(This is all tangential to the main issue of this thread and just
discussing internet history - skip as you wish...)
On Mon, Sep 27, 2021 at 2:14 PM Marek Szuba <marecki@gentoo.org> wrote:
>
> I am no expert on US law but from what I have read (in many different
> sources, with me having begun using PGP in either late 1996 or early
> 1997 i.e. when it was still very much subject to US export restrictions)
> about this case, both the publishing of the source-code book and it
> having subsequently been taken out of the country has been legal - the
> former due to publishing the first amendment
Well, based on the little I know of US export controls, I doubt that
being in book form vs some other form really has any bearing in
principle.
HOWEVER, I think it was probably done specifically as a challenge to
the constitutionality of the law. Ie, the argument would be that it
ought to be legal to take the source code out in any form. By doing
it via a formally published book though they take away all the "exotic
internetness" out of the equation and this way all the 60 year old
judges (in the 90s) who might get involved are forced to confront it
as suppression of book distribution. In principle though I think most
of us would agree that there is no difference in sharing information
no matter the way in which it is conveyed. It was probably their hope
that if it did go to court any ruling that secured the right to
distribute via book could then be leveraged against other modes.
I'm guessing that it was never challenged in court precisely for this
reason. US export controls cover the communication of information via
any mode:
https://www.bis.doc.gov/index.php/policy-guidance/deemed-exports If they had fought the export of this book it is quite possible that
there would have been a ruling that just finds all export controls to
be illegal. Really when you think about it any sort of restriction on
communication of classified information or whatever is going to run
into the 1st amendment. Courts are going to tend to make their
rulings on what can be restricted narrow as a result. The government
probably prefers to maintain some FUD around where those boundaries
lie, to get companies in particular to follow policies that in the end
might not be enforceable. (Note I'm not arguing that dissemination of
classified info ought to be legal, but as you move away from things
like locations of troops or blueprints of specific aircraft or
whatever, into more generic topics like entire classes of technology,
I think you're going down a slippery slope...)
The main reason that all of this went away though was that I think it
was Clinton that specifically granted an exception to cryptography
software from ITAR. The concerns were that the cat was basically out
of the bag anyway, and consumers were potentially going to be harmed
by things like web browsers getting distributed with 40-bit key
limitations. Sure, secure browsers were also probably available to
people who knew the right links to click, but do we really want
somebody reputable like Google to end up having to have a link on
their website for a non-secure version of their software, and where
the non-secure link just gives you a download, while the secure link
makes you jump through hoops to verify your location/etc? The popular
use of SSL for entering credit card info on e-commerce sites really
was what drove it IMO.
--
Rich