At 07:33 PM 1/14/00 , Lucky Green wrote:
>... Though I have the feeling that it may be too soon to
>break out the champagne. AFIK, you still need to implement reverse DNS
>checks to ensure the requestor isn't a foreign government. Simplistically
>spoken, it doesn't require many pages of regs to convey that crypto can be
>legally exported. The new regs are of amazingly nested complexity. I am not
>certain a truly thorough analysis of the new regs exists at this time. [Yes,
>I read the EFF/EPIC/ACLU press release, the regs themselves, and the various
>comments on the Net].
At some point, we need to recognize that "legal" isn't defined by what the regs say, but by what they will bother to enforce and what a jury will convict. My read, purposely ignoring the fine print, is that they've capitulated. There are tons of laws on the books that are never enforced, and are routinely ignored. It seems clear to me that crypto export controls have just joined this category, and I will act appropriately. I encourage everyone to do likewise. What are they gonna do? Prosecute me in the Ninth Circuit, where current legal precedent says that I am engaging in protected speech, and where they can now only accuse me of misunderstanding the pointless fine print of an obviously confusing document? In particular, I will be posting E *without* first notifying firstname.lastname@example.org by email or otherwise. This requirement is, as always, prior restraint. What's new is that they now no longer can even think they have anything to gain by enforcing it.
When the danger goes down this far, if we don't assert our rights by potentially-civil-disobedient action, are we not cowards? As far as I am concerned, cryptographic export has simply been legalized today (modulo only the still-potentially-provocative T7 issue which I will continue to avoid stepping on).
Let January 14 be remembered as Cryptographic Freedom Day!
Cheers, --MarkM Cheers, --MarkM