22 September 1993

Ambassador Michael Newlin, 
Acting Director Center for Defense Trade, 
Department of State 
2201 C Street NW Washington, DC 20520

Subject: Commodity Jurisdiction appeal for snuffle 5.0 software

Dear Ambassador Newlin:

Please be advised that my mail delivery is not reliable. Whenever you 
mail something to me, please also send a copy to Shari Steele, Director 
of Legal Services, Electronic Frontier Foundation, 1001 G Street NW, 
Suite 950E, Washington, DC 20001.

I hereby appeal the commodity jurisdiction decision in CJ 191-92.

The decision stated that snuffle 5.0 ''is designated as a defense 
article under U.S. Munitions List Category XIII(b)(1).'' It has come to 
my attention that there may not be a factual basis for this designation.

Category XIII(b)(1) covers ''Cryptographic (including key management) 
systems, equipment, assemblies, modules, integrated circuits, components 
or software with the capability of maintaining secrecy or 
confidentiality of information or information systems,'' with certain 
exceptions.

For snuffle 5.0 to be covered by Category XIII(b)(1), it must have ''the 
capability of maintaining secrecy or confidentiality of information or 
information systems.'' It does not, in fact, have that capability. It 
must be combined with certain cryptographic technology, namely a hash 
function. The hash function provides the capability of maintaining 
secrecy or confidentiality. If the hash function is strong then the user 
will be able to maintain secrecy. If the hash function is weak then the 
user will not be able to maintain secrecy.

There is a difference between, on the one hand, a device which includes 
cryptographic technology, and, on the other hand, instructions for using 
separate cryptographic technology. The instructions are not the 
technology.

As I stated in my 30 June 1992 CJ request: ''In effect what I want to 
export is a description of a way to use existing technology in a more 
effective manner. I do not foresee military or commercial use of Snuffle 
by anyone who does not already have access to the cryptographic 
technology contained in, e.g., the Xerox Secure Hash Function.''

Thank you for your kind attention.

Sincerely,

[signature]

Daniel J. Bernstein

cc: Shari Steele, Director of Legal Services, Electronic Frontier
Foundation, 1001 G Street NW, Suite 950E, Washington, DC 20001