Re: Justice Dept asks Court of Appeals to reconsider ruling in Bernstein case
On Mon, Jun 21, 1999 at 07:26:11PM -0400, Steven M. Bellovin wrote: According to the AP, the Justice Department has asked the 9th Circuit Court of Appeals to reconsider its decision in the Bernstein case (http://www.nytimes.com/aponline/w/AP-Encryption.html). The article didn't say so, but I assume that they've asked for a rehearing by the full court, instead of just a three-judge panel. They've asked for both, which is how this sort of thing works. They advance two arguments in their petition - "The EAR's Export Controls on Encryption Source Code Are Not a Facially Unconstitutional Prior Restraint" (arguing that the crypto export controls aren't targeted at expressive activity, and hence not properly subject to a facial challenge on prior restraint grounds) and "The Export Controls on Encryption Source Code are Severable From the Export Controls on other Encryption Products". (arguing that the Supreme Court, in _ACLU v. Reno_ 117 S.Ct. 2329, establishes that it is appropriate for a court to sever part of a statute or regulation where there is a "textual manifestation" of a distinction between constitutional and unconstitutional regulation.) -- Greg Broiles [EMAIL PROTECTED]
RE: Could Open Source Software Help Prevent Sabotage? (fwd)
On Mon, 21 Jun 1999, Michael Cervantes wrote: Most open source software is distributed in a tar file with just makefiles, docs, and source. You compile the object directly from the source code that is provided. However, binary packages are becoming more common as package management apps like Redhat's RPM become ubiquitous, and it is important that sys admins recognize the significance of this. RPMs and other modern binary package formats include signatures (PGP in RPM's case). In most cases you can also obtain source packages. In RPM's case a source package consists of a "pristine" source archive, zero or more patches to the the source and a "spec" file which describes the package and build procedure. Having the modification seperate from the original source, and thus the ability to verify the integrity of the original source helps quite a bit. Regards, Damien Miller -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.ilogic.com.au/~dmiller | Email: [EMAIL PROTECTED] (home) -or- [EMAIL PROTECTED] (work)
Re: Justice Dept asks Court of Appeals to reconsider ruling in Bernstein case
I have a more detailed report on Wired News: http://www.wired.com/news/news/politics/story/20333.html My favorite part of the brief (I quote it): Another argument: That this type of regulation is an executive-branch policy decision involving "extraordinarily sensitive" info that's too secret to disclose publicly. "Judicial review is particularly unworkable [since] decisions always involve an appraisal of the potential impact of proposed encryption exports on the government's [signals intelligence] and cryptoanalysis capabilities." The brief also talks about how the case affects NSA SIGINT capability. -Declan At 07:26 PM 6-21-99 -0400, Steven M. Bellovin wrote: According to the AP, the Justice Department has asked the 9th Circuit Court of Appeals to reconsider its decision in the Bernstein case (http://www.nytimes.com/aponline/w/AP-Encryption.html). The article didn't say so, but I assume that they've asked for a rehearing by the full court, instead of just a three-judge panel.
Re: Justice Dept asks Court of Appeals to reconsider ruling in Bernstein case
In message [EMAIL PROTECTED], Declan McCullagh wri tes: I have a more detailed report on Wired News: http://www.wired.com/news/news/politics/story/20333.html My favorite part of the brief (I quote it): Another argument: That this type of regulation is an executive-branch policy decision involving "extraordinarily sensitive" info that's too secret to disclose publicly. Gee -- did they happen to mention that the CRISIS report concluded that the question could be discussed without reference to classified info?
Re: personal encryption? (fwd)
Dan Geer [EMAIL PROTECTED] writes: this does not lead to secret messages. this leads to the ultimate in biometrics. Do you imply having a machine with PCR's for some unique string in the authenticator's DNA? I see two problems. First, twins. Second, it's possible to grow DNA from fingernail clippings, hair, etc. It would be like habitually writing your password down on everything you touched :-) Marc