Conference back40::soapbox

    
    Forget about the solicitation part for a minute.
    
    If cryptographic software is a "munition" (if frogs grew fur), as
    the government claims, then wouldn't you have the right to keep
    and bear it (the precious second) ?  Perhaps this is the judicial
    test y'all's been waitin fer...
    
      bb

    Sounds like a bogus attempt on the part of big brother to  prevent us
    from having any privacy whatsoever. But Janet Reno's interested in
    prying into every aspect of our private lives, especially the flow of
    information between private individuals. Why they could be talking
    about guns after all...

    Big brother wants to nail him before he can finish his next
    project...the secure phone throught the computer thing.  Just imaging,
    the FBI, BATF, CIA, et-al would be unable to spy on your phone
    conversations with ease.  Please note that in the last box there was a 
    discussion on phone tap legislation...big brother wants communications 
    technology set up a certain way so they can spy on everyone.
    
    It is my guess that justice will NOT be served in this case, and the
    little guy (and the American public) will get screwed yet again.  We
    are too apethetic to do anything about it, though, and the government
    powers know it.
    
    -steve

    Back to the basenote.
    
    Phil will lose. The only unregulated industry in this country is the
    computer industry. The government powermongers have been searching for
    a way to get their claws on an industry that has made great strides in
    achievement, unobstructed by government interference. Government and
    all bureaucrats would give their eye teeth to steal the honest power
    generated by the computer industry. As this progresses watch the
    bureaucrats start to find all matter of false reports in order to
    convince the american public that the computer industry, including the
    internet, needs to be controlled. When this happens the industry will
    grind to a halt, putting a stop to the great values that have been
    produced. Further advances will be stifled as happened in the medical,
    transportation, food, and education industries.
    
    ...Tom

   Well, I don't subscribe to the world view Tom expresses.  I, of course,
   have one of my own.  If the Internet falls under government regulation,
   it will be because of some excess or outrage.  I don't think it's likely
   to happen, but I submit that with combination of a Republican (as in
   family-values, sexual-purity, and anti-crime) Congress and the explosive
   growth of sex-oriented newsgroups, picture-exchange clubs, and
   (apocryphal) FTP sites on the Internet might be the combination that
   triggers the action.
   
   Either that, or the heat in alt.discussion.politics.newt-gingrich will
   get too intense 8^)

    This topic is for discussion of cryptography, the export of PGP, and
    the government's investigation thereof.  Discussion of Digital's
    solicitation policy should go in topic 183.
    
    
    				-- edp
    
    
Public key fingerprint:  8e ad 63 61 ba 0c 26 86  32 0a 7d 28 db e7 6f 75
To find PGP, read note 2688.4 in Humane::IBMPC_Shareware.

    The Sunday New York Times Magazine ran a feature stroy on Whitfield
    Diffie, public key cryptography and the Clipper chip controversy, 
    I think, in the March-April timeframe of 1994. The story portrayed
    Diffie as congressional witness and activist, and talked about other
    players in the cryptography world (some of whom have significant
    financial investments at stake).
    
    I took a course in cryptography with Diffie a few years ago at
    Northeastern. Clear, well-organized lectures -- he's immensely
    knowledgeable about the history of cryptography, as well as the
    mathematics of it. 

  re last 5 - relevant replies moved here from the "Solicitations" topic

>             <<< Note 207.5 by DASHER::RALSTON "Ain't Life Fun!" >>>

>    produced. Further advances will be stifled as happened in the medical,
>    transportation, food, and education industries.
    
  I understand how government interference has "stifled" the medical (drugs,
devices, etc.) industry. How has it stifled advances in transportation?
  Sorry to rathole this topic, but I am very interested in transportation
(specifically, rail).
  Re PGP: I wonder if the plaintiff can get off the hook if he agrees not to
develop PGP Phone?
  I sort of understand why the government feels they must have the capability
to eavesdrop on all communications: paper, voice phone, and Internet. Are
they pursuing this as an export issue because there are no laws on the books
to prevent PGP from being used in the U.S., but they know if PGP can't be ex-
ported, it in effect renders it unusable within the U.S. as well?
  Please keep us posted in this topic on what happens in this case.

    Nutters are crazy, and we can always trust the government to tell the
    truth.  Sure.  Except that while the administration was telling us
    Clipper would remain voluntary, the FBI, NSA, and DoJ had concluded it
    must not remain voluntary.
    
    
    				-- edp
    
Public key fingerprint:  8e ad 63 61 ba 0c 26 86  32 0a 7d 28 db e7 6f 75
To find PGP, read note 2688.4 in Humane::IBMPC_Shareware.
    
    
From:	US2RMC::"[email protected]" "PRIVACY Forum" 19-AUG-1995 20:18:46.32
To:	[email protected]
    
PRIVACY Forum Digest     Saturday, 19 August 1995     Volume 04 : Issue 18

Date: 16 Aug 1995 15:57:13 
From: "Dave Banisar" <[email protected]>
Subject: FBI Files on Clipper Release

FOR RELEASE:  August 16, 1995, 2:00 p.m. EST

CONTACT: David Sobel (202) 544-9240

               FBI FILES: CLIPPER MUST BE MANDATORY

	WASHINGTON, DC - Newly-released government documents show 
that key federal agencies concluded more than two years ago that 
the "Clipper Chip" encryption initiative will only succeed if 
alternative security techniques are outlawed.  The Electronic 
Privacy Information Center (EPIC) obtained the documents from the 
Federal Bureau of Investigation under the Freedom of Information 
Act.  EPIC, a non-profit research group, received hundreds of 
pages of material from FBI files concerning Clipper and 
cryptography.

	The conclusions contained in the documents appear to conflict 
with frequent Administration claims that use of Clipper technology 
will remain "voluntary."  Critics of the government's initiative, 
including EPIC, have long maintained that the Clipper "key-escrow 
encryption" technique would only serve its stated purpose if made 
mandatory.  According to the FBI documents, that view is shared by 
the Bureau, the National Security Agency (NSA) and the Department 
of Justice (DOJ).

	In a "briefing document" titled "Encryption: The Threat, 
Applications and Potential Solutions," and sent to the National 
Security Council in February 1993, the FBI, NSA and DOJ concluded 
that:

     Technical solutions, such as they are, will only work if 
     they are incorporated into *all* encryption products.  
     To ensure that this occurs, legislation mandating the 
     use of Government-approved encryption products or 
     adherence to Government encryption criteria is required.

	Likewise, an undated FBI report titled "Impact of Emerging 
Telecommunications Technologies on Law Enforcement" observes that 
"[a]lthough the export of encryption products by the United States 
is controlled, domestic use is not regulated."  The report 
concludes that "a national policy embodied in legislation is 
needed."  Such a policy, according to the FBI, must ensure "real-
time decryption by law enforcement" and "prohibit[] cryptography 
that cannot meet the Government standard."

	The FBI conclusions stand in stark contrast to public 
assurances that the government does not intend to prohibit the use 
of non-escrowed encryption.  Testifying before a Senate Judiciary 
Subcommittee on May 3, 1994, Assistant Attorney General Jo Ann 
Harris asserted that:

     As the Administration has made clear on a number of 
     occasions, the key-escrow encryption initiative is a 
     voluntary one; we have absolutely no intention of 
     mandating private use of a particular kind of 
     cryptography, nor of criminalizing the private use of 
     certain kinds of cryptography.

 	According to EPIC Legal Counsel David Sobel, the newly-
disclosed information "demonstrates that the architects of the 
Clipper program -- NSA and the FBI -- have always recognized that 
key-escrow must eventually be mandated.  As privacy advocates and 
industry have always said, Clipper does nothing for law 
enforcement unless the alternatives are outlawed."

	Scanned images of several key documents are available via the 
World Wide Web at the EPIC Home Page:

		http://www.epic.org/crypto/ban/fbi_dox/

                              -30-

David Banisar ([email protected])        *  202-544-9240 (tel)
Electronic Privacy Information Center   *  202-547-5482 (fax)
666 Pennsylvania Ave, SE, Suite 301     *  HTTP://epic.org
Washington, DC 20003                    *  ftp/gopher/wais cpsr.org 

   [ This information should of course be a surprise to nobody who has
     followed this topic.  Such conclusions were obvious from the start, and
     various concerns regarding encryption have been made clear enough in
     past Congressional testimony and reports.  However, there is a
     considerable jump between concluding that Clipper will fail without
     legislation banning other encryption, and actually submitting such
     legislation, passing it, and having it withstand court scrutiny.

     The opposition to such an attempt would no doubt be quite dramatic, to
     put it mildly.  Since it's clear that there's really no way to stop all
     non-Clipper encryption, it seems likely that legislative efforts would
     concentrate on banning non-compliant encryption in hardware devices, in
     conjunction with the commission of crimes, and similar specified
     areas.  In the case of crimes, onerous additional penalties might be
     enacted to discourage use of such systems--just as penalties are much
     higher for committing many crimes with firearms. 

     Regardless of any "limitations" to the intended focus of such
     legislative efforts, the effect of any such moves to ban non-Clipper
     encryption could be chilling to personal privacy, industry, commerce,
     and other areas of daily life, to a degree that's difficult to
     underestimate as we pass into the true information age.

     Comments on all sides of this issue are invited.

					-- MODERATOR ]

    Yoo hoo, Bill Licea-Kane, oh seeker of truth.  What's the word for when
    two or more people communicate to commit a wrongful act?
    
    
    				-- edp
    
    
Public key fingerprint:  8e ad 63 61 ba 0c 26 86  32 0a 7d 28 db e7 6f 75
To find PGP, read note 2688.4 in Humane::IBMPC_Shareware.

       Salary-planning?

    Bahahahaha!
    <----------
    
    

Date: Tue, 15 Aug 1995 14:17:36 -0600
From: Don Henson <[email protected]>
To: [email protected]
Subject: Over 350 'Munitions T-shirts' Shipped

We have thus far shipped over 350 of the RSA/Perl Munition T-shirts. 
Orders are still pouring in. Don't be left out. Order your's today.

Now you can wear a TSHIRT that has been classified as a MUNITION by the 
US Goverment. That's right! The US International Traffic in Arms 
Regulations (ITAR) makes exporting cyrptographic materials illegal. 
ITAR further defines export as providing cryptographic information to a 
non-US/Canadian citizen even if you are inside the US at the time. 
Providing information is further defined as telling or showing 
information to a non-US/Canadian citizen. The Munitions Tshirt has a 
Perl implementation of the RSA algorithm (the one used by PGP) printed 
on the front along with a bar-code of the same algorithm.

What all the above means is that if you wear the Munitions Tshirt where 
a non-US/Canadian citizen can see it, even if it is inside the US, you 
have just exported cryptographic material (which is already freely 
available outside the US) and have become a criminal in the eyes of the 
US Government. Now you too can become an international arms dealer for 
the price of a tshirt (US$15.95 - US$19.95, depending on size) and the 
guts to wear it.

If you are a non-US/Canadian citizen, you can still own a Munitons 
Tshirt by ordering the tshirt from a source that is outside the US. The 
email response to a request for info (see next paragraph) includes full 
instructions for ordering the tshirt no matter where you live.

For more information on how to own this classic example of civil 
disobedience, just send email to [email protected] with the subject of 
'SHIRT'. (You don't have to be a US/Canadian citizen to request the 
info.) Or, if you have WWW access, just point your Web browser to:

     http://colossus.net/wepinsto/wshome.html

By the way, 25% of the profits from the sale of the tshirt (in the 
US/Canada) goes to the PHIL ZIMMERMANN LEGAL DEFENSE FUND to help 
defend the author of PGP from harassment and possible prosecution by 
the Fedgoons.

And if you get arrested for wearing the Munitions Tshirt, we'll refund 
your purchase price.  :-)

Get your Munitions Tshirt now. Who knows how long they'll stay in 
production!

Don Henson, Managing Director (PGP Key ID = 0X03002DC9)
West El Paso Information Network (WEPIN)
Check out The WEPIN Store at URL:
http://colossus.net/wepinsto/wshome.html

    Re .14:
    
    You're late.  Wore mine yesterday.  Plus I have the Perl script on a 2"
    button.  Does putting it in a pocket constitute carrying a concealed
    weapon?
    
    
    				-- edp
    
    
Public key fingerprint:  8e ad 63 61 ba 0c 26 86  32 0a 7d 28 db e7 6f 75
To find PGP, read note 2688.4 in Humane::IBMPC_Shareware.

    207.15> Does putting it in a pocket constitute carrying a concealed
            weapon?
    
    Nope, but we thought you were just glad to see us...
    

Article 28581 of alt.privacy:
From: [email protected] (Andre Bacard)
Newsgroups: alt.security.pgp,alt.privacy,alt.security,alt.journalism
Subject: Chrysler Award to Phil Zimmermann!
Organization: CRL Dialup Internet Access	(415) 705-6060  [Login: guest]
Lines: 33


Hello CyberFolks,
 
The WALL STREET JOURNAL announced that pro-privacy hero Phil Zimmermann
is a winner of the 1995 Chrysler Award. Congratulations Phil! Attached
you'll find details. Thanks to Mike Godwin of EFF for telling me this.
 
See you in the future,
Andre Bacard
======================================================================
[email protected]                    Bacard wrote "The Computer Privacy
Stanford, California                Handbook" [Intro by Mitchell Kapor].
http://www.well.com/user/abacard    Published by Peachpit Press, (800)
Enjoy your privacy...               283-9444, ISBN # 1-56609-171-3.
=======================================================================
 
                    Excerpts from WALL STREET JOURNAL
              (Full-Page Notice from Chrysler Corporation)
                        August 16, 1995, Page A9
 
"For the past three years, Chrysler Corporation has been honoring
outstanding designers. By showcasing great innovations in fields such as
graphic, interactive, product, architectural, and environmental designs,
Chrysler strives to bring well-deserved attention to those designers
whose common attribute is a passionate commitment to their vision."
 
"... Philip Zimmermann is the designer of Pretty Good Privacy (PGP), an
E-Mail encryption software. Thanks to the algorithms of PGP, which was
released to the public as free software in 1991, E-mail messages can be
sent securely all over the world without risk of interception by any
third party."
 
 

    No comment yet from the Seeker of Truth on the feds being caught in a
    deception.  Guess he's still busy digging that tunnel.
    
    
    				-- edp
    
    
Public key fingerprint:  8e ad 63 61 ba 0c 26 86  32 0a 7d 28 db e7 6f 75
To find PGP, read note 2688.4 in Humane::IBMPC_Shareware.

Gee, thousands (millions?) of computer users out there already have PGP...
we'll have to ban it so they won't have it anymore!

DUH, I'm from the government, and I'm here to help you.

    
    You post a document about FBI, DoJ, and NSA position on cryptography.
    
    So should I therefore conclude that pineapple bombs exist?????
    
    								-mr. bill

    Re .20:
    
    > So should I therefore conclude that pineapple bombs exist?????
    
    Sometimes you feel like a nutter.  Sometimes you don't.
    
    
    				-- edp
    
    
Public key fingerprint:  8e ad 63 61 ba 0c 26 86  32 0a 7d 28 db e7 6f 75
To find PGP, read note 2688.4 in Humane::IBMPC_Shareware.

    <== Funniest note ever written by edp, with the sole exception of the
    explanation of his p_name.

       
       > Funniest note ever written by edp
       
       You must have missed his Moderator's Fiat, which was far funnier. 
       Of course, on that occasion he apparently didn't intend to be
       funny.

    
    > Moderator's Fiat

    >You must have missed his Moderator's Fiat
    
     Apparently.

"Government is simply asserting its right to read private communications." 

Think this is an interesting quote?  It was made by a Justice Department 
attorney in an interview in which he advocated implimenting the Clipper Chip 
and the outlawing of any other kind of encryption or similar function device.

This is from private e-mail, I haven't seen the article.

The source is Lan Times, August 28, 1995. Cover story, "Big Brother on the 
Net?" by R. Scott Raynovich. The quote itself appears on page 19, where the 
story is continued from the front cover.

A government with rights... hmm, interesting concept, wonder what country
he's talking about?

               <<< Note 207.26 by DEVLPR::DKILLORAN "Danimal" >>>


> "Government is simply asserting its right to read private communications." 
>
> Think this is an interesting quote?  It was made by a Justice Department 
> attorney in an interview in which he advocated implimenting the Clipper Chip 
> and the outlawing of any other kind of encryption or similar function device.

Can someone please post the whole article, or at least verify the quote and
post the name of the attorney?  I'd like to send a letter to this person.

                   <<< Note 207.26 by DEVLPR::DKILLORAN "Danimal" >>>
    
    
    > "Government is simply asserting its right to read private
    communications." 
    >
    
    
    Similarly, down here in Oz the govt. wouldn't allow digital phones with
    uncrackable scramblers. The police decided it was in our best interests
    to be able to tap any mobile communication.
    
    
    
    	

    AP 11 Jan 96 21:34 EST V0928
    
    Copyright 1996 The Associated Press. All rights reserved.
   
    SAN FRANCISCO (AP) -- A software writer won't be prosecuted for a
    program he wrote that was put on the Internet and is now widely used by
    computer users to keep their communications secret, the government said
    Thursday. 
   
    Philip Zimmermann's Pretty Good Privacy encryption program turns
    computer messages into a jumble of numbers and letters unreadable to
    anyone except the intended recipient. 
   
    The code is so unbreakable that it is classified as munitions under the
    Arms Export Control Act, making its export without a license a felony. 
   
    Federal prosecutors began investigating Zimmerman in 1993 after the
    program appeared on the Internet global computer network. Zimmerman
    said that others put it there, not him. 
   
    The government opposes export of cryptographic technology for fear it
    will make it harder to monitor electronic communications overseas, and
    domestic law enforcement agencies are concerned such programs could
    keep them from eavesdropping on digital conversations. 
   
    U.S. Attorney Michael J. Yamaguchi announced the decision not to
    prosecute Zimmerman, but didn't say why. If convicted, Zimmermann would
    have faced 51 months in prison. 
   
    "I'm just really pleased that the sword of Damocles is not over me
    anymore and I wonder why it took so long," Zimmermann said in a phone
    interview from his home in Boulder, Colorado. 
   
    "This is not just for spies anymore. It's for the rest of us. The
    information age is here. The rest of us need cryptography to conduct
    our business." 
   
    The case had been closely watched as computer users and the government
    square off over free speech and privacy rights. 
   
    Some critics contended it was foolish of the government to claim that
    Zimmerman had broken the law because the same coding information
    forbidden for export electronically may be shipped abroad in print
    form. They also noted that the technology already circulates throughout
    the world, making the law unenforceable. 
   
    "Zimmermann never exported Pretty Good Privacy, so the U.S. Attorney
    seemed to be missing the point. Unfortunately there still is no clear
    ruling from our government as to whether or not making software
    available on the Internet counts as exporting it," said Simson
    Garfinkel, who wrote a book about the program. 
   
    Zimmerman's supporters argued that without encryption, government could
    do widespread eavesdropping, perhaps for political reasons, scanning
    for words and phrases it considers subversive. They acknowledge that a
    few criminals may use programs like PGP to hide out in cyberspace, but
    believe that concern is outweighed by free speech and privacy rights. 
   
    "The case was part of the government effort to crack down on good
    technologies for privacy. We hope the government's decision signals a
    rethinking of federal policy in this very important area," said Marc
    Rotenberg of the Electronic Privacy Information Center in Washington,
    an on-line civil rights watchdog group. 
   
    Others see the 2 1/2-year investigation of Zimmermann as intimidation. 
   
    "It seems to me is that all the U.S. Attorney is saying is that they
    don't want the public relations nightmare of prosecuting Philip
    Zimmermann, but they still want everyone scared so that they won't
    exercise their Constitutional rights," Garfinkel said. 
   
    ------
   
    Pretty Good Privacy is available on the World Wide Web at
    http://www.epic.org/privacy/tools.html

    
    
    Zimmermann oughta start yanking his own chains and try to sue...
    

    
    	How would that relate, if at all, to a PGP NOTES file that can
    	be accessed by people from both sides of the Atlantic/Pacific?
    

    Anybody know how much Zimmerman spent in defending himself?

    -- Dave

    
    I don't have a number, but he had to stop work for over 2 years, and
    spent thousands on the lawyers (although many hours were pro bono).
    
    	skip

    Student breaks highest-level encryption code U.S. allows exported
    
    Associated Press, 01/29/97; 23:23 
    
    SAN FRANCISCO (AP) - It's the most secure encryption code the United
    States allows to be exported - and it took a graduate student only 3
    hours to break it, industry officials said Wednesday. 
    
    ``It shows you that any kid with access to computers can crack this
    kind of cryptography,'' said RSA Data Security Inc. spokesman Kurt
    Stammberger, whose company had offered the challenge. ``The
    cryptography software that you are allowed to export is so weak as to
    be useless.'' 
    
    The company put its challenge on the Internet Monday, offering $50,000
    in prizes to crack various levels of encryption codes with electronic
    key lengths ranging from 40 to 256 bits. 
    
    The federal government, worried about security, has barred exports of
    codes higher than 40 bits. Devices with larger numbers of bits are
    stronger and harder to decode. 
    
    Last month, the Clinton administration began allowing companies to
    export encryption devices with 56-bit keys - but only if they have a
    way for law enforcement officials to crack the code and intercept the
    communications. 
    
    Meanwhile, Ian Goldberg, a University of California-Berkeley graduate
    student, took on RSA Data Security's challenge by linking together 250
    idle workstations that allowed him to test 100 billion possible
    ``keys'' per hour. 
    
    That's like trying every possible combination for a safe at high speed,
    and many students and employees of large companies have access to such
    computational power, the school said. 
    
    In 3 hours, Goldberg had decoded the message, which read, ``This is why
    you should use a longer key.'' 
    
    Goldberg, who won $1,000 with his effort, says the moral is clear. 
    
    ``This is the final proof of what we've known for years - 40-bit
    encryption technology is obsolete,'' the student said. 
    
    That puts software exporters in a quandary, said Stammberger. 
    
    Almost all business software now requires built-in encryption, a
    necessity for any company doing business over the Internet. 
    
    But no one will buy U.S. software that can be cracked by a student in 3
    hours, he said. 
    
    ``You're talking about the U.S. giving up its global dominance in
    software because of some outdated Cold War spy agencies,'' Stammberger
    said. ``People in the industry are pretty angry ... The market is
    enormous, literally in the hundreds of billions of dollars.'' 
    
    As of Wednesday afternoon, no one had broken any of the codes higher
    than 40 bits, Stammberger said. 

    They'd better kill the kid.  We don't want any security leaks.