Skip to main content

EFFector - Volume 7, Issue 10 - ALERT: Crypto Export Provisions - One Day Left to Make or Break

EFFECTOR

EFFector - Volume 7, Issue 10 - ALERT: Crypto Export Provisions - One Day Left to Make or Break

=========================================================================
  ________________             _______________          _______________
 /_______________/\           /_______________\        /\______________\
 \\\\\\\\\\\\\\\\\ \          |||||||||||||||||       / ////////////////  
  \\\\\\\\\\\\\\\\\/          |||||||||||||||||      / ////////////////
   \\\\\\_______/\            ||||||_______\        / //////_____\  
    \\\\\\\\\\\\\ \           ||||||||||||||       / /////////////
     \\\\\\\\\\\\\/____       ||||||||||||||      / ///////////// 
      \\\\\___________/\      |||||              / ////   
       \\\\\\\\\\\\\\\\ \     |||||             / ////  
        \\\\\\\\\\\\\\\\/     |||||             \////

=========================================================================
EFFector Online Volume 07 No. 10      June 14, 1994       editors@eff.org
A Publication of the Electronic Frontier Foundation        ISSN 1062-9424

In This Issue:

ALERT: Crypto Export Provisions - One Day Left to Make or Break
FOIA Documents Reveal Even OLA and OLC Know ITAR Is Unconstitutional
Blaze Paper Details Hole In Clipper/Capstone/EES Scheme
Karn Files Crypto Export CJ Appeal for _Applied_Cryptography_ Disk
EFF's Godwin at Cyberspace Censorship Event on CompuServe
A New Face at EFF - Doug Craven, Office Manager/Bookkeeper
PGP 2.6 Available from Electronic Frontier Foundation FTP Site
USENIX Address of EFF's Barlow Available on Cassette from O'Reilly
Note About our FTP Site
What YOU Can Do

----------------------------------------------------------------------


Subject: ALERT: Crypto Export Provisions - One Day Left to Make or Break
------------------------------------------------------------------------

*DISTRIBUTE WIDELY AND QUICKLY*


ONE DAY DEADLINE!  The House Intelligence Committee will probably make their
decision on the vital issue of cryptography export tomorrow afternoon, Wed.
June 15, 1994.  If you've not had your say on whether the State Dept. & NSA
will be allowed to continue to restrict the flow of public cryptographic
products, write, call and fax *today*.  Updated fax information for the
entire Intelligence Cmte. is below, as is a sample letter, and background
information on this important legislative action.  If you don't get
through on your first fax attempt, keep trying.  All of these numbers
have been tested and are working as of June 14.


******* What You Can Do

1) Fax a short letter TODAY to the chair of the Intelligence
Committee, Representative Dan Glickman (D-KS).  Ask him in your own
words to leave the encryption provisions of H.R. 3937 intact. 
You may wish to send a copy of this to the committee itself also.
Fax number: +1 202 225 5398      Committee fax: +1 202 225 1991

2) If you are unable to fax a letter, send an e-mail message to Rep.
Glickman at glickman@eff.org.  We'll deliver it for you, provide it
arrives before noon, at which point all such messages must be delivered.

3) Personally urge everyone you know to send a similar fax to
Rep. Glickman TODAY, especially if they are among Glickman's Kansas
constituents.

4) If your own Representative is on the Intelligence Committee, send
him or her a copy of what you sent Rep. Glickman.


******* Phone and Fax Numbers 

House Intelligence Committee 
----------------------------
Subcommittee phone:  +1 202 225 4121
Subcommittee fax:    +1 202 225 1991    <== send your fax HERE <==

p st name                     phone             fax
___________________________________________________________________________
D KS Glickman, Daniel         +1 202 225 6216   +1 202 225 5398    Chair
D WA Dicks, Norman D.         +1 202 225 5916   +1 202 226 1176
D CA Dixon, Julian C.         +1 202 225 7084   +1 202 225 4091
D NJ Torricelli, Robert       +1 202 224 5061   +1 202 225 0843
D TX Coleman, Ronald D.       +1 202 225 4831   +1 202 225 4831
 [Coleman's staff manually switch line to fax if they hear fax tones.
 Preceeding your fax with a voice call might help]
D CO Skaggs, David E.         +1 202 225 2161   +1 202 225 9127
D NV Bilbray, James H.        +1 202 225 5965   +1 202 225 8808
D CA Pelosi, Nancy            +1 202 225 4965   +1 202 225 8259
D TX Laughlin, Gregory H.     +1 202 225 2831   +1 202 225 1108
D AL Cramer Jr, Robert (Bud)  +1 202 225 4801   private
D RI Reed, John F.            +1 202 225 2735   +1 202 225 9580
D MO Gephardt, Richard A.     +1 202 225 2671   +1 202 225 7452
R TX Combest, Larry           +1 202 225 4005   +1 202 225 9615
R NE Bereuter, Douglas        +1 202 225 4806   +1 202 226 1148
R CA Dornan, Robert K.        +1 202 225 2965   private
 [Dornan's public fax disconnected; office refuses to divulge a fax number]
R FL Young, C. W. (Bill)      +1 202 225 5961   +1 202 225 9764
R PA Gekas, George W.         +1 202 225 4315   +1 202 225 8440
R UT Hansen, James V.         +1 202 225 0453   +1 202 225 5857
R CA Lewis, Jerry             +1 202 225 5861   +1 202 225 6498
R IL Michel, Robert H.        +1 202 225 6201   +1 202 225 9461


****** Sample Fax

FAX to:  202-225-1991 and 202-225-5398


Representative Daniel Glickman
Chair
House Intelligence Committee
U.S House of Representatives

Dear Representative Glickman:

I realize that tomorrow your committee will probably act on the encryption
provisions of H.R. 3937, the Export Administration Act of 1994.  I urge
that you allow them to remain as they were introduced in Rep. Cantwell's 
H.R. 3627, and subsequently incorporated into H.R. 3937. Privacy is the
basis for my concern, and I support the ability to use secure encryption. 
Additionally, prohibiting the export of secure cryptography from the United
States puts the U.S. at a competitive disadvantage internationally, for who
would choose to use crypography known to be insecure (such as the "Clipper
Chip", or products intentionally weakened to pass excessively stringent
export restrictions)?  Please, support privacy and security by preserving
the cryptography export language of H.R. 3937.




****** More Information

The actual text of this part of H.R. 3937 is at:

  ftp: ftp.eff.org, /pub/EFF/Policy/Crypto/ITAR_export/hr3937_crypto.excerpt
  gopher.eff.org, 1/EFF/Policy/Crypto/ITAR_export, hr3937_crypto.excerpt
  http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/hr3937_crypto.excerpt
  BBS: "Privacy--Crypto" file area, hr3937.crp

For current status on the bill:

  ftp.eff.org, /pub/Alerts/export_alert.update
  gopher.eff.org, 1/Alerts, export_alert.update
  http://www.eff.org/pub/Alerts/export_alert.update
  BBS: "Alerts" file area, export.upd

A general Web page on crypto export policy is at:

  http://www.cygnus.com/~gnu/export.html


****** Background (from John Gilmore , EFF Board of Directors)

Today, the U.S. State Department controls the export of most
encryption, working closely with the National Security Agency (NSA) to
limit products that provide real privacy, from cell-phones to PC
software.  A bill introduced by Rep. Maria Cantwell would instead give
authority over non-military crypto exports to the Commerce Department.
Commerce has much more reasonable regulations, with "First Amendment"-
style unlimited publishing of publicly available software, including PGP,
Kerberos, RIPEM, RSAREF, and mass-market commercial software.  The bill
also prevents the Commerce Dept. from tightening the regulations even if
NSA somehow gets its tentacles into Commerce.

A few months ago, you-all sent over 5600 messages to Rep. Cantwell in
support of her bill, H.R. 3627.  As a result, on May 18, the bill
passed the House Foreign Affairs Committee by being incorporated into
the Export Administration Act of 1994, H.R. 3937.

Now the battle has become more intense.  This portion of H.R. 3937 has
been referred to the House Intelligence Committee with the intent to
kill or severely maim it.  We need your help again, to urge the
Intelligence Committee to keep crypto export liberalization intact.

The House and Senate Intelligence Committees, the only watchdogs for
the NSA, tend to follow the agency's wishes when they wave the magic
"national security" wand.  They need plenty of input from the public
that tells them that the nation will be *more* secure with good
encryption, even though the NSA will be less happy.

Not just computer users, but all users of telephones, cable TV, health
care, and credit information systems would benefit from this change.
The security of these applications is built on the foundation laid by
the operating systems and network protocols on which they run.  If
this bill is passed, you will see high quality encryption built into
Microsoft Windows, into the MacOS, into major Unix workstations, into
the Internet, into cellular phones, into interactive television.  The
software already exists for confidentiality, privacy, and security of
local and networked information, but it's not built-in to these
systems because of the export ban.  Today, each company could build
two operating systems, one gutted for international use, but this
would be costly and confusing for them and their customers, and would
not allow international networks such as the Internet or telephones to
be made secure and private.  With this bill, these limits disappear.

Furthermore, the Clinton Administration plans to permit high volume
exports of Clipper products, while continuing to require tedious
paperwork for truly secure encryption products.  The bill would give
Clipper and other crypto software more even-handed treatment.

The bill also eliminates a senseless situation on the Internet.
Today, crypto software can only be freely distributed from non-U.S.
archive sites.  It would eliminate that problem as well as the threat
of prosecution against U.S. freeware authors of crypto software.

This is the dream we've all been working toward.  The Intelligence
Committee must make its decision on the bill before June 16, so time is
critical. Thanks again for your help!  You can check at any time on the
current status of the campaign at the location mentioned above.  Send any
comments on this campaign to campaign@eff.org.


John Gilmore
Chairman, EFF Crypto Committee
EFF Board of Directors
Member of Computer Professionals for Social Responsibility
Member of International Association for Cryptologic Research

------------------------------



------------------------------

Subject: FOIA Documents Reveal Even OLA and OLC Know ITAR Is Unconstitutional
-----------------------------------------------------------------------------

The documents detailed below were obtained by Freedom of Information Act
requests.  They reveal that the Office of Legal Counsel and Office of
Legislative Affairs have determined that portions of the ITAR export
restrictions, which cover the export of cryptographic products, infringe
the First Amendment, and also indicated that several Congressional
committees, the President, and the Departement of State have been made
aware of the constitutional problem of the International Traffic in Arms
Regulations.  Despite these facts, the cryptography export provisions of
H.R. 3937 are still in danger of being removed or rendered worthless in
committee tomorrow.

For details on how to do your own FOIA submissions,
get documents at ftp.eff.org, /pub/EFF/Issues/FOIA/ via anonymous ftp.

These documents were obtained by Lee Tien, an attorney for EFF
Boardmember John Gilmore.  Each document was scanned and edited for
obvious mistakes.

The full documents are available at:

ftp.eff.org, /pub/EFF/Policy/Crypto/ITAR_export/ITAR_FOIA/
gopher.eff.org, 1/EFF/Policy/Crypto/ITAR_export/ITAR_FOIA
gopher://gopher.eff.org/11/EFF/Policy/Crypto/ITAR_export/ITAR_FOIA
http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/ITAR_FOIA/
BBS: +1 202 638 6119, 6120 (8-N-1, 14.4k), "Privacy--Clipper/ITAR" file area

A brief description of the content of each of the documents

[file names in brackets are the BBS filenames]

itar_hr_govop_hearing.transcript [ITARHEAR.TRN]

	This is the transcript of a series of hearings held before a 
	subcommittee of the House Comittee on Government 
	Operations.  It is especially interesting for the two items it 
	includes in the report; one memo shows that the Office of Legal 
	Counsel concluded that ITAR was unconstitutional, and some 
	testimony indicates that the State Department and the 
	President may have ignored possibly binding legal advice from 
	the OLC.

mcconnell_garn.letter [ITAR1.LTR]

	This is a letter from Robert McConnell, Assistant Attorney 
	General for Legal and Intergovernmental affairs to Jake Garn, 
	the Chairman of the Senate Committee on Banking, Housing, 
	and Urban Affairs.  This letter highlights the position that the 
	term "technology" as defined by the ITAR is overly broad and 
	presents a probable violation of the First Amendment.

mcconnell_zablocki.letter [ITAR2.LTR]

	Clement Zablocki was the Chairman of the House Committee on 
	Foreign Affairs.  This letter is a review of a bill that would 
	amend the Arms Export Control Act (AECA).  It is particularly 
	good in that it makes a compelling argument for why the ITAR 
	establishes a system of prior restraint.

olson_mcconnell.letter [ITAR3.LTR]

	This is a follow-up letter to Robert McConnell from Theodore 
	Olson, Assistant Attorney General for the Office of Legal 
	Counsel.  It reaffirms the OLC position that the ITAR establishes 
	a regulatory scheme that "extends too broadly into an area of 
	protected First Amendment speech."

shiffren_tien.letter [ITAR4.LTR]

	The cover letter/reply to Lee Tien's FOIA request.  Notable for 
	the fact that there are other documents (specifically from the 
	FBI and NSA) that could be relevant.

simms_mcconnell.memo [ITAR5.MEM]

	A brief note acknowledging that the ITAR is overly broad, from
        Simms of OLA to McConnell.

simms_robinson.memo [ITAR6.MEM]

	This is a memo prepared for Davis Robinson, then the Legal 
	Adviser for the Department of State.  This is a very well-
	documented paper on the various unconstitutional provisions 
	of ITAR.  The two areas this memo concentrates on are the 
	"technical data"  definition as well as the definition of "export."    
	Near the conclusion, Simms states: "We remain of the opinion, 
	however, that ... the ITAR still present some areas of 
	potentially unconstitutional application.  ...The best legal 
	solution ... is for the Department of State, not the courts, to 
	narrow the regulations."

------------------------------


Subject: Blaze Paper Details Hole In Clipper/Capstone/EES Scheme
----------------------------------------------------------------

Dr. Matthew Blaze, an AT&T Bell Labs researcher, recently discovered a 
fundamental flaw in the Administration/NSA Escrowed Encryption Standard
cryptographic chips, particularly those known originally as Capstone.  

The EES Capstone chips, used in PCMCIA cards for data encryption on laptop
computers, use the same cryptographic algorithm (Skipjack) and key "escrow"
system as the infamous Clipper chips, though according to AT&T, the
misfeature does not directly apply to Clipper, since it is intended for use
in telephone equipment rather than computers.  More importantly, however,
is the fact that Blaze's discovery indicates a deep flaw in the entire EES
scheme. Clipper's "immunity" is only accidental, and questionable  - the
flaw is also present in the Clipper EES system, just not as easy to exploit.

Both Clipper and Capstone rely on a series of numbers referred to as the
LEAF (Law Enforcement Access Field).  The LEAF is used to verify chip
serial numbers, create a session key for encryption, and validate the
session key.  Law enforcement or intelligence agents could use a recording
of a Clipper conversation, or a copy of Capstone-encoded data, to identify
the chip serial number, and obtain copies of the keys held by the "escrow"
agents.  Using these keys, they may decrypt the message or data at will - 
and the idea of the government holding the keys to personal privacy has
been the primary objection to the EES scheme.

The flaw Blaze has unearthed is another objection among many: anyone with
"sufficient" computer skills can alter the LEAF to verify validity of a
session key with an fake serial number, thereby defeating the entire
purpose behind the EES - agents would have no idea which Clipper/Capstone
chip produced the encrypted information, and thus would be unable to get the
decryption keys.

According to a June 2 article by John Markoff in the _New_York_Times_, NSA
officials do not deny the existence of the flaw, though both NSA and AT&T
maintain that Clipper is still useful.

The full text of Dr. Blaze's report, "Protocol Failure in the Escrowed
Encryption Standard", is available from:

ftp.eff.org, /pub/EFF/Policy/Crypto/Clipper/
gopher.eff.org, 1/EFF/Policy/Crypto/Clipper
gopher://gopher.eff.org/11/EFF/Policy/Crypto/Clipper
http://www.eff.org/pub/EFF/Policy/Crypto/Clipper/
BBS: +1 202 638 6119, 6120 (8-N-1, 14.4k), "Privacy--Clipper/ITAR" file area

[Filenames in brackets are BBS filenames.  ZIP-compressed copies are also
available on the BBS.]

ASCII version: ees_flaw_blaze.paper  [EESFLAW.PPR]
PostScript version: ees_flaw_blaze_paper.ps.gz  [EESFLAW.PS]

Also of interest:

ees_nist_senate.answers [EES_NIST.ANS] - answers from NIST to the Senate
Technology and Law Subcommittee's 30 pointed questions regarding the
EES/Clipper.  Some of the answers are literally astounding.

------------------------------


Subject: Karn Files Crypto Export CJ Appeal for _Applied_Cryptography_ Disk
---------------------------------------------------------------------------
From: Phil Karn 

[Background: Beginning in Jan. 1994, Phil Karn attempted to have Commodity
Jurisdiction over Bruce Scheier's _Applied_Cryptography_ and a related
diskette - containing the *same* source code as the book - shifted from
the State Dept., notorious for refusing the export of cryptographic
material, to the Commerce Dept., which regularly approved such export.
The State Dept. aknowledged that they did not have jurisdiction over the
book, but illogically maintain that the diskette is within their
jurisdiction, and is not to be exported.  Karn's appeal, and his own
letter regarding the crypto export provisions of H.R. 3937 follow. - ed.]

I just filed my appeal by fax; I will follow up with a mailed copy.
[...]

Note that the "Center for Defense Trade" mentioned in the ITARs as the
address for administrative appeals no longer exists. I got
Dr. Harris's name and address from Tom Denners of ODTC.

******

Dr. Martha C. Harris
Deputy Assistant Secretary For Export Controls
United States Department of State
Room 7325A
Washington DC 20522
202-647-1346 (fax)


Subject: Appeal in CJ Case 081-94, "Applied Cryptography Source Code Disk"

Also references: CJ Case 038-94, "Applied Cryptography", a book by
Bruce Schneier


                APPEAL OF COMMODITY CLASSIFICATION


This is an appeal under 22 CFR 120.4(g) of an adverse decision by the
Office of Defense Trade Controls (ODTC) in the above cited case.  It
is also a request for ODTC to justify their decision and to respond to
the points made here.

INTRODUCTION

In its May 11, 1994 reply in CJ Case 081-94, ("the Response") ODTC
classified the subject of this appeal, the "Applied Cryptography
Source Code Disk", ("the Diskette") as a defense article under
category XIII(b)(1) of the United States Munitions List. I hereby
formally appeal this determination on several grounds:

1) The information included on the Diskette is, for all practical
purposes and contrary to ODTC's claim, identical to that printed in
the book "Applied Cryptography" ("the Book"), which ODTC previously
ruled was in the public domain and outside their licensing
jurisdiction;

2) Even if the information on the Diskette had not already appeared in
a publicly available book, by ODTC's own prior interpretation of the
ITAR in CJ Case 038-94 it should nonetheless have qualified for the
very same "public domain" exemption; and

3) The First Amendment protects the freedom of speech and of the press
regardless of the medium of expression (diskette or printed textbook).
Therefore, the dissemination of the publicly available Diskette is not
within the licensing jurisdiction of your office.


DISCUSSION

1. The Diskette Should Qualify For The ITAR Public Domain Exemption 
   As A Result of ODTC's Decision in CJ Case 038-94

In its Response, ODTC said:

        The text files on the subject disk are not an exact
        representation of what is found in "Applied Cryptography."
        Each source code listing has been partitioned into its own
        file and has the capability of being easily compiled into
        an executable subroutine.

This appears to be the basic rationale for ODTC's decision in this
matter.  I respectfully submit that the statement presents an
arbitrary and capricious distinction, but no meaningful difference,
between the information which is found in the Book and the
Diskette. That characterization of the Diskette provides no basis in
either law, regulations, or logic for ODTC's decision.

The Diskette is as close to Part Five of the Book as one could make
it.  The typographic layout of the Book makes it absolutely clear,
even to the non-programmer, where each cryptographic subroutine begins
and ends.  The name of each routine appears in bold font before the
routine itself and in the header of each page.  Moreover, the Diskette
uses these same names for its files.

The Response goes on to list the cryptographic routines included in
the Diskette and says that they would not be exportable if they were
incorporated into a product. But this is irrelevant to the present
matter, since all of these routines appear in the Book, which ODTC had
already ruled in CJ Case 038-94 to be outside its licensing
jurisdiction and therefore exportable.  The decision in this case must
be based on a comparison to the Book, which is functionally identical
to the Diskette, not to some hypothetical product.

The only real difference between the Book and the Diskette is the one
stated in my original request: the medium on which the information is
recorded.

Presumably, ODTC's phrase "added value" referred to the easy
machine-readability of the Diskette.  But "machine-readability" is no
longer well defined; it cannot be limited to information stored on
computer disks.  With the widespread availability of optical character
recognition (OCR) equipment and software, even printed information
such as the Book is easily turned into "machine readable" disk files
equivalent to those on the Diskette. Moreover, this only need be done
once.  It is then absolutely trivial to duplicate and disseminate the
resulting files by telephone modem or over the Internet.

And even without OCR capabilities, anyone with typing skills could
easily type in the routines from the Book, again producing machine
readable disk files.

2. The Diskette Should Qualify For The ITAR Public Domain Exemption 
   Regardless of the Decision in CJ Case 038-94 Because the Diskette Is
   Itself Already in the Public Domain

The issue of whether or not the Diskette is an exact representation of
the Book is really a red herring. Even if the Diskette contained
source code not in the Book, or even if the Book did not exist at all,
the Diskette itself is in the public domain.

The ITAR at 120.10(5) exempts from the definition of controlled
"technical data" "information in the 'public domain' as defined in
120.11", and 120.11 defines "public domain" as "information which is
published and which is generally accessible or available to the
public" from libraries or through subscription, among other means.  Of
particular interest is the lack of any mention of the allowable media
or medium on which the information must be recorded to qualify for
"public domain" status. This is hardly surprising in that any such
restriction would be at once illogical and offensive to the First
Amendment.

This Diskette is obviously within the "public domain".  Anyone may
obtain it by mail order from the author for a nominal charge to cover
duplication and mailing.  (The restriction to US and Canadian
addresses exists only because of uncertainty about US export
regulations.) Furthermore, much of the source code contained on the
disk is in the public domain, in the even broader sense of the
original authors having granted blanket copying and use permission, or
relinquished copyright altogether.

The software on this Diskette is also readily available to the public
from many "anonymous FTP" repositories on the Internet, several of
which are outside the United States and Canada. These repositories
clearly qualify as "libraries open to the public" under 120.11(4).
Indeed, it seems that the subject software is even more strongly
"public domain" (in the ITAR sense) in machine readable form than in
book form, precisely because the machine readable form is so much more
readily obtainable.

3. The First Amendment Protects Absolutely the Freedom of Speech
   and the Press, Regardless of the Medium of Expression

The export of publicly available cryptographic information, including
software, is protected by the First Amendment to the Constitution.

The US Supreme Court has written that "[t]he liberty of the press is
not confined to newspapers and periodicals.  It necessarily embraces
pamphlets and leaflets.... The press in its historic connotation
comprehends every sort of publication which affords a vehicle of
information and opinion" (Lovell v. City of Griffin, 1938).  Freedom
of the press, says the Court, includes "the right of the lonely
pamphleteer who uses carbon paper or a mimeograph as much as of the
large metropolitan publisher who utilizes the latest photocomposition
methods" (Branzburg v. Hayes, 1972).

The computer network, the bulletin board system (BBS) and even
"sneakernet" (the manual exchange of diskettes) are clearly the modern
successors to the mimeograph machine. Users of these systems have just
as much First Amendment protection, including the right to export
their works, as John Wiley & Sons, publishers of "Applied
Cryptography".

There is opinion that the power to control exports is a Presidential
national security and foreign policy function that deserves wide
deference by the courts.  But the national security power, "like every
other governmental power, must be exercised in subordination to the
applicable provisions of the Constitution" (US v Curtiss-Wright Corp,
1936).  In Baker v Carr (1962), the Supreme Court said "[I]t is error
to suppose that every case or controversy which touches foreign
relations lies beyond judicial cognizance".

In Bullfrog Films, Inc. vs Wick (1988) the Federal Court of
Appeals for the 9th Circuit said "We ... reject ... the suggestion
that the First Amendment's protection is lessened when the expression
is directed abroad. The cases cited by the government do not support
its contention that otherwise protected free speech interests may be
routinely subordinated to foreign policy concerns".

And in New York Times Co v US, 1970, popularly known as the "Pentagon
Papers" case, the Supreme Court said, "[A]ny system of prior
restraints of expressions comes to this Court bearing a heavy
presumption against its constitutional validity" and the government
"thus carries a heavy burden of showing justification for the
imposition of such a restraint".

It thus seems impossible to argue that export controls on information,
including software, widely available in the United States, and even
already available in published form outside the US (such as the
Diskette) are necessary to prevent a "substantial likelihood of
serious damage to national security or foreign policy" (Haig v Agee,
1981).  Ordinary common sense says that ODTC's ruling in CJ Case
081-94 is arbitrary, capricious and wholly indefensible.

Indeed, in the most celebrated prior restraint case (United States vs
The Progressive, 1979), the government gave up all further attempts to
control the dissemination of the information in question (design
principles for thermonuclear weapons) once the Department of Justice
became aware that the information it sought to ban had been published
in the United States. Trying to ban further dissemination of that
publication would have been both unconstitutional and futile, as are
current attempts to control the export of public domain cryptographic
software.

Even an Assistant Attorney General of the Department of Justice has
expressed the opinion that export controls on publicly available
cryptographic information are unconstitutional:

"It is our view that the existing provisions of the ITAR are
unconstitutional insofar as they establish a prior restraint on
disclosure of cryptographic ideas and information developed by
scientists and mathematicians in the private sector". (Memorandum from
J. Harmon, Department of Justice, to F. Press, Science Advisor to the
President dated May 11, 1978, reprinted in "The Government's
Classification of Private Ideas: Hearings Before a Subcommittee of the
House Committee on Government Operations", 96th Congress, 2nd Session,
1980.)

This opinion is entitled to special weight because Mr. Harmon was, at
that time, in charge of the Office of Legal Counsel, the office which
is responsible for preparing all the official opinions of the Attorney
General.

CONCLUSION

I seek a favorable ruling that would recognize the "public domain"
exemption for publicly available cryptographic software, such as the
subject diskette, regardless of the medium on which it is recorded.

I hope this will be possible through administrative appeal.  Should it
become necessary, however, I am fully determined to seek judicial
relief.

                                        Sincerely,
                                        Philip R. Karn, Jr


******

Rep. Dan Glickman
Chairman, House Intelligence Committee
US House of Representatives
Washington, DC
202-225-1991 (fax)

Dear Representative Glickman:

I am writing to urge you and your committee to leave intact the
encryption provisions of Rep. Cantwell's bill, HR3627, as they amend
the Export Administration Act of 1994, HR 3937.

Rep. Cantwell's reforms are sorely needed. The US State Department,
acting on behalf of the National Security Agency, stubbornly treats
even widely available public domain encryption software as a
"munition" that cannot be exported without a license -- which is
invariably denied.

I personally have been denied authorization to export a floppy disk
containing exactly the same encryption software that has already been
published in a book -- even though State agreed that the book itself
was outside their jurisdiction, presumably because of the First
Amendment guarantee of freedom of the press. This situation is
offensive to the Constitution and to common sense. It is completely
intolerable.

Once again, I urge you to retain the provisions of Rep. Cantwell's
bill in full as your committee considers the Export Administration Act
of 1994.

                                        Sincerely,
                                        Philip R. Karn, Jr.

------------------------------


Subject: EFF's Godwin at Cyberspace Censorship Conference on CompuServe

Mike Godwin, EFF Online Counsel, will be part of a "virtual panel" at CIS's
"The Cyberconference: Censorship", Thursday, June 16.  CompuServe's
announcement states:

"Playboy magazine and the Graphics forums are hosting a "Censorship in 
Cyberspace" conference to discuss the heated media controversy surrounding 
the questions: can and should cyberspace be censored? The conference will 
feature a dialogue with highly esteemed First Amendment experts and will be 
held in the CompuServe Convention Center on 16-Jun at 10 p.m. EDT (04:00 
CET). Members can send questions in advance to User ID 75300,1610. Title >
your message's subject "Playboy Conference" to ensure that your questions> 
are registered.

"To attend the conference in the Convention Center, GO CONVENTION. For 
more information about graphics and your computer, GO GRAPHICS [or GO
GRAPHNEWS].  The CompuServe Convention Center and the Graphics forums are
each a part of CompuServe's extended services."

CIS members with Internet access can reach the service by using telnet to
connect to compuserve.com.

------------------------------


Subject: A New Face at EFF - Doug Craven, Office Manager/Bookkeeper
-------------------------------------------------------------------

Originally from Miami Florida, Doug came to EFF in May 1994 to take over
office management duties, having served as Senior Office Manager for four
years and accounting positions for another four years with previous
employers as diverse as academic institution, commercial enterprises, a
water company and the FBI.

Doug graduated from Thomas Stone H.S. in Waldorf Maryland in June 1986, a
2 year National Honor Society member, and moved on to Charles County
Community College, Chesapeake College, and Anne Arundel Community College,
as a Microcomputer Operations student.

Doug enjoys music and video production, biking, and swimming.  He says,
"my #1 love is my dog Katie."

------------------------------


Subject: PGP 2.6 Available from Electronic Frontier Foundation FTP Site
-----------------------------------------------------------------------

The latest DOS, Unix and Mac implementations of PGP (Pretty Good Privacy)
2.6, a freeware encryption program that has rapidly become the defacto
standard for Internet email, is now available from ftp.eff.org via
anonymous ftp.

PGP and similar material are available from EFF's ftp site in a hidden
directory, but only to Americans and Canadians, due to U.S. ITAR export
restrictions on cryptographic products.  Access to this directory
can be obtained by reading and following the instructions in the README.Dist
file at:

ftp.eff.org, /pub/Net_info/Tools/Crypto/
gopher.eff.org, 1/Net_info/Tools/Crypto
gopher://gopher.eff.org/11/Net_info/Tools/Crypto
http://www.eff.org/pub/Net_info/Tools/Crypto/

PGP can only be obtained from EFF via ftp currently.  Gopher and WWW
access to the material itself is not supported at this time.

If you would like to see US export restrictions on cryptography removed,
please send a message supporting the retention of Rep. Cantwell's export
reform language (originally bill HR3627) in bill HR3937, to Rep. Glickman's
fax number or glickman@eff.org - TODAY.  See lead article for details.
Please ask your Representatives to co-sponsor this bill if it includes Rep.
Cantwell's export provisions, and ask your Senators to co-sponsor Sen.
Murray's companion bill (S1846) in the US Senate.  Congress contact
information is available from:
ftp.eff.org, /pub/EFF/Issues/Activism/govt_contact.list

------------------------------


Subject: USENIX Address of EFF's Barlow Available on Cassette from O'Reilly
-----------------------------------------------------------------------------
From: brian@ora.com (Brian Erwin)

     The globalization of the Internet, satellite-based Internet
Protocol multicasting, and strategies for dealing with Internet 
address allocation are just three of the subjects discussed by 
leading Internet developers on four new audiotapes we just released. 

  "Notable Speeches of the Information Age, John Perry Barlow"
                USENIX Conference Keynote Address
               January 17, 1994; San Francisco, CA
          Duration: 90 minutes, ISBN: 1-56592-992-6, $9.95 (US)

          John Perry Barlow is a retired Wyoming cattle rancher, a 
lyricist since 1971 for the Grateful Dead who holds a degree in 
comparative religion from Wesleyan University. In 1990, Barlow 
co-founded the Electronic Frontier Foundation with Mitch Kapor, 
and currently serves as chair of its executive committee. 
          In his keynote address to the Winter 1994 USENIX Conference,
Barlow talks of recent developments in the national information
infrastructure, telecommunications regulation, cryptography,
globalization of the Internet, intellectual property, and the settlement 
of Cyberspace. This talk explores the premise that "architecture is 
politics"--that the technology adopted for the coming "information 
superhighway" will help to determine what is carried on it. If the 
electronic frontier of the Internet is not to be replaced by electronic 
strip malls controlled by the old broadcast content providers, we need 
to make sure that our technological choices favor bi-directional 
communication and open platforms. Side A contains the keynote; Side B 
contains a question and answer period.

This and other O'Reilly products are available in the Americas 
and Japan through bookstores, or directly from the publisher 
(credit card orders 800-889-8969; email order@ora.com). 

For information: telephone 707-829-0515 (800-998-9938 in US & 
Canada); FAX 707-829-0104; email nuts@ora.com; or write O'Reilly & 
Associates, 103A Morris St., Sebastopol, CA, 95472, USA.  
GSA # GS-02F-6095A.  Access our online gopher catalog via "telnet 
gopher.ora.com" (log in as "gopher" -- no password needed).

Our international distributors:
* EUROPE (except German-speaking countries), MIDDLE EAST, AFRICA 
International Thomson Publishing, Berkshire House, 168-173 High 
Holborn, London WC1V 7AA, UK.  Telephone 44-71-497-1422;
FAX 44-71-497-1426; or email danni.dolbear@itpuk.co.uk
* GERMAN-SPEAKING COUNTRIES.  International Thomson Publishing,
Konigswinterer Strasse 418, 53227 Bonn, Germany. Telephone 49-228-445171;
FAX 49-228-441342; or email 100272.2422@compuserve.com
* ASIA. International Thomson Publishing, 221 Henderson Rd.,
#05-10 Henderson Building, Singapore 0315. Telephone 65-272-6496;
FAX 65-272-6498
 * AUSTRALIA AND NEW ZEALAND.  WoodsLane, Unit 8, 101 Darley Street,
Mona Vale, NSW 2103, Australia. Telephone 61-2-979-5944;
FAX 61-2-997-3348; or email woods@tmx.mhs.oz.au

------------------------------


Subject: Note About our Internet Sites
--------------------------------------

To clarify a potential confusion, please note that eff.org is our staff
machine - where we get our email, etc.  EFF's public services are available
from specific services:

ftp:       ftp.eff.org
gopher:    gopher.eff.org
WWW:       http://www.eff.org/
WAIS:      wais.eff.org [when available]
telnet:    n/a

Attempting to telnet, ftp, or gopher to eff.org will result in an error
message.

------------------------------


Subject: What YOU Can Do
------------------------

"Cryptography is an enormously powerful tool that needs to be controlled,
just as we control bombs and rockets."
  - David A. Lytel, President's Office of Science and Technology Policy

Who will decide how much privacy is "enough"?

The Electronic Frontier Foundation believes that individuals should be
able to ensure the privacy of their personal communications through any
technological means they choose.  However, the government's current
restrictions on the export of encrytion software have stifled the
development and commercial availability of strong encryption in the U.S. 
Now, more than ever, EFF is working to make sure that you are the one that
makes these decisions for yourself.  Our members are making themselves heard
on the whole range of issues.  To date, EFF has collected over 5000 letters
of support for Rep. Cantwell's bill (HR3627 - Sen. Murray's companion bill
is S1846) to liberalize restrictions on cryptography.  The bill's
provisions, now part of the more general HR3937, will need your
immediate and vocal support to succeed.  We also gathered over 1400 letters
supporting Sen. Leahy's open hearings on the proposed Clipper encryption
scheme, which were held in May 1994.

If you'd like to add your voice in support of the Cantwell bill's
language, which is in danger of being stripped from HR3627, fax the House
Intelligence Committee Chair, Rep. Dan Glickman at +1 202 225 5398, or the
Committee at +1 202 225 1991, or send email to glickman@eff.org
IMMEDIATELY (letters received at the glickman alias will be
printed and delivered to Rep. Glickman before noon [EDT], June 15.)

You KNOW privacy is important. You have probably participated in our online
campaigns.  Have you become a member of EFF yet?  The best way to protect
your online rights is to be fully informed and to make your opinions heard.
EFF members are informed and are making a difference.  Join EFF today!

For EFF membership info, send queries to membership@eff.org, or send any
message to info@eff.org for basic EFF info, and a membership form.

------------------------------


Administrivia
=============

EFFector Online is published by:

The Electronic Frontier Foundation
1001 G Street NW, Suite 950 E
Washington DC 20001 USA
+1 202 347 5400 (voice)
+1 202 393 5509 (fax)
+1 202 638 6119 (BBS - 16.8k ZyXEL)
+1 202 638 6120 (BBS - 14.4k V.32bis)
Internet: ask@eff.org
Internet fax gate: remote-printer.EFF@9.0.5.5.3.9.3.2.0.2.1.tpc.int

     Coordination, production and shipping by:
     Stanton McCandlish, Online Activist/SysOp/Archivist 

Reproduction of this publication in electronic media is encouraged.  Signed
articles do not necessarily represent the views of EFF.  To reproduce
signed articles individually, please contact the authors for their express
permission.

To subscribe to EFFector via email, send message body of "subscribe
effector-online" (no quotes) to listserve@eff.org, which will add you a
subscription to the EFFector mailing list.


------------------------------


Internet Contact Addresses
--------------------------

Membership & donations: membership@eff.org
Legal services: ssteele@eff.org
Hardcopy publications: pubs@eff.org
Technical questions/problems, access to mailing lists: eff@eff.org
General EFF, legal, policy or online resources queries: ask@eff.org





End of EFFector Online v07 #10
******************************

$$

Back to top

JavaScript license information