[5619] in cryptography@c2.net mail archive
Re: more re Encryption Technology Limits Eased
daemon@ATHENA.MIT.EDU (John Gilmore)
Thu Sep 16 15:40:33 1999
Message-Id: <199909161925.MAA15898@toad.com>
To: "Perry E. Metzger" <perry@piermont.com>, farber@cis.upenn.edu
Cc: cryptography@c2.net, gnu@toad.com
In-reply-to: <87ogf2y8lk.fsf@boojum.piermont.com>
Date: Thu, 16 Sep 1999 12:25:21 -0700
From: John Gilmore <gnu@toad.com>
Dave Farber:
> As I said , the devil is in the details.
Let me agree. Remember when the Administration said it was giving
industry what it wanted -- transferring crypto exports to the Commerce
Dept? And when later "industry" worked out a deal so they could "easily"
export key-recovery products, only to discover that in the final regs
and procedures it really wasn't so easy?
There's a vague and undefined term in the press leaks so far:
One-Time Technical Review
What does this mean? It appeared in some early crypto liberalization
bills floated in Congressional committees. Does it mean:
* On the same day that you first put your encryption invention
on your web site, you have to send a binary copy to the NSA?
or: * BEFORE you post your encryption invention on your web site,
you have to send a copy to NSA?
or: * BEFORE you post it, you have to send a copy to NSA -- AND THEN WAIT
until they say you can export it?
or: * BEFORE you post it, you have to send the source code to NSA --
and rather than a mere delay, they have the option to respond
by telling you that you just can't export it?
or: * You can't post it at all -- you need to provide details about
each person who receives it, and you don't know that about the
people who download it.
or: * ....infinite variations....
We'll only really know once the regulations are published, which is
rumored to be in a few months.
John
