Dave Farber:
> As I said , the devil is in the details.
Let me agree. Remember when the Administration said it was giving
industry what it wanted -- transferring crypto exports to the Commerce
Dept? And when later "industry" worked out a deal so they could "easily"
export key-recovery products, only to discover that in the final regs
and procedures it really wasn't so easy?
There's a vague and undefined term in the press leaks so far:
One-Time Technical Review
What does this mean? It appeared in some early crypto liberalization
bills floated in Congressional committees. Does it mean:
* On the same day that you first put your encryption invention
on your web site, you have to send a binary copy to the NSA?
or: * BEFORE you post your encryption invention on your web site,
you have to send a copy to NSA?
or: * BEFORE you post it, you have to send a copy to NSA -- AND THEN WAIT
until they say you can export it?
or: * BEFORE you post it, you have to send the source code to NSA --
and rather than a mere delay, they have the option to respond
by telling you that you just can't export it?
or: * You can't post it at all -- you need to provide details about
each person who receives it, and you don't know that about the
people who download it.
or: * ....infinite variations....
We'll only really know once the regulations are published, which is
rumored to be in a few months.
John
