Re: RC4 source as a literate program
Fellow Cypherpunks, THE LAWYER GAMBIT I remember reading in old anti-IRS literature about a technique for avoiding prosecutions. A client would tell a lawyer that he wanted to do something and would ask if it were legal to do. The lawyer would then give his opinion as to wheather it was legal or not. If the lawyer said that it was legal and gave his opinion in writing, then the client could proceed without out worry. The lawyer's opinion would stop any criminal prosecution. I wonder if this would work with publishing crypt code. I think it might put the lawyer at risk. If we had a lawyer who really thought that publishing crypt code on the Internet was legal and wasn't afraid of sticking his neck out then his published statement on the Internet to this might open the floodgates of crypt code Internet posting for Americans. Donald has stated that the law in this area is quite vague. I would think even if the law prohibited it, then the law would be unconstitu- tional and therefore null and void. Any thoughts on this? Yours Truly, Gary Jeffers BEAT STATE _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com.
Re: RC4 source as a literate program
On Tue, 5 Sep 2000, Gary Jeffers wrote: then give his opinion as to wheather it was legal or not. If the lawyer said that it was legal and gave his opinion in writing, then the client could proceed without out worry. The lawyer's opinion would stop any criminal prosecution. Does this really work? I can't imagine this working for murder (but on the other hand, that's a bad example since it's unreasonable to imagine murder legal in the USA). Even for something like tax laws or other complicated regulations this sounds dubious. I wonder if this would work with publishing crypt code. I think it might put the lawyer at risk. If we had a lawyer who really thought Well, a lawyer who advised a client that something was legal when in fact it wasn't might have a problem. that publishing crypt code on the Internet was legal and wasn't afraid of sticking his neck out then his published statement on the Internet to this might open the floodgates of crypt code Internet posting for Americans. Such a statement would help, but more because it would be from an expert on the law than because of any legal shield. I am not a lawyer, and so I'd like to have one's opinion before doing anything that could land me in jail. That kind of thing. Donald has stated that the law in this area is quite vague. I would think even if the law prohibited it, then the law would be unconstitu- tional and therefore null and void. Prohibiting what - publishing cryptography code? In any case, even if the law is unconstitutional, you may have to go through several layers of court cases to prove it. c.f. Bernstein. :( -David
Re: export reg timewarp? (Re: RC4 source as a literate program)
Adam Back wrote: The US export regulations no longer prevent export of crypto. PGP exported binary copies of PGP from US websites, as now do many other companies. Crypto source is exported also from numerous web sites. I don't follow why all the discussion talking as if ITAR and EARs were still in effect in unmodified form. Good point, except that PGP.com and Freeware still have export restrictions on downloads, as do most other US crypto export sites. This is probably due to the fact that nobody understands the export regs and better safe than lose out on fat government contracts, and corollary contracts with other corporations who dare not offend the authorities. Even some private sites which rushed to offer crypto on the Internet have withdrawn their offerings. And, according to Matt Blaze's tabulation of such offerings, they have nearly petered out. Don't forget that there is till a review required by BXA for strongest products. What happens in those reviews has not been disclosed as far as I know. Whether the NDA is voluntary to hide trade secrets, compulsary to hide dirty dealing, or worse to hide really nasty access requirements -- probably some of all these in the great American tradition of promising much and delivering not so much unless you play ball under the umpires clubhouse rules. Nicky Hager (of Secret Power fame) co-wrote another book on a PR war in NZ in which he covered at length the practice of governments and corporations hiding their filthy deals from freedom of information access through the loophole of protecting proprietary information from the public. Another commentator pointed out recently that the vast majority of FOIA requests are indeed made by people seeking commercial intelligence which is not intended to be made public , and relatively few seeking information to release to the public. So there is a bind on getting info on what actually happens at BXA and its co-agencies during crypto export review. However, in contrast to a few years back, I don't see many corporations or individuals calling for greater access to closed information about crypto export procedures. Could be all the crypto folks are doing just fine under the system, so why bitch about making it into the comfort zone. And, oh yeah, fuck the public interest now that the crypto public outreach PR campaigns did their job to get inside the sweetheart PR loophole. Doug Porter has written an interesting update about all this crypto flim-flam in the "Pocket Guide to NSA Sabotage:" http://cryptome.org/nsa-sabotage.htm And what the fuck is Schneier doing trashing crypto to build his security consulting business? That sounds like priests preaching Our Church Alone salvation to keep the flock frightened, dependent and shelling out for long term protection contracts. You know, like the one-world feds and all-world spooks.
Re: RC4 source as a literate program
Fellow Cypherpunks, I was aware that posting binary/executables of crypt code from the U.S. was illegal. Is source posting of crypt from U.S. illegal too? Yours Truly, Gary Jeffers BEAT STATE _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com.