Interesting People mailing list archives
IP: PGP sells crypto in Europe - with no back doors.
From: Dave Farber <farber () cis upenn edu>
Date: Fri, 20 Mar 1998 09:30:34 -0500
Date: Fri, 20 Mar 1998 09:02:50 -0500 To: farber () cis upenn edu From: Will Rodger <rodger () worldnet att net> : : : Dave - I wrote about PGP's search for a partner in europe a year ago based on conversations at CFP 97. Now theory has become reality PGP will sell crypto abroad By Will Rodger Inter@ctive Week Online March 19, 1998 6:56 PM PST Pretty Good Privacy, a computer security product long associated with opposition to US export controls on data-scrambling exports, will be sold outside the United States for the first time ever beginning this week, sources at Network Associates Inc. said. The sales initiative comes perilously close to violating US felony prohibitions on exports of strong encryption software. But it also exposes a gaping hole in export laws that could lead to the ultimate downfall of the regulations themselves, observers say. "It's yet another example of the absurdity of export controls," said Alan Davidson, staff counsel with the Center for Democracy and Technology. "You can't stop ideas at the border." Powerful encryption techniques were once the province of empire-fighting patriots like John Adams and Thomas Jefferson, spies and military officers. For centuries they used the arcane mathematical concepts behind code making to protect secret communiques, form new governments and win wars. But those skills have rapidly spread to the private sector over the past 20 years, giving companies and private citizens secure email and voice communications over cell phones, conventional telephones and a hacker-ridden Internet. The core conflict At the same time, the technology that renders privacy certain in a digital age can also hide criminal plans and conspiracies. It's for that reason that the US government has controlled encryption exports tightly since World War II. More recently, the Clinton Administration has forced encryption exporters to supply spare encryption "keys" for storage with third parties in case wiretaps are needed or forego exports in all but a few cases. The clear conflict between the need for personal security on one hand and the ability to track down criminals on the other has exploded on Capitol Hill. On one side stand civil libertarians and businesses who fear uncontrolled police power. On the other: federal wiretappers who want access to all electronic communications with court orders. "Our reaction is this is something to be investigated," said Bill Reinsch, undersecretary for export control at the US Department of Commerce. "This case may be a ground breaker." How PGP slipped past the Feds To sell the controlled encryption software abroad, Pretty Good Privacy executives last year exported copies of the software source code in book form. Since the software went over in books, there was no violation of export laws, they say. Once abroad, volunteers supportive of PGP's fight to liberalize encryption laws scanned the books into computers and converted that source code into usable software. Had the software been shipped on floppies, by contrast, those who exported it could have been charged with felony violations of the law. Executives at Network Associates' Dutch affiliate have since taken the software and begun striking deals to sell the American-developed product abroad - all in compliance with US laws, they say. The Commerce Department's Reinsch isn't so sure, however. US laws prohibit not just the export of powerful encryption technology, but re-export as well. As a result, he says, any attempt by Network Associates' executives to export the software from the Netherlands would be a crime punishable in a court of law if federal lawyers could show the end product was at least 25 percent American. Prosecution of foreign nationals could be difficult, especially given the Netherland's disinterest in controlling strong encryption. "Can we reach a foreign national? Sometimes we can, sometimes we can't," he said. Books yes, software no Encryption advocates say there's more than a bit of irony in the Network Associates story. For years, the government has avoided First Amendment challenges to encryption controls by drawing distinctions between source code in book form and software on diskettes. As long as US attorneys could claim they would control only finished software and not books, they could safely say their controls were constitutional. Yet two court challenges to the regulations say that source code itself is speech, regardless of whether it exists in books or floppy disks. By giving safe harbor to books, attorney Cindy Cohn said, the government has effectively reduced export controls to meaninglessness. Cohn is counsel to Daniel Bernstein, a professor who has filed suit to publish the source code to his encryption program "Snuffle" on the Internet. Cohn disputed Reinsch's interpretation of regulations governing "re-export" of encryption. "I don't think you can take something that's protected expression at the time it's exported and then claim that it suddenly becomes an export item on the other side," she said. "I'm pleased that PGP is continuing to take advantage of the obvious inconsistencies in the regulations." Will Rodger Voice: +1 202-408-7027 Washington Bureau Chief Fax: +1 202-789-2036 Inter@ctive Week http://www.interactiveweek.com A Ziff-Davis Publication http://www.zdnn.com PGP 5.0: 584D FD11 3035 0EC2 B35C AB16 D660 293F C7BE 3F62 PGP 2.6.2: D83D 0095 299C 2505 25FA 93FE DDF6 9B5F
Current thread:
- IP: PGP sells crypto in Europe - with no back doors. Dave Farber (Mar 20)