ONE DAY DEADLINE! The House Intelligence Committee will probably make their decision on the vital issue of cryptography export tomorrow afternoon, Wed. June 15, 1994. If you've not had your say on whether the State Dept. & NSA will be allowed to continue to restrict the flow of public cryptographic products, write, call and fax today. Updated fax information for the entire Intelligence Cmte. is below, as is a sample letter, and background information on this important legislative action. If you don't get through on your first fax attempt, keep trying. All of these numbers have been tested and are working as of June 14.
What You Can Do
1) Fax a short letter TODAY to the chair of the Intelligence Committee, Representative Dan Glickman (D-KS). Ask him in your own words to leave the encryption provisions of H.R. 3937 intact. You may wish to send a copy of this to the committee itself also. Fax number: +1 202 225 5398 Committee fax: +1 202 225 1991
2) If you are unable to fax a letter, send an e-mail message to Rep. Glickman at glickman@eff.org or by clicking here We'll deliver it for you, provide it arrives before noon, at which point all such messages must be delivered.
3) Personally urge everyone you know to send a similar fax to Rep. Glickman TODAY, especially if they are among Glickman's Kansas constituents.
4) If your own Representative is on the Intelligence Committee, send him or her a copy of what you sent Rep. Glickman.
Phone and Fax Numbers
House Intelligence Committee
Subcommittee phone: +1 202 225 4121
Subcommittee fax: +1 202 225 1991 <== send your fax HERE <==
D KS Glickman, Daniel +1 202 225 6216 +1 202 225 5398 Chair
D WA Dicks, Norman D. +1 202 225 5916 +1 202 226 1176
D CA Dixon, Julian C. +1 202 225 7084 +1 202 225 4091
D NJ Torricelli, Robert +1 202 224 5061 +1 202 225 0843
D TX Coleman, Ronald D +1 202 225 4831 +1 202 225 4831
[Coleman's staff manually switch line to fax if they hear fax tones. -
preceeding your fax
with a voice call might help]
D CO Skaggs, David E. +1 202 225 2161 +1 202 225 9127
D NV Bilbray, James H. +1 202 225 5965 +1 202 225 8808
D CA Pelosi, Nancy +1 202 225 4965 +1 202 225 8259
D TX Laughlin, Gregory +1 202 225 2831 +1 202 225 1108
D AL Cramer Jr, Robert +1 202 225 4801 private
D RI Reed, John F. +1 202 225 2735 +1 202 225 9580
D MO Gephardt, Richard +1 202 225 2671 +1 202 225 7452
R TX Combest, Larry +1 202 225 4005 +1 202 225 9615
R NE Bereuter, Douglas +1 202 225 4806 +1 202 226 1148
R CA Dornan, Robert K. +1 202 225 2965 private
[Dornan's public fax disconnected; office refuses to divulge a fax
number]
R FL Young, C. W. (Bill) +1 202 225 5961 +1 202 225 9764
R PA Gekas, George W. +1 202 225 4315 +1 202 225 8440
R UT Hansen, James V. +1 202 225 0453 +1 202 225 5857
R CA Lewis, Jerry +1 202 225 5861 +1 202 225 6498
R IL Michel, Robert H. +1 202 225 6201 +1 202 225 9461
FAX to: 202-225-1991 and 202-225-5398
Representative Daniel Glickman
Chair
House Intelligence Committee
U.S House of Representatives
Dear Representative Glickman:
I realize that tomorrow your committee will probably act on the encryption provisions of H.R. 3937, the Export Administration Act of 1994. I urge that you allow them to remain as they were introduced in Rep. Cantwell's H.R. 3627, and subsequently incorporated into H.R. 3937. Privacy is the basis for my concern, and I support the ability to use secure encryption. Additionally, prohibiting the export of secure cryptography from the United States puts the U.S. at a competitive disadvantage internationally, for who would choose to use crypography known to be insecure (such as the "Clipper Chip", or products intentionally weakened to pass excessively stringent export restrictions)? Please, support privacy and security by preserving the cryptography export language of H.R. 3937.
More Information
The actual text of this part of H.R. 3937 is at:
For current status on the bill:
A general Web page on crypto export policy is here, or at
Background from John Gilmore, EFF Board of
Directors
Today, the U.S. State Department controls the export of most
encryption, working closely with the National Security Agency (NSA) to
limit products that provide real privacy, from cell-phones to PC
software. A bill introduced by Rep. Maria Cantwell would instead give
authority over non-military crypto exports to the Commerce Department.
Commerce has much more reasonable regulations, with "First Amendment"-
style unlimited publishing of publicly available software, including PGP,
Kerberos, RIPEM, RSAREF, and mass-market commercial software. The bill
also prevents the Commerce Dept. from tightening the regulations even if
NSA somehow gets its tentacles into Commerce.
A few months ago, you-all sent over 5600 messages to Rep. Cantwell in
support of her bill, H.R. 3627. As a result, on May 18, the bill
passed the House Foreign Affairs Committee by being incorporated into
the Export Administration Act of 1994, H.R. 3937.
Now the battle has become more intense. This portion of H.R. 3937 has
been referred to the House Intelligence Committee with the intent to
kill or severely maim it. We need your help again, to urge the
Intelligence Committee to keep crypto export liberalization intact.
The House and Senate Intelligence Committees, the only watchdogs for
the NSA, tend to follow the agency's wishes when they wave the magic
"national security" wand. They need plenty of input from the public
that tells them that the nation will be more secure with good
encryption, even though the NSA will be less happy.
Not just computer users, but all users of telephones, cable TV, health
care, and credit information systems would benefit from this change.
The security of these applications is built on the foundation laid by
the operating systems and network protocols on which they run. If
this bill is passed, you will see high quality encryption built into
Microsoft Windows, into the MacOS, into major Unix workstations, into
the Internet, into cellular phones, into interactive television. The
software already exists for confidentiality, privacy, and security of
local and networked information, but it's not built-in to these
systems because of the export ban. Today, each company could build
two operating systems, one gutted for international use, but this
would be costly and confusing for them and their customers, and would
not allow international networks such as the Internet or telephones to
be made secure and private. With this bill, these limits disappear.
Furthermore, the Clinton Administration plans to permit high volume
exports of Clipper products, while continuing to require tedious
paperwork for truly secure encryption products. The bill would give
Clipper and other crypto software more even-handed treatment.
The bill also eliminates a senseless situation on the Internet.
Today, crypto software can only be freely distributed from non-U.S.
archive sites. It would eliminate that problem as well as the threat
of prosecution against U.S. freeware authors of crypto software.
This is the dream we've all been working toward. The Intelligence
Committee must make its decision on the bill before June 16, so time is
critical. Thanks again for your help! You can check at any time on the
current status of the campaign at the location mentioned above. Send any
comments on this campaign by clicking here
or by sending email to campaign@eff.org.
John Gilmore
Return to the Table of Contents
For details on how to do your own FOIA submissions, get documents here or at ftp.eff.org,/pub/EFF/Issues/FOIA/ viaanonymous ftp.
These documents were obtained by Lee Tien, an attorney for EFF Boardmember John
Gilmore. Each document was scanned and edited for
obvious mistakes.
The full documents are available at:
A brief description of the content of each of the documents: [file names in
brackets are
the BBS filenames]
itar_hr_govop_hearing.transcript [ITARHEAR.TRN]
mcconnell_zablocki.letter [ITAR2.LTR]
olson_mcconnell.letter [ITAR3.LTR]
shiffren_tien.letter [ITAR4.LTR]
simms_mcconnell.memo [ITAR5.MEM]
simms_robinson.memo [ITAR6.MEM]
Return to the Table of Contents
The EES Capstone chips, used in PCMCIA cards for data encryption on laptop
computers, use the same cryptographic algorithm (Skipjack) and key "escrow"
system as the infamous Clipper chips, though according to AT&T, the
misfeature does not directly apply to Clipper, since it is intended for use
in telephone equipment rather than computers. More importantly, however,
is the fact that Blaze's discovery indicates a deep flaw in the entire EES
scheme. Clipper's "immunity" is only accidental, and questionable - the
flaw is also present in the Clipper EES system, just not as easy to exploit.
Both Clipper and Capstone rely on a series of numbers referred to as the
LEAF (Law Enforcement Access Field). The LEAF is used to verify chip
serial numbers, create a session key for encryption, and validate the
session key. Law enforcement or intelligence agents could use a recording
of a Clipper conversation, or a copy of Capstone-encoded data, to identify
the chip serial number, and obtain copies of the keys held by the "escrow"
agents. Using these keys, they may decrypt the message or data at will -
and the idea of the government holding the keys to personal privacy has
been the primary objection to the EES scheme.
The flaw Blaze has unearthed is another objection among many: anyone with
"sufficient" computer skills can alter the LEAF to verify validity of a
session key with an fake serial number, thereby defeating the entire
purpose behind the EES - agents would have no idea which Clipper/Capstone
chip produced the encrypted information, and thus would be unable to get the
decryption keys.
According to a June 2 article by John Markoff in the _New_York_Times_, NSA
officials do not deny the existence of the flaw, though both NSA and AT&T
maintain that Clipper is still useful.
The full text of Dr. Blaze's report, "Protocol Failure in the Escrowed
Encryption Standard", is
available from:
[Filenames in brackets are BBS filenames. ZIP-compressed copies are also
available on
the BBS.]
ASCII version: ees_flaw_blaze.paper [EESFLAW.PPR]
Also of interest:
ees_nist_senate.answers [EES_NIST.ANS] - answers from NIST to the Senate
Technology and Law Subcommittee's 30 pointed questions regarding the
EES/Clipper. Some of the answers are literally astounding.
Return to the Table of Contents
[Background: Beginning in Jan. 1994, Phil Karn attempted to have Commodity
Jurisdiction over Bruce Scheier's Applied Cryptography and a related
diskette - containing the same source code as the book - shifted from
the State Dept., notorious for refusing the export of cryptographic
material, to the Commerce Dept., which regularly approved such export.
The State Dept. aknowledged that they did not have jurisdiction over the
book, but illogically maintain that the diskette is within their
jurisdiction, and is not to be exported. Karn's appeal, and his own
letter regarding the crypto export provisions of H.R. 3937 follow. - ed.]
I just filed my appeal by fax; I will follow up with a mailed copy. [...]
Note that the "Center for Defense Trade" mentioned in the ITARs as the
address for administrative appeals no longer exists. I got
Dr. Harris's name and address from Tom Denners of ODTC.
Dr. Martha C. Harris
Subject: Appeal in CJ Case 081-94, "Applied Cryptography Source Code
Disk"
Also references: CJ Case 038-94, "Applied Cryptography", a book by Bruce
Schneier
APPEAL OF COMMODITY CLASSIFICATION
This is an appeal under 22 CFR 120.4(g) of an adverse decision by the
Office of Defense Trade Controls (ODTC) in the above cited case. It
is also a request for ODTC to justify their decision and to respond to
the points made here.
INTRODUCTION
In its May 11, 1994 reply in CJ Case 081-94, ("the Response") ODTC
classified the subject of this appeal, the "Applied Cryptography
Source Code Disk", ("the Diskette") as a defense article under
category XIII(b)(1) of the United States Munitions List. I hereby
formally appeal this determination on several grounds:
DISCUSSION
1. The Diskette Should Qualify For The ITAR Public Domain Exemption As
A
Result of
ODTC's Decision in CJ Case 038-94
In its Response, ODTC said:
This appears to be the basic rationale for ODTC's decision in this
matter. I respectfully submit that the statement presents an
arbitrary and capricious distinction, but no meaningful difference,
between the information which is found in the Book and the
Diskette. That characterization of the Diskette provides no basis in
either law, regulations, or logic for ODTC's decision.
The Diskette is as close to Part Five of the Book as one could make
it. The typographic layout of the Book makes it absolutely clear,
even to the non-programmer, where each cryptographic subroutine begins
and ends. The name of each routine appears in bold font before the
routine itself and in the header of each page. Moreover, the Diskette
uses these same names for its files.
The Response goes on to list the cryptographic routines included in
the Diskette and says that they would not be exportable if they were
incorporated into a product. But this is irrelevant to the present
matter, since all of these routines appear in the Book, which ODTC had
already ruled in CJ Case 038-94 to be outside its licensing
jurisdiction and therefore exportable. The decision in this case must
be based on a comparison to the Book, which is functionally identical
to the Diskette, not to some hypothetical product.
The only real difference between the Book and the Diskette is the one
stated in my original request: the medium on which the information is
recorded.
Presumably, ODTC's phrase "added value" referred to the easy
machine-readability of the Diskette. But "machine-readability" is no
longer well defined; it cannot be limited to information stored on
computer disks. With the widespread availability of optical character
recognition (OCR) equipment and software, even printed information
such as the Book is easily turned into "machine readable" disk files
equivalent to those on the Diskette. Moreover, this only need be done
once. It is then absolutely trivial to duplicate and disseminate the
resulting files by telephone modem or over the Internet.
And even without OCR capabilities, anyone with typing skills could
easily type in the routines from the Book, again producing machine
readable disk files.
2. The Diskette Should Qualify For The ITAR Public Domain Exemption
Regardless of the Decision in CJ Case 038-94 Because the Diskette Is Itself
Already in the
Public Domain
The issue of whether or not the Diskette is an exact representation of
the Book is really a red herring. Even if the Diskette contained
source code not in the Book, or even if the Book did not exist at all,
the Diskette itself is in the public domain.
The ITAR at 120.10(5) exempts from the definition of controlled
"technical data" "information in the 'public domain' as defined in
120.11", and 120.11 defines "public domain" as "information which is
published and which is generally accessible or available to the
public" from libraries or through subscription, among other means. Of
particular interest is the lack of any mention of the allowable media
or medium on which the information must be recorded to qualify for
"public domain" status. This is hardly surprising in that any such
restriction would be at once illogical and offensive to the First
Amendment.
This Diskette is obviously within the "public domain". Anyone may
obtain it by mail order from the author for a nominal charge to cover
duplication and mailing. (The restriction to US and Canadian
addresses exists only because of uncertainty about US export
regulations.) Furthermore, much of the source code contained on the
disk is in the public domain, in the even broader sense of the
original authors having granted blanket copying and use permission, or
relinquished copyright altogether.
The software on this Diskette is also readily available to the public
from many "anonymous FTP" repositories on the Internet, several of
which are outside the United States and Canada. These repositories
clearly qualify as "libraries open to the public" under 120.11(4).
Indeed, it seems that the subject software is even more strongly
"public domain" (in the ITAR sense) in machine readable form than in
book form, precisely because the machine readable form is so much more
readily obtainable.
3. The First Amendment Protects Absolutely the Freedom of Speech and
the
Press, Regardless of the Medium of Expression
The export of publicly available cryptographic information, including
software, is protected by the First Amendment to the Constitution.
The US Supreme Court has written that "[t]he liberty of the press is
not confined to newspapers and periodicals. It necessarily embraces
pamphlets and leaflets.... The press in its historic connotation
comprehends every sort of publication which affords a vehicle of
information and opinion" (Lovell v. City of Griffin, 1938). Freedom
of the press, says the Court, includes "the right of the lonely
pamphleteer who uses carbon paper or a mimeograph as much as of the
large metropolitan publisher who utilizes the latest photocomposition
methods" (Branzburg v. Hayes, 1972).
The computer network, the bulletin board system (BBS) and even
"sneakernet" (the manual exchange of diskettes) are clearly the modern
successors to the mimeograph machine. Users of these systems have just
as much First Amendment protection, including the right to export
their works, as John Wiley & Sons, publishers of "Applied
Cryptography".
There is opinion that the power to control exports is a Presidential
national security and foreign policy function that deserves wide
deference by the courts. But the national security power, "like every
other governmental power, must be exercised in subordination to the
applicable provisions of the Constitution" (US v Curtiss-Wright Corp,
1936). In Baker v Carr (1962), the Supreme Court said "[I]t is error
to suppose that every case or controversy which touches foreign
relations lies beyond judicial cognizance".
In Bullfrog Films, Inc. vs Wick (1988) the Federal Court of
Appeals for the 9th Circuit said "We ... reject ... the suggestion
that the First Amendment's protection is lessened when the expression
is directed abroad. The cases cited by the government do not support
its contention that otherwise protected free speech interests may be
routinely subordinated to foreign policy concerns".
And in New York Times Co v US, 1970, popularly known as the "Pentagon
Papers" case, the Supreme Court said, "[A]ny system of prior
restraints of expressions comes to this Court bearing a heavy
presumption against its constitutional validity" and the government
"thus carries a heavy burden of showing justification for the
imposition of such a restraint".
It thus seems impossible to argue that export controls on information,
including software, widely available in the United States, and even
already available in published form outside the US (such as the
Diskette) are necessary to prevent a "substantial likelihood of
serious damage to national security or foreign policy" (Haig v Agee,
1981). Ordinary common sense says that ODTC's ruling in CJ Case
081-94 is arbitrary, capricious and wholly indefensible.
Indeed, in the most celebrated prior restraint case (United States vs
The Progressive, 1979), the government gave up all further attempts to
control the dissemination of the information in question (design
principles for thermonuclear weapons) once the Department of Justice
became aware that the information it sought to ban had been published
in the United States. Trying to ban further dissemination of that
publication would have been both unconstitutional and futile, as are
current attempts to control the export of public domain cryptographic
software.
Even an Assistant Attorney General of the Department of Justice has
expressed the opinion that export controls on publicly available
cryptographic information are unconstitutional:
This opinion is entitled to special weight because Mr. Harmon was, at
that time, in charge of the Office of Legal Counsel, the office which
is responsible for preparing all the official opinions of the Attorney
General.
CONCLUSION
I seek a favorable ruling that would recognize the "public domain"
exemption for publicly available cryptographic software, such as the
subject diskette, regardless of the medium on which it is recorded.
I hope this will be possible through administrative appeal. Should it
become necessary, however, I am fully determined to seek judicial
relief.
Sincerely,
___________________________________________________________________________
______________________________________
Rep. Dan Glickman
Dear Representative Glickman:
I am writing to urge you and your committee to leave intact the
encryption provisions of Rep. Cantwell's bill, HR3627, as they amend
the Export Administration Act of 1994, HR 3937.
Rep. Cantwell's reforms are sorely needed. The US State Department,
acting on behalf of the National Security Agency, stubbornly treats
even widely available public domain encryption software as a
"munition" that cannot be exported without a license -- which is
invariably denied.
I personally have been denied authorization to export a floppy disk
containing exactly the same encryption software that has already been
published in a book -- even though State agreed that the book itself
was outside their jurisdiction, presumably because of the First
Amendment guarantee of freedom of the press. This situation is
offensive to the Constitution and to common sense. It is completely
intolerable.
Once again, I urge you to retain the provisions of Rep. Cantwell's
bill in full as your committee considers the Export Administration Act
of 1994.
Sincerely,
Return to the Table of Contents
"Playboy magazine and the Graphics forums are hosting a "Censorship in
Cyberspace" conference to discuss the heated media controversy surrounding
the questions: can and should cyberspace be censored? The conference will
feature a dialogue with highly esteemed First Amendment experts and will be
held in the CompuServe Convention Center on 16-Jun at 10 p.m. EDT (04:00
CET). Members can send questions in advance to User ID 75300,1610. Title
your message's subject "Playboy Conference" to ensure that your questions
are registered.
"To attend the conference in the Convention Center, GO CONVENTION. For
more information about graphics and your computer, GO GRAPHICS [or GO
GRAPHNEWS]. The CompuServe Convention Center and the Graphics forums are
each a part of CompuServe's extended services."
CIS members with Internet access can reach the service by using telnet to
connect to compuserve.com.
Return to the Table of Contents
Doug graduated from Thomas Stone H.S. in Waldorf Maryland in June 1986, a
2 year National Honor Society member, and moved on to Charles County
Community College, Chesapeake College, and Anne Arundel Community College,
as a Microcomputer Operations student.
Doug enjoys music and video production, biking, and swimming. He says,
"my #1 love is my dog Katie."
Return to the Table of Contents
PGP and similar material are available from EFF's ftp site in a hidden
directory, but only to Americans and Canadians, due to U.S. ITAR export
restrictions on cryptographic products. Access to this directory
can be obtained by reading and following the instructions in the README.Dist
file at:
PGP can only be obtained from EFF via ftp currently. Gopher and WWW access to
the
material itself is not supported at this time.
If you would like to see US export restrictions on cryptography removed,
please send a message supporting the retention of Rep. Cantwell's export
reform language (originally bill HR3627) in bill HR3937, to Rep. Glickman's
fax number or click here or email to
glickman@eff.org - TODAY. See lead article for details.
Please ask your Representatives to co-sponsor this bill if it includes Rep.
Cantwell's export provisions, and ask your Senators to co-sponsor Sen.
Murray's companion bill (S1846) in the US Senate. Congress contact
information is available here or
at: ftp.eff.org,/pub/EFF/Issues/Activism/govt_contact.list
Return to the Table of Contents
The globalization of the Internet, satellite-based Internet
Protocol multicasting, and strategies for dealing with Internet
address allocation are just three of the subjects discussed by
leading Internet developers on four new audiotapes we just released.
John Perry Barlow is a retired Wyoming cattle rancher, a
lyricist since 1971 for the Grateful Dead who holds a degree in
comparative religion from Wesleyan University. In 1990, Barlow
co-founded the Electronic Frontier Foundation with Mitch Kapor,
and currently serves as chair of its executive committee.
In his keynote address to the Winter 1994 USENIX Conference,
Barlow talks of recent developments in the national information
infrastructure, telecommunications regulation, cryptography,
globalization of the Internet, intellectual property, and the settlement
of Cyberspace. This talk explores the premise that "architecture is
politics"--that the technology adopted for the coming "information
superhighway" will help to determine what is carried on it. If the
electronic frontier of the Internet is not to be replaced by electronic
strip malls controlled by the old broadcast content providers, we need
to make sure that our technological choices favor bi-directional
communication and open platforms. Side A contains the keynote; Side B
contains a question and answer period.
This and other O'Reilly products are available in the Americas
and Japan through bookstores, or directly from the publisher here or by these other methods
- credit card orders 800-889-8969; email order@ora.com.
For information: telephone 707-829-0515 (800-998-9938 in US &
Canada); FAX 707-829-0104; email nuts@ora.com; or write O'Reilly &
Associates, 103A Morris St., Sebastopol, CA, 95472, USA.
GSA # GS-02F-6095A. Access our online gopher catalog via "telnet
gopher.ora.com" (log in as "gopher" -- no password needed).
Our international distributors:
Return to the Table of Contents
ftp: ftp.eff.org
Attempting to telnet, ftp, or gopher to eff.org will result in an error
message.
Return to the Table of Contents
Who will decide how much privacy is "enough"?
The Electronic Frontier Foundation believes that individuals should be
able to ensure the privacy of their personal communications through any
technological means they choose. However, the government's current
restrictions on the export of encrytion software have stifled the
development and commercial availability of strong encryption in the U.S.
Now, more than ever, EFF is working to make sure that you are the one that
makes these decisions for yourself. Our members are making themselves heard
on the whole range of issues. To date, EFF has collected over 5000 letters
of support for Rep. Cantwell's bill (HR3627 - Sen. Murray's companion bill
is S1846) to liberalize restrictions on cryptography. The bill's
provisions, now part of the more general HR3937, will need your
immediate and vocal support to succeed. We also gathered over 1400 letters
supporting Sen. Leahy's open hearings on the proposed Clipper encryption
scheme, which were held in May 1994.
If you'd like to add your voice in support of the Cantwell bill's
language, which is in danger of being stripped from HR3627, fax the House
Intelligence Committee Chair, Rep. Dan Glickman at +1 202 225 5398, or the
Committee at +1 202 225 1991, or send email here
or to glickman@eff.org IMMEDIATELY (letters received at the glickman
alias will be
printed and delivered to Rep. Glickman before noon [EDT], June 15.)
You KNOW privacy is important. You have probably participated in our
online campaigns. Have you become a member of EFF yet? The best way to protect
your online rights is to be fully informed and to make your opinions heard.
EFF members are informed and are making a difference. Join EFF today!
-------- 8< ------- cut here ------- 8< --------
================================================
MEMBERSHIP IN THE ELECTRONIC FRONTIER FOUNDATION
================================================
Print out and mail to:
I wish to become a member of the Electronic Frontier Foundation. I enclose:
Special Contribution
I wish to make an additional tax-deductible donation in the amount of
$__________ to further support the activities of EFF and to broaden
participation in the organization.
PAYMENT METHOD:
___ Enclosed is a check payable to the Electronic Frontier Foundation.
___ Please charge my:
Card Number: ___________________________________________
Expiration Date: _________________________________________
Signature: ______________________________________________
NOTE: We do not recommend sending credit card information via the
Internet!
YOUR CONTACT INFORMATION:
Name: _________________________________________________
Organization: ____________________________________________
Address: ________________________________________________
___________________________________________________
Phone: (____) _______________ FAX: (____) _______________ (optional)
E-mail address: __________________________________________
PREFERRED CONTACT
___ Electronic: Please contact me via the Internet address listed above.
___ EFFector Online - EFF's biweekly electronic newsletter
(back issues available from ftp.eff.org/
pub/EFF/Newsletters/EFFector).
___ Online Bulletins - bulletins on key developments
affecting online communications.
NOTE: Traffic may be high. You may wish to browse these publications in
the Usenet newsgroup comp.org.eff.news (also available in FidoNet, as
EFF-NEWS).
___ Paper: Please contact me through the U.S. Mail at the street
address listed above.
PRIVACY POLICY
EFF occasionally shares our mailing list with other organizations promoting
similar goals. However, we respect an individual's right to privacy and
will not distribute your name without explicit permission.
___ I grant permission for the EFF to distribute my name and contact
information to organizations sharing similar goals.
This form came from EFFector Online (please leave this line on the
form!)
-------- 8< ------- cut here ------- 8< --------
Reproduction of this publication in electronic media is encouraged. Signed
articles do not necessarily represent the views of EFF. To reproduce
signed articles individually, please contact the authors for their express
permission. Press releases and EFF announcements may be reproduced individ-
ually at will.
To subscribe to EFFector via email, send message body of "subscribe
effector-online" (without the "quotes") to
listserv@eff.org,
which will add you to a subscription list for EFFector.
Back issues are available at:
HTML editions available at:
Return to the Table of Contents
Chairman, EFF Crypto Committee
EFF Board of Directors
Member of Computer Professionals for Social Responsibility
Member of International Association for Cryptologic Research
Subject: FOIA Documents Reveal Even OLA and OLC Know ITAR Is
Unconstitutional
The documents detailed below were obtained by Freedom of Information Act
requests. They reveal that the Office of Legal Counsel and Office of
Legislative Affairs have determined that portions of the ITAR export
restrictions, which cover the export of cryptographic products, infringe
the First Amendment, and also indicated that several Congressional
committees, the President, and the Departement of State have been made
aware of the constitutional problem of the International Traffic in Arms
Regulations. Despite these facts, the cryptography export provisions of
H.R. 3937 are still in danger of being removed or rendered worthless in
committee tomorrow.
This is the transcript of a series of hearings held before a
subcommittee of the House Comittee on Government
Operations. It is especially interesting for the two items it
includes in the report; one memo shows that the Office of Legal
Counsel concluded that ITAR was unconstitutional, and some
testimony indicates that the State Department and the
President may have ignored possibly binding legal advice from
the OLC.
mcconnell_garn.letter [ITAR1.LTR]
This is a letter from Robert McConnell, Assistant Attorney
General for Legal and Intergovernmental affairs to Jake Garn,
the Chairman of the Senate Committee on Banking, Housing,
and Urban Affairs. This letter highlights the position that the
term "technology" as defined by the ITAR is overly broad and
presents a probable violation of the First Amendment.
Clement Zablocki was the Chairman of the House Committee on
Foreign Affairs. This letter is a review of a bill that would
amend the Arms Export Control Act (AECA). It is particularly
good in that it makes a compelling argument for why the ITAR
establishes a system of prior restraint.
This is a follow-up letter to Robert McConnell from Theodore
Olson, Assistant Attorney General for the Office of Legal
Counsel. It reaffirms the OLC position that the ITAR establishes
a regulatory scheme that "extends too broadly into an area of
protected First Amendment speech."
The cover letter/reply to Lee Tien's FOIA request. Notable for
the fact that there are other documents (specifically from the
FBI and NSA) that could be relevant.
A brief note acknowledging that the ITAR is overly broad, from
Simms of OLA to McConnell.
This is a memo prepared for Davis Robinson, then the Legal
Adviser for the Department of State. This is a very well-
documented paper on the various unconstitutional provisions
of ITAR. The two areas this memo concentrates on are the
"technical data" definition as well as the definition of "export."
Near the conclusion, Simms states: "We remain of the opinion,
however, that ... the ITAR still present some areas of
potentially unconstitutional application. ...The best legal
solution ... is for the Department of State, not the courts, to
narrow the regulations."
Subject: Blaze Paper Details Hole In Clipper/Capstone/EES Scheme
Dr. Matthew Blaze, an AT&T Bell Labs researcher, recently discovered a
fundamental flaw in the Administration/NSA Escrowed Encryption Standard
cryptographic chips, particularly those known originally as Capstone.
BBS: +1 202 638 6119, 6120 (8-N-1, 14.4k), "Privacy--Clipper/ITAR" file
area
PostScript version: ees_flaw_blaze_paper.ps.gz [EESFLAW.PS]
Subject: Karn Files Crypto Export CJ Appeal for Applied Cryptography Disk
From: Phil Karn Email:
karn@unix.ka9q.ampr.org
Deputy Assistant Secretary For Export Controls
United States Department of State
Room 7325A
Washington DC 20522
202-647-1346 (fax)
The text files on the subject disk are not an exact
representation of what is found in "Applied Cryptography."
Each source code listing has been partitioned into its own
file and has the capability of being easily compiled into
an executable subroutine.
"It is our view that the existing provisions of the ITAR are
unconstitutional insofar as they establish a prior restraint on
disclosure of cryptographic ideas and information developed by
scientists and mathematicians in the private sector".
(Memorandum from J. Harmon, Department of Justice, to F. Press, Science
Advisor to
the
President dated May 11, 1978, reprinted in "The Government's Classification of
Private
Ideas: Hearings Before a Subcommittee of the
House Committee on Government Operations", 96th Congress, 2nd Session,
1980.)
Philip R. Karn, Jr
Chairman, House Intelligence Committee
US House of Representatives
Washington, DC
202-225-1991 (fax)
Philip R. Karn, Jr.
Subject: EFF's Godwin at Cyberspace Censorship Conference on CompuServe
Mike Godwin, EFF Online Counsel, will be part of a "virtual panel" at CIS's
"The Cyberconference: Censorship", Thursday, June 16. CompuServe's
announcement states:
Subject: A New Face at EFF - Doug Craven, Office Manager/Bookkeeper
Originally from Miami Florida, Doug came to EFF in May 1994 to take over
office management duties, having served as Senior Office Manager for four
years and accounting positions for another four years with previous
employers as diverse as academic institution, commercial enterprises, a
water company and the FBI.
Subject: PGP 2.6 Available from Electronic Frontier Foundation FTP Site
The latest DOS, Unix and Mac implementations of PGP (Pretty Good Privacy)
2.6, a freeware encryption program that has rapidly become the defacto
standard for Internet email, is now available from ftp.eff.org via
anonymous ftp.
Subject: USENIX Address of EFF's Barlow Available on Cassette from O'Reilly
From: Brian Erwin
brian@ora.com
USENIX Conference Keynote Address
January 17, 1994; San Francisco, CA
Duration: 90 minutes, ISBN: 1-56592-992-6, $9.95 (US)
Subject: Note About our Internet Sites
To clarify a potential confusion, please note that eff.org is our staff
machine - where we get our email, etc. EFF's public services are available
from specific services:
gopher: gopher.eff.org
WWW: http://www.eff.org
WAIS: wais.eff.org [when available]
telnet: n/a
Subject: What YOU Can Do
"Cryptography is an enormously powerful tool that needs to be
controlled, just as we control bombs and rockets."
- David A. Lytel, President's Office of Science and Technology
Policy
Membership Coordinator
Electronic Frontier Foundation
1001 G Street, NW, Suite 950 East, Washington, DC 20001
$__________ Regular membership -- $40
$__________ Student membership -- $20
___ MasterCard ___ Visa ___ American Express
I would like to receive the following at that address:
Administrivia
EFFector Online is published by:
The Electronic Frontier Foundation
1667 K St. NW, Suite 801
Washington DC 20006-1605 USA
+1 202 861 7700 (voice)
+1 202 861 1258 (fax)
+1 202 861 1223 (BBS - 16.8k ZyXEL)
+1 202 861 1224 (BBS - 14.4k V.32bis)
Membership & donations:
membership@eff.org
Legal services: ssteele@eff.org
Hardcopy publications: pubs@eff.org
General EFF, legal, policy or online resources queries:
ask@eff.org
Editor: Stanton McCandlish, Online Services Mgr./Activist/Archivist
(mech@eff.org)
This newsletter printed on 100% recycled electrons.
To get the latest issue, send any message to
effector-reflector@eff.org
(or er@eff.org), and it will be mailed to
you automagically. You can also get the file "current" from the EFFector
directory at the above sites at any time for a copy of the current
issue.
ftp.eff.org,/pub/EFF/Newsletters/EFFector/
gopher.eff.org,1/EFF/Newsletters/EFFector/
http://www.eff.org/pub/EFF/Newsletters/EFFector/
http://www.eff.org/pub/EFF/Newsletters/EFFector/HTML/
at EFFweb.