1. Illegal export of crypto
- Posted by Jeff Zeitlin <jzeitlin at CYBURBAN.COM> Dec 30, 1998
- 440 views
I must speak, before things go too far. I work for a major law enforcement organization. When I was hired, I took an oath to uphold the laws of the jurisdiction I was in - which includes the United States and the state I am in, as well as the municipality. I am _required_ - by my own moral code, having taken that oath - and by the laws of this state, in certain circumstances - to report illegal activity. I have _barely_ enough leeway, in both cases, to be able to say that if I can't provide _proof_, I am not obligated to report it. And in some cases, I don't even have that leeway - for example, if I have reason to _suspect_ that a child is being abused, I am required to report it. These obligations hold whether I agree with the law in question or not. Under the circumstances, I must advise the members of this list - most especially Ralf - to _not_ discuss this matter on the list, or even assert a willingness or intent to violate any laws. Take it to private mail, if you must discuss it; that way, I will not be seeing it, and will not be obligated to report it. That said, there is a major loophole in the crypto laws that Ralf has stated his disagreement with: It is perfectly legal to export the source code in _printed_ form, i.e., on lots of paper. Yes, it's an asinine difference, especially given the ease of converting back and forth. However, the distinction has been upheld in U.S. courts, over the objections of the U.S. Government. I can avoid the need to report the intended violation of the law by noting that I am assuming that Ralf's intent, as a law-abiding citizen, was to simply take the necessary information from an interested party so that he could mail out a source book for the program/library in question. However, if it becomes clear that this is _not_ the intent, I will be obligated to report it. Don't force me into that distasteful position. -- Jeff Zeitlin jzeitlin at cyburban.com
2. Re: Illegal export of crypto
- Posted by Daniel Berstein <daber at PAIR.COM> Dec 30, 1998
- 373 views
>These obligations hold whether I agree with the law in question >or not. Under the circumstances, I must advise the members of >this list - most especially Ralf - to _not_ discuss this matter Sorry Jeff, I know US citizens might belive that as truth, but neither Ralf, and many, many people on list listerver, the internet and the world lives, was born or has been on your country... too bad for your intents :) Since when IDEAS can't be "legally" shared? I'm doubting you got a democracy, sounds worst than Stalinism! And I've lived a tirany here in Chile with Pinochet. Regards, Daniel Berstein daber at pair.com
3. Re: Illegal export of crypto
- Posted by Greg Phillips <i.shoot at REDNECKS.COM> Dec 30, 1998
- 376 views
**** Disclaimer: **** This is my opinion, and, as I understand it, having an opinion is not breaking any laws, either in my country, or the US. I have tried to avoid, wherever possible, saying anything that could *imply* that I was *thinking* about commiting a felony. Also, I will not be held responsible for any errors in my interpretation of any laws, rules, or regulations, as I am human, and prone to mistake or misjudgement. I am NOT IN THE LEAST showing any desire to commit a felony, this is nothing but my personal opinion, which may change at any time. I am showing no ill-will towards the US or its law processes. ****************** Jeff Zeitlin wrote: > I must speak, before things go too far. > > I work for a major law enforcement organization. When I was > hired, I took an oath to uphold the laws of the jurisdiction I > was in - which includes the United States and the state I am in, > as well as the municipality. > Fair enough, but, the US government seems to have a problem with the idea that there are other countries on the internet, besides themselves. As for upholding the laws of your jurisdiction, that's fair enough also. So now you've quieted the US portion of this list. > [snip} > These obligations hold whether I agree with the law in question > or not. Under the circumstances, I must advise the members of > this list - most especially Ralf - to _not_ discuss this matter > on the list, or even assert a willingness or intent to violate > any laws. Take it to private mail, if you must discuss it; that > way, I will not be seeing it, and will not be obligated to report > it. > Why can Ralf not discuss the matter? He does not live in the US, and hence, is not subject to the US's ITAR rules. Open discussion of something is not in violation of any laws I know of. If he were to say "I, Ralf Nieuwenhuijsen, openly declare my intent to allow a citizen of the United States to break crypto exportation laws, by knowingly recieving a working strong encryption program from said citizen..." then perhaps you may be obligated to report it. But, since he has so far, voiced his opinion, and nothing else, I feel he is breaking no laws, or showing any intent to do so. Also, as far as I understand the law, all the person who wrote the program needs to do, is write up some extensive documentation on the program, and allow people outside the US to download that. Using Ralf as an example, again, he could then download this documentation (which contains no code or executables) and rewrite the program himself. If I'm wrong in my assumption, I apologize. Also I could get the crypto progam in question, in printed form, convert it back to binary, and send it to Ralf as is, or slightly modified to lower the encrytion level, under my country's export laws, which still follow the since dissolved COCOM regulations. These laws are *far* less severe than the US's. (NOTE: I am in no way showing an intent to actually do the above, I am just stating that it could be done) Now, in my opinion, the US's crypto export laws are outdated and obsolete. Not only that, they seems almost...Microsoft-ish. It seems to me, that the US doesn't want strong encryption to fall into the hands of a 'dangerous' country. If a country were to start using this strong encryption, where would the US get it's intelligence from? So the US, with these laws, continue with its monopoly: They can read what other countries are hiding, but the other countries can't read what the US is hiding. Just another extension of the US's grand monopoly. No use shooting for world domination, Saddam, the US is already there. Anyways, I *hope* I didn't mess up to badly, and I'm gonna be really upset if a group of federal agents show up at my door... So, in conclusion, I say this: What needs to be done, is a worldwide standard. No programmer wants to have to write two or more versions of his program to accompany various import and export laws. Also, as kind of a sidenote: the author of PGP was in all sorts of hot water for his strong encryption, because it broke export laws. The charges have since been dropped, and it was downloadable, useabel, compiled software. Here, Alan Tu wrote a program, in the spirit of the free trade of information, not to be used for it's encryption abilities, but to show people his accomplishments, and to show other people how to do it. At least, that's my take on it. I'm tired, and I just KNOW I'm gonna regret typing all this out when I wake up in the morning ...So please don't flame me too badly... Goodnight all Greg **** Disclaimer 2: **** Again, let me reiterate, I am no implying any intent to break any laws, and I am just voicing my opinion in a manner that I believe to be legal. Any laws I may have broken, however unlikely, are due to my misinterpretation, a simple error, to which we all stand accused at least once in our lives. *******************
4. Re: Illegal export of crypto
- Posted by Ralf Nieuwenhuijsen <nieuwen at XS4ALL.NL> Dec 30, 1998
- 379 views
>These obligations hold whether I agree with the law in question >or not. Under the circumstances, I must advise the members of >this list - most especially Ralf - to _not_ discuss this matter >on the list, or even assert a willingness or intent to violate >any laws. Take it to private mail, if you must discuss it; that >way, I will not be seeing it, and will not be obligated to report >it. Hello ? Im dutch. I havent broken any dutch law. Unlike the states (who indeed systematically monitor the rest of the world, on the phone, internet, etc. and are thus braking one of the human rights: privacy) here we dont have the resource to do such things. Plus we dont have a 'secret' service or something in that line. Holland is a country of prevention rather than a punishment machine. (catch & kill, right?) >That said, there is a major loophole in the crypto laws that Ralf >has stated his disagreement with: It is perfectly legal to >export the source code in _printed_ form, i.e., on lots of paper. Disagreement ? No, It is just silly. It is what they did with some of the common known encryption programs. Anyone feel free to mail me the source code: Ralf Nieuwenhuijsen Schoener 22 2401 MT Alphen Aan Den Rijn The Netherlands >Yes, it's an asinine difference, especially given the ease of >converting back and forth. However, the distinction has been >upheld in U.S. courts, over the objections of the U.S. >Government. I can avoid the need to report the intended >violation of the law by noting that I am assuming that Ralf's >intent, as a law-abiding citizen, was to simply take the A law-abiding citizen ? If I hold upto the law, then that means the law upholds to my values, and NOT the other way around. We are people, not slaves, get a mind of your own. >necessary information from an interested party so that he could >mail out a source book for the program/library in question. >However, if it becomes clear that this is _not_ the intent, I >will be obligated to report it. Don't force me into that >distasteful position. Its only the states that is having these issues and other than that, its an international group of users and therefor, since internet is a 'ghost'. (you cant touch it, see it, feel it, or associate a fixed position with it) it is considered to be an 'international area'. All so called illegal activities although originated from different countries. Take for example the crap on the newsgroups, those who post are violating, but the ISP that store the crap (and every ISP stores it for itself) are not violating. So, when I post an message illegal in the states, then they could do me harm, if I would live in the states, otherwise they can off course choose to start a war with holland, and sent some misiles our way. The amount of 'trust' and 'loyality' you people put into an bad attempt of achieving a good environment based upon democracy and human right. Why dont you uphold what the idea *behind* the law, rather than the bad implementation of that idea. Most people of the US think this can and may be exported. So to prevent that from happening your upholding the law and downgrading the ideals behind it. Not the most ethical correct move, only the most politically correct move. Ralf
5. Re: Illegal export of crypto
- Posted by bonn ortloff <kc7yrh at HOTMAIL.COM> Dec 30, 1998
- 351 views
'lo all! I'm not gonna have any disclaimer, yet I have... no intent of doing a felony, even tho I am in the U.S. and all the stuff Greg had in his disclaimers... I just wanna say this: I never liked the governments screwing with computer stuff, its stupid. I support the side of free trade of information. I believe that the creator of this program had no intent of exporting it to other contries than his own, for whatever reason possible, except to show his work. Now pleeease don't get me started. If anyone misinterprets this, and later calls authorities on my opionion, try it and just see what happens. I am more intelligent for my age, and I know my rights and responsibilities. If those who misinterpret my opionion do, its gonna be YOUR fault, not mine. oh whatever, i'm half awake, trying to voice an opionion... I'm just gonna go to sleep. My $1.50, -- "LEVIATHAN" ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
6. Re: Illegal export of crypto
- Posted by bonn ortloff <kc7yrh at HOTMAIL.COM> Dec 30, 1998
- 359 views
>Date: Wed, 30 Dec 1998 10:04:54 +0100 >Reply-To: Euphoria Programming for MS-DOS <EUPHORIA at LISTSERV.MUOHIO.EDU> >From: Ralf Nieuwenhuijsen <nieuwen at XS4ALL.NL> >Subject: Re: Illegal export of crypto >To: EUPHORIA at LISTSERV.MUOHIO.EDU > <lotsa snip> I like what you said ralf, and it ws what I was trying to say, and couldn't. :) It is only the politically correct move, not the most ethical. -- "LEVIATHAN" who couldn't find a "Ralf wrote" on his quote thing... :) ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
7. Re: Illegal export of crypto
- Posted by Warren Baker <wcbaker at HOME.COM> Dec 30, 1998
- 421 views
>Also, as far as I understand the law, all the person who wrote the >program needs to do, is write up some extensive documentation on the >program, and allow people outside the US to download that. Using Ralf >as an example, again, he could then download this documentation (which >contains no code or executables) and rewrite the program himself. I read somewhere that it is perfectly legal (and is how PGP is exported legally now) to send the code on paper. As long as it isn't in an executable form, no problem. I looked at an encryption site at MIT and a number of other places and they ALL say they freely export to US and Canada. So certainly it seems reasonable to assume that Canada is ok for export. But ultimately, the law is not just common sense and neither is it always consistent in a logical sense. Basically WE DON'T KNOW. Therefore I suggest that if you're concerned, rather than idly speculating to no avail, send a few e-mails to encryption companies. It would be free and I'll bet that some of them will happily tell you what the law says. --W. Baker
8. Re: Illegal export of crypto
- Posted by Flash Braden <anathema at IX.NETCOM.COM> Dec 30, 1998
- 358 views
- Last edited Dec 31, 1998
Ignorance comes by the truckload on this list. I have only one word for the comparison of our system to Stalinism. *stupid* cheers, -Flash-> Daniel Berstein wrote: > > >These obligations hold whether I agree with the law in question > >or not. Under the circumstances, I must advise the members of > >this list - most especially Ralf - to _not_ discuss this matter > > Sorry Jeff, I know US citizens might belive that as truth, but neither > Ralf, and many, many people on list listerver, the internet and > the world lives, was born or has been on your country... too bad for > your intents :) > > Since when IDEAS can't be "legally" shared? I'm doubting you got a > democracy, sounds worst than Stalinism! And I've lived a tirany > here in Chile with Pinochet. > > Regards, > Daniel Berstein > daber at pair.com -- ------------------- C. C. -Flash-> Braden, linkmaster: http://www.freecitizen.com/ This week's cartoon: http://www.freecitizen.com/carlmoore/NEW.HTM
9. Re: Illegal export of crypto
- Posted by Daniel Berstein <daber at PAIR.COM> Dec 31, 1998
- 384 views
At 11:54 p.m. 30-12-98 , you wrote: >Ignorance comes by the truckload on this list. I have only >one >word for the comparison of our system to Stalinism. > >*stupid* > >cheers, >-Flash-> Sure. So what's the word for a goverment that is spying over his citizens (with "watchdogs")? Remainds me of the novel "1984". Regards, Daniel Berstein daber at pair.com
10. Re: Illegal export of crypto
- Posted by Adam Weeden <SkaMan325 at AOL.COM> Dec 31, 1998
- 380 views
Big brother loves us and in turn we love big brother.
11. Re: Illegal export of crypto
- Posted by Jamie Murphy <jmurphy914 at MEDIAONE.NET> Dec 31, 1998
- 362 views
This whole conversation just goes to show how bad this US totalitarianism is getting. Our law enforcement community is so brainwashed that they will hang you for picking your nose. If you really feel so obligated to turn in everybody, then I hope you turn in your kids when they take their first hit off a joint. How about your law buddies drinking and driving? Why don't you turn yourself in the next time YOU break a law. It is completely impossible to avoid breaking a law, since every area of our lives is regulated!! You RAT!!! -----Original Message----- From: Jeff Zeitlin <jzeitlin at CYBURBAN.COM> To: EUPHORIA at LISTSERV.MUOHIO.EDU <EUPHORIA at LISTSERV.MUOHIO.EDU> Date: Thursday, December 31, 1998 3:19 AM Subject: Re: Illegal export of crypto, insinuations and accusations by Norm Goundry On Thu, 31 Dec 1998 00:00:07 -0500, Norm Goundry <bonk1000 at HOTMAIL.COM> wrote: >Brrr!!! Did someone leave a door open here someplace, or what? >There was a cold breeze blowing through the place, and I >understand it comes from a so-called member of a large >law-enforcement organization. "So called"? I assure you, I most certainly _am_ a member of a large law enforcement organization. It is, in fact, the largest law enforcement organization in the United States that does not have multi-state jurisdiction. And I _am_ a member of that force, although not one that is directly charged with law enforcement duties (which I never claimed to be). And I _did_ take an oath such as I described. These were required from me upon my hiring. > As being one myself from some >years ago (a cadre-instructor at military police headquarters in >the U.S. Army), I assure you mr. "jeff zeitlin", that >representing yourself as member of the police, or >fire-department, or any other civil organization in your country >is ALSO A FELONY. Excuse me? I am representing myself as exactly what I am. I have made no statement about my employment or my oath that is demonstrably false. Nor have I made any effort to conceal my name. It is certainly no felony - nor even a misdemeanor or violation - to tell the truth. And I certainly am not claiming authority that I do not have, nor am I attempting to use my position for personal gain. Quite the opposite - I am being up front about a distasteful position that I saw the possibility of finding myself in, and I am trying to avoid finding myself in that position. > Now, since you seem to think that mentioning >your so-called status can swing any weight outside of your >jurisdictional area (i.e., where you draw your paycheck for >whatever job it is that you do) try doing it. For example, try >bringing your sidearm (if you have been allowed one) and your >threats into Canada, or Britain, or Japan, and see what happens! I have made no threats. I have deliberately avoided making threats, especially those that I cannot keep. At the time I made the post that seems to have provoked so much rancor - and stupidity - I had overlooked the fact that Mr. Nieuwenhuijsen was not located within a jurisdiction where the laws I am required to uphold were in force. For that error, I would apologize. I am not suggesting that United States laws are to be enforced against non-citizens not located within the United States. If Dutch law and European Community law permit Mr. Nieuwenhuijsen to e-mail source to interested parties, then he is perfectly free to do so. At any rate, legal for Ralf or not, I have nothing to say on that matter, as my obligation does not extend to non-U.S.-citizens not located on United States soil. It is even potentially questionable whether it extends to U.S. citizens not on United States soil. (However, were he to post even the source code to this list, he would be placing Miami University of Ohio, where this list is served, in violation of the laws in question, as this list is clearly machine-readable media transmitted across national boundaries other than that between the United States and Canada. _Ralf_, however, would still not be in violation.) >You should know that the higher 'law' that you have sworn to >uphold is the Constitution of the United States of America, which >guarantees certain 'unalienable rights', among which are the rights >to assembly, freedom of speech, etc. Yes, I realize that. I also am familiar with many of the legal limitations on those rights. And cryptographic law is a subject of some interest to me, so I have made a special effort to become informed of some of the legal issues surrounding it. > You are out of your territory >in my neck of the woods, and I was raised by my parents to not give >in to bullies and blackmail. Very good; you should be proud of yourself. Knuckling under to bullies and blackmailers is always a bad move. I fail to see where my previous post could be construed as either. However, my oath and obligation specifically mentioned the laws of the United States, not only the Constitution. Therefore, if I am aware that you provably intend to violate a law of the United States - a Federal law, in other words - I am obligated to report this information to the appropriate agencies. > Mr. Zeitlin, this is what your 'job' >is: to do as you are told to do, not what you think to do. False. Both in the execution of my particular duties, and as a member of this organization, I am expected to use my judgement to accomplish the organization's goals, within the limits that the organization has set. The organization has not set any explicit limits to my duty in connection with my oath. And I am expected to uphold my oath. Something which, apparently, is _not_ expected of the Commander in Chief of the Armed Forces of the United States. > I have >been there myself, You have not. Based on your own claims, you have not been in a law enforcement organization, but in the Armed Forces of the United States. You have been in a subdivision of those Forces that deals with the enforcement of _military_ law. I am on the non-military side of things. Law enforcement, not national defense. There is a distinction, and, quite frankly, you had the harder job, and the more serious strictures on your oath and your actions. But it _is_ different on the civilian side of the fence, and I am required to do more than merely follow orders. > and I assure you that if you are a real person, >in a real position, then you have already broken your oath by the >way that you have placed yourself as to determining whether a law >has or has not been broken. It is not your choice to make. Get on >with your life, and leave other people alone with theirs. Apparently the English language is unfamiliar to you. I do not determine whether the law has been broken. I simply report on activities that I witness, in any form, that appear to me, based on my best understanding of applicable laws, to violate those laws. It is then up to the people charged with the actual enforcement, and subsequent prosecution, to make the decision. Even if I witnessed Ralf handing a floppy disk containing his strong encryption to a consular staffer from, say, the People's Republic of China, within the jurisdiction of my organization, and I could prove that the disk contained the strong encryption material, I could do no more than report what I had seen, and leave the rest up to those charged with actual enforcement. But, under the terms of my oath to uphold the law, and under my own moral code acting in conjunction with that oath and those laws, I would be required to report it. To _report_ it. That is _all_ that I am required to do, all that I am equipped to do, and all that I am willing to do. That having been said, I reiterate my _request_ that any discussion of exchanging actual code for strong encryption be removed from the list, and that _all_ list members refrain from posting code for strong encryption to the list. I fully agree that the United States regulations governing the export of strong encryption are anachronistic and ineffective; nevertheless, they are still in force, and the Government of the United States still enforces them. -- Jeff Zeitlin jzeitlin at cyburban.com