Interesting People mailing list archives
IP: Stewart Baker on US crypto regs & open source software
From: Dave Farber <farber () cis upenn edu>
Date: Tue, 30 Nov 1999 14:26:52 -0500
From: "Baker, Stewart" <SBaker () steptoe com> To: declan () well com Subject: RE: How US crypto-regulations affect open source software Date: Sat, 27 Nov 1999 14:45:08 -0500 : Declan, John Gilmore's posting should be persuasive to anyone who accepts his view that the US does not belong on a list of "free countries". The rest of us can afford a more balanced assessment of the draft rules. First, it is significant -- and praiseworthy -- that the rules on public source go much further than the September announcement, which said there would be no changes in the source code rules. Contrary to the weird press spin that accompanied the draft rules, this is a pleasant surprise in rules that otherwise by and large deliver just what the Administration promised in September. Second, John is wrong to jump to the conclusion that the rules would forbid anonymous downloads because of the possibility of downloads to terrorism-supporting nations. That has been the rule up to now (if you can't resolve the downloader's domain to the US or Canada, you don't authorize 128-bit downloads), but this latest liberalization changes the landscape dramatically. There's an argument that no screening of domain names is required at all for retail products, and even for those who are more conservative about how to read the regs, it's highly unlikely that sites are required to do anything more aggressive than policing for stray downloads to .ly (Lybia's domain -- Qadaffi is clearly missing a big commercial opportunity in not offering to sell domain names like deliver () quick ly). Finally, while I tend to agree with John that the regs' effort to assert jurisdiction over products made with US public-source crypto is a doubtful idea, I do so for the opposite reason. It's not that the limitation will become the engine of vast assertions of US power; it's that the limit isn't enforceable in any plausible way. John is worrying about some future in which crypto export rules suddenly tighten -- running counter to a twenty-year trend -- and other countries are willing to accept US assertions of extraterritorial jurisdiction. In that Bizarro universe, however, open-source products are already at risk. The US could make a plausible claim today that SSL, RSA, RC-4, and numerous other technologies have enough US origin to allow the US to retroactively control the export of products containing those technologies. But that's not a claim the rest of the world would accept or enforce and so it will not be asserted. The scenario painted by John Gilmore is equally unlikely. It is plausible only to those who can't sleep at night if they get too much good news all at once. Steptoe & Johnson LLP phone -- 202.429.6413 email fax -- 202.261.9825 main fax - -202-429-3902 sbaker () steptoe com Baker, Stewart A. (E-mail)4.vcf -------------------------------------------------------------------------- POLITECH -- the moderated mailing list of politics and technology To subscribe: send a message to majordomo () vorlon mit edu with this text: subscribe politech More information is at http://www.well.com/~declan/politech/ --------------------------------------------------------------------------
Current thread:
- IP: Stewart Baker on US crypto regs & open source software Dave Farber (Nov 30)