsoever, and sometimes
a most sever one, depending on intent and circumstance. What makes you feel that
courts would not be equally able to discern intent and s\circumstance in the
case of programs? So sometimes you programs will be protected speech, and sometimes
not, and it will have to be up to you to show that in this case it is, and for the
prosecution to argue that in this case it isn't. Free speech lies not in the speech
itself but in th econtext in which it is used.
--
Bill Unruh
un...@physics.ubc.ca
David Sternlight
<Scott....@colorado.edu> wrote:
>
>>If I give PGP to Alin, I've broken the unconstitional ITAR law. If I'm
>>prosecuted, and if the case gets to the Supreme Court, then certain
>>portions of the ITAR may be overturned.
>
>Only if Alin tries to take PGP out of the country...or he is designated
>as a subversive alien. And if you give it to him inside the US, you have
>not committed a crime, unless he is a spy and you knew it, and knew he
>intended to smuggle it out.
I don't think you may give controlled munitions to a foreign national
inside the US, without a license. Better read the ITAR. It's on the eff
web site.
Paul S Winalski
rmas...@r2m.com (Robert Mashlan) wrote:
>
> Well, the Supreme court is hostile to the second amendment. The standing
> Supreme Court position on the right to bear arms uses that convulted logic
> that the people have the right to bear arms as part of a state militia,
> therefore, your state national guard has the right to bear arms, but you
> language of the ammendment doesn't firmly connect "people" to a "well
> regulated militia") is that there is no autonomy of state national guards
> from federal control, because national guard units fought in Vietnam under
> control of the president.
It's not really a particularly convoluted interpretation, merely a
very narrow interpretation. The second ammendment reads, in full:
"Right to Keep and Bear Arms. A well-regulated militia being necessary
to the security of a free State, the right of the people to keep and
bear arms shall not be infringed." The narrow interpretation of this
wording is that the ammendment grants the right to keep and bear
arms as members of the state militias (these days called the national
guard).
--PSW
Iolo Davidson
da...@sternlight.com "David Sternlight" writes:
> In article <43achi$1...@pollux.usc.edu>, k...@pollux.usc.edu (Kenneth J.
> Hendrickson) wrote:
>
> >Alin has a God-given right to
> >keep and bear arms
>
> Uh, sorry, I must have missed that passage in the Old Testament.
> Pointer, please?
The point was that citizens are not granted rights by government
of the constitution, but have simply have them. Certain specific
rights are listed in the bill of rights, but they are not granted
by that document. The founding fathers themselves seem to have
ascribed the grant to god.
> >and which must also include a God-given right to obtain said arms.
>
> Is there a right to the pursuit of happiness? Does that mean the
> government may not pass laws dealing with drugs, prostitution, theft,
> child porno, murder, etc. which might interfere with the pursuit of
> happiness for some particular person.
Non sequitur. The right to possess arms implies as a necessary
condition the right to obtain them. Happiness comes in many
forms, some of which do not infringe the rights of others and
some which do. Your right to bear arms does not include the
right to steal them or misuse them either.
> Silence thus does not constitute assent.
This man killfiles anyone who threatens his determination never
to assent to anything. It is the only way he can escape it.