[2298] in cryptography@c2.net mail archive
Re: reference
daemon@ATHENA.MIT.EDU (Robert Hettinga)
Thu Mar 19 16:52:01 1998
In-Reply-To: <199803190307.WAA13097@sequent1.providence.edu>
Date: Thu, 19 Mar 1998 10:56:37 -0500
To: dcsb@ai.mit.edu, cryptography@c2.net, CYBERIA-L@LISTSERV.AOL.COM,
e$@vmeng.com.DIGSIG@LISTSERV.TEMPLE.EDU
From: Robert Hettinga <rah@shipwright.com>
At 10:07 PM -0500 on 3/18/98, Somebody, a law professor Somewhere, wrote:
> ...Do you know the place to find the rule,law,whatever
> which waives certain encryption export restriction rules for large US corps
> that need extra security???
Actually, the way I undertand it, it's virtually unpromulgated. :-/. Same
as it ever was with spookstuff, right? (Somewhere even Rawls is laughing at
us...)
Though the control of this absolutely secret set of crypto export
guidelines has gone from NSA/State, to NSA/FBI/Commerce, to probably
FBI/Commerce by now, you still have to submit your code and take your
chances that it will either be turned down, or, worse, ignored while the
market moves on past you. All we have at the moment is a bunch of
successful CJRs(?) for any legal "precedent". Mudulo the ocassional court
proceding, of course -- all of them neatly sidestepped by various
jurisdiction-hopping Feds for the time being.
In the vain hope that I'm wrong on this, :-), I'll bounce this to
dcsb@ai.mit.edu, cryptography@c2.net, CYBERIA-L@LISTSERV.AOL.COM,
e$@vmeng.com, and DIGSIG@LISTSERV.TEMPLE.EDU to see if anyone in those
places knows of a particular actual *law* on the books, other than the
ITARs (not a law), now the EARs (also not a law), about financial
cryptography. As far as "rules" go, there are the various interpretations
of ITARs, oops, EARs, of course, which are, as I said, more conspicuous by
what they *don't* do, than what they, heh, do do, for US companies who hope
to export even just financial cryptography.
Of course, even if it weren't for the First Amendmendment, which is our
Last Best Hope for Cryptography at the moment, I would be remiss in my
fanaticism on the subject :-) if I didn't say here and now that financial
cryptography is the thin edge of the crypto wedge, the camel's nose, and
all that. You can't move money on the net, book *or* bearer, without the
strongest (not "legally", but computationally, and thus economically)
possible cryptography. So, soon enough, there'll be more than enough
strongly encrypted packets flying around on the net that no one will be
able to tell what's financial crypto and what's not. Frankly, even
*labling* encrypted packets as financial crypto is fiduciarily
irresponsible, I'd say. I leave the actual *financial* consequences of all
this as an exercise to the "policy" people out there with the
reccommendation that they run the financial central-control clock backwards
to get the best future predictions. :-).
Anyway, monitor the lists I've sent this to, Somebody, and you'll get lots
more specific comment on on this subject in those places. If not, look in
the archives for those lists, and you'll see even more specific, though
older, comment there. :-).
Cheers,
Bob Hettinga
-----------------
Robert Hettinga (rah@shipwright.com), Philodox
e$, 44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
The e$ Home Page: http://www.shipwright.com/
