IP: Stewart Baker on US crypto regs & open source software

[Dave Farber <farber () cis upenn edu>]

> From: "Baker, Stewart" <SBaker () steptoe com>
> To: declan () well com
> Subject: RE: How US crypto-regulations affect open source software
> Date: Sat, 27 Nov 1999 14:45:08 -0500
> :
>
> Declan,
>
> John Gilmore's posting should be persuasive to anyone who accepts his view
> that the US does not belong on a list of "free countries".  The rest of us
> can afford a more balanced assessment of the draft rules.
>
> First, it is significant -- and praiseworthy -- that the rules on public
> source go much further than the September announcement, which said there
> would be no changes in the source code rules.  Contrary to the weird press
> spin that accompanied the draft rules, this is a pleasant surprise in rules
> that otherwise by and large deliver just what the Administration promised in
> September.
>
> Second, John is wrong to jump to the conclusion that the rules would forbid
> anonymous downloads because of the possibility of downloads to
> terrorism-supporting nations.  That has been the rule up to now (if you
> can't resolve the downloader's domain to the US or Canada, you don't
> authorize 128-bit downloads), but this latest liberalization changes the
> landscape dramatically.  There's an argument that no screening of domain
> names is required at all for retail products, and even for those who are
> more conservative about how to read the regs, it's highly unlikely that
> sites are required to do anything more aggressive than policing for stray
> downloads to .ly (Lybia's domain -- Qadaffi is clearly missing a big
> commercial opportunity in not offering to sell domain names like
> deliver () quick ly).
>
> Finally, while I tend to agree with John that the regs' effort to assert
> jurisdiction over products made with US public-source crypto is a doubtful
> idea, I do so for the opposite reason.  It's not that the limitation will
> become the engine of vast assertions of US power; it's that the limit isn't
> enforceable in any plausible way.  John is worrying about some future in
> which crypto export rules suddenly tighten -- running counter to a
> twenty-year trend -- and other countries are willing to accept US assertions
> of extraterritorial jurisdiction.  In that Bizarro universe, however,
> open-source products are already at risk.  The US could make a plausible
> claim today that SSL, RSA, RC-4, and numerous other technologies have enough
> US origin to allow the US to retroactively control the export of products
> containing those technologies.  But that's not a claim the rest of the world
> would accept or enforce and so it will not be asserted.  The scenario
> painted by John Gilmore is equally unlikely.  It is plausible only to those
> who can't sleep at night if they get too much good news all at once.
>
>
> Steptoe & Johnson LLP
> phone -- 202.429.6413
> email fax -- 202.261.9825
> main fax - -202-429-3902
> sbaker () steptoe com
>
>
>
>  Baker, Stewart A. (E-mail)4.vcf
>
>
>
> --------------------------------------------------------------------------
> POLITECH -- the moderated mailing list of politics and technology
> To subscribe: send a message to majordomo () vorlon mit edu with this text:
> subscribe politech
> More information is at http://www.well.com/~declan/politech/
> --------------------------------------------------------------------------