[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
LYNX-DEV Re: NSA's opinion on what it's legal to do (fwd)
From: |
Michael Richardson |
Subject: |
LYNX-DEV Re: NSA's opinion on what it's legal to do (fwd) |
Date: |
Thu, 24 Oct 1996 10:25:25 -0400 (EDT) |
This message was posted to the IPsec list. It may shed some light
on another view about incorporating SSL hooks.
I still favour the isolate and replace entire file solution. But,
I also consider this a "hook"
Forwarded message:
> From address@hidden Thu Oct 24 10:12:49 1996
> Message-Id: <address@hidden>
> To: Karl Fox <address@hidden>
> cc: address@hidden, address@hidden, address@hidden
> Subject: Re: NSA's opinion on what it's legal to do
> In-reply-to: <address@hidden>
> Date: Wed, 23 Oct 1996 16:14:38 -0700
> From: John Gilmore <address@hidden>
> Sender: address@hidden
> Precedence: bulk
>
> > As to exporting development, the NSA told us that not only couldn't we
> > export source with any kind of hook for encryption, we couldn't even
> > hire someone outside of the country to add encryption to an existing
> > product without running afoul of the U.S. laws. Of course, I'm not a
> > lawyer, and am not suggesting that their claims were necessarily valid.
>
> I am stating, not suggesting, that their claims are deliberately invalid.
>
> The NSA regularly lies to people who ask it for advice on export control.
> They have no reason not to; accomplishing their goal by any legal means
> is fine by them. Lying by government employees is legal.
>
> NSA recently "distanced itself" from statements made by an NSA
> employee to Dan Bernstein, plaintiff in our lawsuit to overturn the
> export controls. In an official submission to the court, they cited
> court cases supporting the position that the advice that government
> employees give to citizens is not binding on the government and does
> not define the government's policy.
>
> One thing this employee had said to Dan, when he called up asking for
> advice about his crypto export, was that it wasn't legal to publish
> export-controlled technical data "with the intent" that it leave the
> country, even though published materials are exempt from the export
> controls on technical data. NSA now finds that position hard to
> defend in court, so they are claiming it never was their "official"
> position; their employee must simply have been mistaken. We
> tape-recorded their employee making the statement (with permission),
> so they couldn't simply deny that he'd said it.
>
> Karl, see what happens when you ask for NSA to restate their opinion,
> in writing.
>
> Jerry Rainville of NSA did a tremendous job in this regard a few years
> back. He convinced the standards committee for digital cellphones
> that if they even discussed encryption in open meetings, they would
> violate the ITAR. It was all complete bullshit, of course, but the
> committee believed it. The result is that digital cellphones ended up
> with no privacy. Just what NSA wanted -- with almost no effort on
> their part!
>
> In short, if you rely on NSA for legal advice, you have a malicious
> and untrustworthy lawyer. Get your own export lawyer! Since you're
> in Ohio, I suggest talking to Peter Junger's lawyers. Peter is a law
> prof at Case Western who is also challenging the ITAR in court. Try:
> Gino Scarselli, <address@hidden>, +1 216 291 8601; or
> Raymond Vasvari, <address@hidden>, +1 216 522 1925.
>
> John
>
> PS: Whether you can "export source with any kind of hook for
> encryption" is at the heart of our court case (see
> http://www.eff.org/pub/Legal/Cases/Bernstein_v_DoS/). Our judge has
> already ruled that publication of source code is protected by the
> First Amendment. The NSA "hook" doctrine (that they can control the
> distribution of source code that doesn't even include crypto, just
> hooks where it might be inserted or called) doesn't stand a chance.
> They are unlikely to prosecute any such case because of the serious
> risk that the law would be invalidated as a result. Fear, uncertainty
> and doubt serves their purposes much better than a narrow and
> enforceable law would. Fortunately for us, vague and overbroad laws
> are unconstitutional.
>
> PPS: Whether you can hire someone outside the country to add
> encryption to an existing product is legal in many circumstances (in my
> own opinion, though lawyers have provided signed opinions of counsel
> concurring with it). I believe that if the work is done by an outside
> contractor which is less than 50% owned by your company, it's
> definitely legal. There are probably other circumstances in which
> it's legal as well. Get a good lawyer to help you figure it out.
>
>
>
>
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- LYNX-DEV Re: NSA's opinion on what it's legal to do (fwd),
Michael Richardson <=