1. Illegal export of crypto
I must speak, before things go too far.
I work for a major law enforcement organization. When I was
hired, I took an oath to uphold the laws of the jurisdiction I
was in - which includes the United States and the state I am in,
as well as the municipality.
I am _required_ - by my own moral code, having taken that oath -
and by the laws of this state, in certain circumstances - to
report illegal activity. I have _barely_ enough leeway, in both
cases, to be able to say that if I can't provide _proof_, I am
not obligated to report it. And in some cases, I don't even have
that leeway - for example, if I have reason to _suspect_ that a
child is being abused, I am required to report it.
These obligations hold whether I agree with the law in question
or not. Under the circumstances, I must advise the members of
this list - most especially Ralf - to _not_ discuss this matter
on the list, or even assert a willingness or intent to violate
any laws. Take it to private mail, if you must discuss it; that
way, I will not be seeing it, and will not be obligated to report
it.
That said, there is a major loophole in the crypto laws that Ralf
has stated his disagreement with: It is perfectly legal to
export the source code in _printed_ form, i.e., on lots of paper.
Yes, it's an asinine difference, especially given the ease of
converting back and forth. However, the distinction has been
upheld in U.S. courts, over the objections of the U.S.
Government. I can avoid the need to report the intended
violation of the law by noting that I am assuming that Ralf's
intent, as a law-abiding citizen, was to simply take the
necessary information from an interested party so that he could
mail out a source book for the program/library in question.
However, if it becomes clear that this is _not_ the intent, I
will be obligated to report it. Don't force me into that
distasteful position.
--
Jeff Zeitlin
jzeitlin at cyburban.com
2. Re: Illegal export of crypto
>These obligations hold whether I agree with the law in question
>or not. Under the circumstances, I must advise the members of
>this list - most especially Ralf - to _not_ discuss this matter
Sorry Jeff, I know US citizens might belive that as truth, but neither
Ralf, and many, many people on list listerver, the internet and
the world lives, was born or has been on your country... too bad for
your intents :)
Since when IDEAS can't be "legally" shared? I'm doubting you got a
democracy, sounds worst than Stalinism! And I've lived a tirany
here in Chile with Pinochet.
Regards,
Daniel Berstein
daber at pair.com
3. Re: Illegal export of crypto
**** Disclaimer: ****
This is my opinion, and, as I understand it, having an opinion is not
breaking any laws, either in my country, or the US. I have tried to
avoid, wherever possible, saying anything that could *imply* that I was
*thinking* about commiting a felony. Also, I will not be held
responsible for any errors in my interpretation of any laws, rules, or
regulations, as I am human, and prone to mistake or misjudgement.
I am NOT IN THE LEAST showing any desire to commit a felony, this is
nothing but my personal opinion, which may change at any time. I am
showing no ill-will towards the US or its law processes.
******************
Jeff Zeitlin wrote:
> I must speak, before things go too far.
>
> I work for a major law enforcement organization. When I was
> hired, I took an oath to uphold the laws of the jurisdiction I
> was in - which includes the United States and the state I am in,
> as well as the municipality.
>
Fair enough, but, the US government seems to have a problem with the
idea that there are other countries on the internet, besides
themselves. As for upholding the laws of your jurisdiction, that's fair
enough also. So now you've quieted the US portion of this list.
> [snip}
> These obligations hold whether I agree with the law in question
> or not. Under the circumstances, I must advise the members of
> this list - most especially Ralf - to _not_ discuss this matter
> on the list, or even assert a willingness or intent to violate
> any laws. Take it to private mail, if you must discuss it; that
> way, I will not be seeing it, and will not be obligated to report
> it.
>
Why can Ralf not discuss the matter? He does not live in the US, and
hence, is not subject to the US's ITAR rules. Open discussion of
something is not in violation of any laws I know of. If he were to say
"I, Ralf Nieuwenhuijsen, openly declare my intent to allow a citizen of
the United States to break crypto exportation laws, by knowingly
recieving a working strong encryption program from said citizen..." then
perhaps you may be obligated to report it. But, since he has so far,
voiced his opinion, and nothing else, I feel he is breaking no laws, or
showing any intent to do so.
Also, as far as I understand the law, all the person who wrote the
program needs to do, is write up some extensive documentation on the
program, and allow people outside the US to download that. Using Ralf
as an example, again, he could then download this documentation (which
contains no code or executables) and rewrite the program himself. If
I'm wrong in my assumption, I apologize. Also I could get the crypto
progam in question, in printed form, convert it back to binary, and send
it to Ralf as is, or slightly modified to lower the encrytion level,
under my country's export laws, which still follow the since dissolved
COCOM regulations. These laws are *far* less severe than the US's.
(NOTE: I am in no way showing an intent to actually do the above, I am
just stating that it could be done)
Now, in my opinion, the US's crypto export laws are outdated and
obsolete. Not only that, they seems almost...Microsoft-ish. It seems
to me, that the US doesn't want strong encryption to fall into the hands
of a 'dangerous' country. If a country were to start using this strong
encryption, where would the US get it's intelligence from? So the US,
with these laws, continue with its monopoly: They can read what other
countries are hiding, but the other countries can't read what the US is
hiding. Just another extension of the US's grand monopoly. No use
shooting for world domination, Saddam, the US is already there.
Anyways, I *hope* I didn't mess up to badly, and I'm gonna be really
upset if a group of federal agents show up at my door...
So, in conclusion, I say this:
What needs to be done, is a worldwide standard. No programmer wants to
have to write two or more versions of his program to accompany various
import and export laws. Also, as kind of a sidenote: the author of PGP
was in all sorts of hot water for his strong encryption, because it
broke export laws. The charges have since been dropped, and it was
downloadable, useabel, compiled software. Here, Alan Tu wrote a
program, in the spirit of the free trade of information, not to be used
for it's encryption abilities, but to show people his accomplishments,
and to show other people how to do it. At least, that's my take on it.
I'm tired, and I just KNOW I'm gonna regret typing all this out when I
wake up in the morning ...So please don't flame me too badly...
Goodnight all
Greg
**** Disclaimer 2: ****
Again, let me reiterate, I am no implying any intent to break any laws,
and I am just voicing my opinion in a manner that I believe to be
legal. Any laws I may have broken, however unlikely, are due to my
misinterpretation, a simple error, to which we all stand accused at
least once in our lives.
*******************
4. Re: Illegal export of crypto
>These obligations hold whether I agree with the law in question
>or not. Under the circumstances, I must advise the members of
>this list - most especially Ralf - to _not_ discuss this matter
>on the list, or even assert a willingness or intent to violate
>any laws. Take it to private mail, if you must discuss it; that
>way, I will not be seeing it, and will not be obligated to report
>it.
Hello ? Im dutch. I havent broken any dutch law. Unlike the states (who
indeed systematically monitor the rest of the world, on the phone, internet,
etc. and are thus braking one of the human rights: privacy) here we dont
have the resource to do such things. Plus we dont have a 'secret' service or
something in that line. Holland is a country of prevention rather than a
punishment machine. (catch & kill, right?)
>That said, there is a major loophole in the crypto laws that Ralf
>has stated his disagreement with: It is perfectly legal to
>export the source code in _printed_ form, i.e., on lots of paper.
Disagreement ? No, It is just silly. It is what they did with some of the
common known encryption programs. Anyone feel free to mail me the source
code:
Ralf Nieuwenhuijsen
Schoener 22
2401 MT Alphen Aan Den Rijn
The Netherlands
>Yes, it's an asinine difference, especially given the ease of
>converting back and forth. However, the distinction has been
>upheld in U.S. courts, over the objections of the U.S.
>Government. I can avoid the need to report the intended
>violation of the law by noting that I am assuming that Ralf's
>intent, as a law-abiding citizen, was to simply take the
A law-abiding citizen ? If I hold upto the law, then that means the law
upholds to my values, and NOT the other way around. We are people, not
slaves, get a mind of your own.
>necessary information from an interested party so that he could
>mail out a source book for the program/library in question.
>However, if it becomes clear that this is _not_ the intent, I
>will be obligated to report it. Don't force me into that
>distasteful position.
Its only the states that is having these issues and other than that, its an
international group of users and therefor, since internet is a 'ghost'. (you
cant touch it, see it, feel it, or associate a fixed position with it) it is
considered to be an 'international area'. All so called illegal activities
although originated from different countries. Take for example the crap on
the newsgroups, those who post are violating, but the ISP that store the
crap (and every ISP stores it for itself) are not violating. So, when I post
an message illegal in the states, then they could do me harm, if I would
live in the states, otherwise they can off course choose to start a war with
holland, and sent some misiles our way.
The amount of 'trust' and 'loyality' you people put into an bad attempt of
achieving a good environment based upon democracy and human right. Why dont
you uphold what the idea *behind* the law, rather than the bad
implementation of that idea.
Most people of the US think this can and may be exported. So to prevent that
from happening your upholding the law and downgrading the ideals behind it.
Not the most ethical correct move, only the most politically correct move.
Ralf
5. Re: Illegal export of crypto
'lo all!
I'm not gonna have any disclaimer, yet I have... no intent of doing a
felony, even tho I am in the U.S. and all the stuff Greg had in his
disclaimers...
I just wanna say this: I never liked the governments screwing with
computer stuff, its stupid. I support the side of free trade of
information. I believe that the creator of this program had no intent of
exporting it to other contries than his own, for whatever reason
possible, except to show his work. Now pleeease don't get me started. If
anyone misinterprets this, and later calls authorities on my opionion,
try it and just see what happens. I am more intelligent for my age, and
I know my rights and responsibilities. If those who misinterpret my
opionion do, its gonna be YOUR fault, not mine.
oh whatever, i'm half awake, trying to voice an opionion... I'm just
gonna go to sleep.
My $1.50,
-- "LEVIATHAN"
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
6. Re: Illegal export of crypto
>Date: Wed, 30 Dec 1998 10:04:54 +0100
>Reply-To: Euphoria Programming for MS-DOS
<EUPHORIA at LISTSERV.MUOHIO.EDU>
>From: Ralf Nieuwenhuijsen <nieuwen at XS4ALL.NL>
>Subject: Re: Illegal export of crypto
>To: EUPHORIA at LISTSERV.MUOHIO.EDU
> <lotsa snip>
I like what you said ralf, and it ws what I was trying to say, and
couldn't. :) It is only the politically correct move, not the most
ethical.
-- "LEVIATHAN" who couldn't find a "Ralf wrote" on his quote thing... :)
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
7. Re: Illegal export of crypto
>Also, as far as I understand the law, all the person who wrote the
>program needs to do, is write up some extensive documentation on the
>program, and allow people outside the US to download that. Using Ralf
>as an example, again, he could then download this documentation (which
>contains no code or executables) and rewrite the program himself.
I read somewhere that it is perfectly legal (and is how PGP is exported
legally now) to send the code on paper. As long as it isn't in an
executable form, no problem.
I looked at an encryption site at MIT and a number of other places and they
ALL say they freely export to US and Canada. So certainly it seems
reasonable to assume that Canada is ok for export.
But ultimately, the law is not just common sense and neither is it always
consistent in a logical sense. Basically WE DON'T KNOW. Therefore I
suggest that if you're concerned, rather than idly speculating to no avail,
send a few e-mails to encryption companies. It would be free and I'll bet
that some of them will happily tell you what the law says.
--W. Baker
8. Re: Illegal export of crypto
- Posted by Flash Braden <anathema at IX.NETCOM.COM>
Dec 30, 1998
-
Last edited Dec 31, 1998
Ignorance comes by the truckload on this list. I have only
one
word for the comparison of our system to Stalinism.
*stupid*
cheers,
-Flash->
Daniel Berstein wrote:
>
> >These obligations hold whether I agree with the law in question
> >or not. Under the circumstances, I must advise the members of
> >this list - most especially Ralf - to _not_ discuss this matter
>
> Sorry Jeff, I know US citizens might belive that as truth, but neither
> Ralf, and many, many people on list listerver, the internet and
> the world lives, was born or has been on your country... too bad for
> your intents :)
>
> Since when IDEAS can't be "legally" shared? I'm doubting you got a
> democracy, sounds worst than Stalinism! And I've lived a tirany
> here in Chile with Pinochet.
>
> Regards,
> Daniel Berstein
> daber at pair.com
--
-------------------
C. C. -Flash-> Braden, linkmaster:
http://www.freecitizen.com/
This week's cartoon:
http://www.freecitizen.com/carlmoore/NEW.HTM
9. Re: Illegal export of crypto
At 11:54 p.m. 30-12-98 , you wrote:
>Ignorance comes by the truckload on this list. I have only
>one
>word for the comparison of our system to Stalinism.
>
>*stupid*
>
>cheers,
>-Flash->
Sure. So what's the word for a goverment that is spying over
his citizens (with "watchdogs")?
Remainds me of the novel "1984".
Regards,
Daniel Berstein
daber at pair.com
10. Re: Illegal export of crypto
Big brother loves us and in turn we love big brother.
11. Re: Illegal export of crypto
This whole conversation just goes to show how bad this US totalitarianism is
getting. Our law enforcement community is so brainwashed that they will hang
you for picking your nose.
If you really feel so obligated to turn in everybody, then I hope you turn
in your kids when they take their first hit off a joint. How about your law
buddies drinking and driving? Why don't you turn yourself in the next time
YOU break a law. It is completely impossible to avoid breaking a law, since
every area of our lives is regulated!!
You RAT!!!
-----Original Message-----
From: Jeff Zeitlin <jzeitlin at CYBURBAN.COM>
To: EUPHORIA at LISTSERV.MUOHIO.EDU <EUPHORIA at LISTSERV.MUOHIO.EDU>
Date: Thursday, December 31, 1998 3:19 AM
Subject: Re: Illegal export of crypto, insinuations and accusations by Norm
Goundry
On Thu, 31 Dec 1998 00:00:07 -0500, Norm Goundry
<bonk1000 at HOTMAIL.COM> wrote:
>Brrr!!! Did someone leave a door open here someplace, or what?
>There was a cold breeze blowing through the place, and I
>understand it comes from a so-called member of a large
>law-enforcement organization.
"So called"? I assure you, I most certainly _am_ a member of a
large law enforcement organization. It is, in fact, the largest
law enforcement organization in the United States that does not
have multi-state jurisdiction. And I _am_ a member of that
force, although not one that is directly charged with law
enforcement duties (which I never claimed to be). And I _did_
take an oath such as I described. These were required from me
upon my hiring.
> As being one myself from some
>years ago (a cadre-instructor at military police headquarters in
>the U.S. Army), I assure you mr. "jeff zeitlin", that
>representing yourself as member of the police, or
>fire-department, or any other civil organization in your country
>is ALSO A FELONY.
Excuse me? I am representing myself as exactly what I am. I
have made no statement about my employment or my oath that is
demonstrably false. Nor have I made any effort to conceal my
name. It is certainly no felony - nor even a misdemeanor or
violation - to tell the truth. And I certainly am not claiming
authority that I do not have, nor am I attempting to use my
position for personal gain. Quite the opposite - I am being up
front about a distasteful position that I saw the possibility of
finding myself in, and I am trying to avoid finding myself in
that position.
> Now, since you seem to think that mentioning
>your so-called status can swing any weight outside of your
>jurisdictional area (i.e., where you draw your paycheck for
>whatever job it is that you do) try doing it. For example, try
>bringing your sidearm (if you have been allowed one) and your
>threats into Canada, or Britain, or Japan, and see what happens!
I have made no threats. I have deliberately avoided making
threats, especially those that I cannot keep. At the time I made
the post that seems to have provoked so much rancor - and
stupidity - I had overlooked the fact that Mr. Nieuwenhuijsen was
not located within a jurisdiction where the laws I am required to
uphold were in force. For that error, I would apologize. I am
not suggesting that United States laws are to be enforced against
non-citizens not located within the United States. If Dutch law
and European Community law permit Mr. Nieuwenhuijsen to e-mail
source to interested parties, then he is perfectly free to do so.
At any rate, legal for Ralf or not, I have nothing to say on that
matter, as my obligation does not extend to non-U.S.-citizens not
located on United States soil. It is even potentially
questionable whether it extends to U.S. citizens not on United
States soil.
(However, were he to post even the source code to this list, he
would be placing Miami University of Ohio, where this list is
served, in violation of the laws in question, as this list is
clearly machine-readable media transmitted across national
boundaries other than that between the United States and Canada.
_Ralf_, however, would still not be in violation.)
>You should know that the higher 'law' that you have sworn to
>uphold is the Constitution of the United States of America, which
>guarantees certain 'unalienable rights', among which are the rights
>to assembly, freedom of speech, etc.
Yes, I realize that. I also am familiar with many of the legal
limitations on those rights. And cryptographic law is a subject
of some interest to me, so I have made a special effort to become
informed of some of the legal issues surrounding it.
> You are out of your territory
>in my neck of the woods, and I was raised by my parents to not give
>in to bullies and blackmail.
Very good; you should be proud of yourself. Knuckling under to
bullies and blackmailers is always a bad move. I fail to see
where my previous post could be construed as either.
However, my oath and obligation specifically mentioned the laws
of the United States, not only the Constitution. Therefore, if I
am aware that you provably intend to violate a law of the United
States - a Federal law, in other words - I am obligated to report
this information to the appropriate agencies.
> Mr. Zeitlin, this is what your 'job'
>is: to do as you are told to do, not what you think to do.
False. Both in the execution of my particular duties, and as a
member of this organization, I am expected to use my judgement to
accomplish the organization's goals, within the limits that the
organization has set. The organization has not set any explicit
limits to my duty in connection with my oath. And I am expected
to uphold my oath. Something which, apparently, is _not_
expected of the Commander in Chief of the Armed Forces of the
United States.
> I have
>been there myself,
You have not. Based on your own claims, you have not been in a
law enforcement organization, but in the Armed Forces of the
United States. You have been in a subdivision of those Forces
that deals with the enforcement of _military_ law. I am on the
non-military side of things. Law enforcement, not national
defense. There is a distinction, and, quite frankly, you had the
harder job, and the more serious strictures on your oath and your
actions. But it _is_ different on the civilian side of the
fence, and I am required to do more than merely follow orders.
> and I assure you that if you are a real person,
>in a real position, then you have already broken your oath by the
>way that you have placed yourself as to determining whether a law
>has or has not been broken. It is not your choice to make. Get on
>with your life, and leave other people alone with theirs.
Apparently the English language is unfamiliar to you. I do not
determine whether the law has been broken. I simply report on
activities that I witness, in any form, that appear to me, based
on my best understanding of applicable laws, to violate those
laws. It is then up to the people charged with the actual
enforcement, and subsequent prosecution, to make the decision.
Even if I witnessed Ralf handing a floppy disk containing his
strong encryption to a consular staffer from, say, the People's
Republic of China, within the jurisdiction of my organization,
and I could prove that the disk contained the strong encryption
material, I could do no more than report what I had seen, and
leave the rest up to those charged with actual enforcement. But,
under the terms of my oath to uphold the law, and under my own
moral code acting in conjunction with that oath and those laws, I
would be required to report it. To _report_ it. That is _all_
that I am required to do, all that I am equipped to do, and all
that I am willing to do.
That having been said, I reiterate my _request_ that any
discussion of exchanging actual code for strong encryption be
removed from the list, and that _all_ list members refrain from
posting code for strong encryption to the list. I fully agree
that the United States regulations governing the export of strong
encryption are anachronistic and ineffective; nevertheless, they
are still in force, and the Government of the United States still
enforces them.
--
Jeff Zeitlin
jzeitlin at cyburban.com
