dmr@research.UUCP (09/17/84)
As has been said, there is indeed a special "International Edition" of System V that differs from the ordinary system in that it lacks the crypt command, the encrypting features of ed and vi, and the encrypt entry of crypt (3). The crypt entry, which is used for passwords, is there, as is the underlying DES algorithm. Here's how it happened. About a year ago, I got mail from Armando Stettner saying basically, "Do you know of any problems with exporting crypt? Our lawyers [at DEC] are worried about it." I replied that such worries were utterly unfounded for a variety of sensible reasons. Now, as it has turned out, DEC was very justified in worrying about export controls in general; they have recently been fined (I think) $500,000 for the Vaxen that almost got sent to Russia. I conjecture that the earliest stages of this or a similar incident were already in progress and they were trying to be extra careful when they learned about crypt. At any rate, the DEC lawyers communicated their fears to AT&T, and the AT&T lawyers, equally cautious, sought government advice. The problem, you see, is that cryptographic materials are under export control. There is a thing called the Munitions Control Board that worries not only about machine guns going to Libya, but also about the crypt command going to England. In practice, the enforcement is done by the Commerce department. AT&T had a meeting with Commerce, the MCB, and NSA. The upshot was that they decided it would be simplest all around just not to export the crypt command. The gov't would almost certainly have granted the license, but (probably wisely) AT&T decided it wasn't worth the hassle. In technical terms, the situation is ludicrous. The encrypt subroutine is distinguished mainly by the excruciating care I took to make it an exact transcription of the algorithm published in the Federal Register, and by its slowness. NBS, the caretaker of DES standardization, is explicit that software implementations cannot be certified, so in that sense encrypt is not "real" DES. The underlying subroutine is still there, only the simple command that uses it is missing. So there is actually nothing to protect, and even if there were, it's not protected. Nevertheless, in the present situation we officially don't need an export license, whereas with the crypt command we would. In political terms, AT&T probably could have done better. Conservative and careful, they called a big meeting at which no one could possibly have put forward anything but official positions about encryption programs. Private checking with well-placed people in the appropriate agencies might well have done the job. But who knows? Dennis Ritchie
dwight@timeb.UUCP (Dwight Ernest) (09/18/84)
> ...DEC was fined $500,000 (I think) ... because of the two VAXen that > almost got to Russia... As I heard it recently, the fine was going to be lessened IF DEC did NOT make any further export control violations within a specified period (I think it was six months). So the fine (?) will probably come out to be a whole lot less than it would/could have been. Regards, -- --Dwight Ernest KA2CNN \ Usenet:...vax135!timeinc!dwight Time Inc. Editorial Technology Group, New York City Voice: (212) 554-5061 \ Compuserve: 70210,523 \ EIES: 1228 Telemail: EDPISG/TIMEINC \ MCI: DERNEST
ron@brl-tgr.ARPA (Ron Natalie <ron>) (09/19/84)
Ah, C'mon. $500,000 is a trivial fine for DEC (when you consider that is the price of just one VAX system). Their big concern is that their export operations were halted as a result. -Ron
jcp@brl-tgr.ARPA (Joe Pistritto <jcp>) (09/19/84)
DEC loses more money due to the incompetance of their billing dept. than any small number of 0.5Mill fines. (Really, I recently left a company that bought a $120K Vax 11/750 system and wasn't even BILLED for it for OVER a year after delivery, (even after we called and TOLD them about it)) I'm sure the more serious part of the problem was that the Commerce Dept. now goes over every item of serious computer equipment they export with a fine tooth comb. (Has anyone noticed that almost ALL of these seizures are of DEC equipment??) Maybe we'll get lucky and the Russians will steal all the antiquated minis (like Vaxes), and leave the Pyramids and Goulds for the rest of us... -JCP-