home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: sci.crypt
- Path: sparky!uunet!spool.mu.edu!agate!usenet.ins.cwru.edu!magnus.acs.ohio-state.edu!cis.ohio-state.edu!pacific.mps.ohio-state.edu!linac!att!cbnewsk!cbnewsj!att-out!walter!qualcom.qualcomm.com!servo.qualcomm.com!karn
- From: karn@servo.qualcomm.com (Phil Karn)
- Subject: Re: PKP/RSA comments on PGP legality
- Message-ID: <1992Dec22.060047.6744@qualcomm.com>
- Sender: news@qualcomm.com
- Nntp-Posting-Host: servo.qualcomm.com
- Organization: Qualcomm, Inc
- References: <1992Dec19.000207.15616@netcom.com> <a_rubin.724967325@dn66> <1992Dec22.003359.1777@netcom.com>
- Date: Tue, 22 Dec 1992 06:00:47 GMT
- Lines: 57
-
- In article <1992Dec22.003359.1777@netcom.com> strnlght@netcom.com (David Sternlight) writes:
- >First of all the language of the act I posted makes clear that
- >software, algorithms, flow charts are all controlled matter in the
- >cryptographic area.
-
- I wonder if the name "Joseph A Meyer" rings a bell to Mr. Sternlight.
-
- Meyer was the NSA employee who in 1977 wrote an (unauthorized,
- according to the official story of the incident) letter to the IEEE
- warning that the scheduled presentation of the original RSA papers
- would violate the ITARs. To quote from the account in "The Puzzle
- Palace" by James Bamford:
-
- "He had a point. The ITAR did cover any 'unclassified information that
- can be used, or adapted for use, in the design, production,
- manufacture, repair, overhaul, processing, engineering, development,
- operation, maintenance, or reconstruction' of the listed materials, as
- well as 'any technology which advances the state-of-the-art or
- establishes a new art in an area of significant military applicability
- in the United States'. And export did include transferring the
- information both by writing and by either oral or visual means,
- including briefings and symposia in which foreign nationals are
- present.
-
- "But followed literally, the vague, overly broad regulations would
- seem to require that anyone planning to write or speak out publicly on
- any technology touching the Munitions List must first get approval
- from the State Department -- a chilling prospect clearly at odds with
- the First Amendment and one as yet untested by the Supreme Court".
- (end of excerpt)
-
- Those familiar with the story know that in the resulting furor, the
- NSA disavowed Meyer's actions. And no action was ever taken against
- the inventors of RSA, despite the fact that their "disclosure"
- arguably enhanced foreign cryptographic capabilities far more than
- anything released since then, including software packages like PGP.
-
- After all, PGP is merely an implementation of an algorithm that is now
- well known all over the world, thanks to R, S and A having stood up to
- Mr. Meyer (or the NSA, depending on who you believe) for the First
- Amendment. I do not mean to disparage all the work that went into PGP,
- but any competent and motivated C programmer could have produced
- something comparable. Indeed, there are other independent RSA
- implementations from outside the US, such as the "CRYPTOS" package
- from Moscow.
-
- Face it, the NSA knows that they can't hold back the rising tide of
- cryptography forever. They know that their ban on exporting widely
- available public domain encryption software wouldn't have a chance in
- court, and that it will probably be eliminated by the Clinton
- administration anyway (if recent news reports are accurate). But that
- doesn't keep them from doing their utmost (short of going to court, of
- course) to delay the inevitable. And people like Mr. Sternlight help
- make things just a little easier for them.
-
- Phil
-
-
