w8sdz@WSMR-SIMTEL20.ARMY.MIL (Keith Petersen) (03/27/90)
Well folks, we have a new development - it seems the latest PKWare ZIP/UNZIP version 1.10 cannot be distributed on the international networks (Internet, Usenet, BITNET, EARN, etc), because it contains data encryption technology. Federal law prohibits the export of such technology from the USA and Canada. PKWare does have an export version without the data encryption but that disables one of the features that we badly need in software distribution - data file validation. See the docs in PKZ110.EXE for details. You'll have to get the file from your favorite BBS. By the way, you might tell your BBS Sysop that he or she may be in trouble if the BBS has callers from countries other than the USA and Canada and they download PKZ110.EXE. The same goes for CompuServe and GEnie. It's interesting to note that if the Japanese add DES encrytion to their LHarc program we could IMPORT it from Japan but we could not EXPORT it from the USA or Canada. --Keith
sks@mentor.cc.purdue.edu (Jeff Smith) (03/28/90)
In article <KPETERSEN.12576936709.BABYL@WSMR-SIMTEL20.ARMY.MIL> w8sdz@WSMR-SIMTEL20.ARMY.MIL (Keith Petersen) writes: >Well folks, we have a new development - it seems the latest PKWare >ZIP/UNZIP version 1.10 cannot be distributed on the international >details. You'll have to get the file from your favorite BBS. This is very distressing news for those of us who have no modem! Would it be o.k. if someone mailed me the uuencoded file? Dan Schikore sks@mentor.cc.purdue.edu
w8sdz@WSMR-SIMTEL20.ARMY.MIL (Keith Petersen) (03/28/90)
> From: bkirby@cs.umr.edu (Bill Kirby) > To: w8sdz@wsmr-simtel20.army.mil > Re: PKZIP version 1.10 > > I just finished reading your post to comp.sys.ibm.pc and I am a bit > confused. Doesn't v1.02 (as well as PKPAK v3.61) contain data > encryption technology? These programs are readily available on the > net. Has there been some major revision to the encryption technology > between v1.02 and v1.10? I have been trying to download v1.10 from > PKWARE BBS and had planned on making it available via anonymous FTP. > However, the BBS has been EXTREMELY busy these past few days and I > have yet to obtain it. Bill, it is true that PKWare's PKPAK, SEA's ARC, and NoGate's PAK all contain encryption technology. It may become necessary for SIMTEL20 and other Internet hosts in USA and Canada to delete these programs from public download areas. Taken to the extreme, all BBS operators in USA and Canada may be inviting legal trouble by offering ANY program which encrypts or decrypts data if there is any chance that someone from another country might call and download the file. This is a real can of worms which I intend to let others resolve. It may take some federal legislation to resolve this. I will do whatever I am instructed to do by the management of SIMTEL20. For the present time this means that PKZ110.EXE will not be available here and the other archivers may suddenly disappear from our directories. Drastic changes may be required in the PC-Blue directories as well. We may be forced to go to LHarc because it does not have file encryption/decryption. Keith -- Keith Petersen Maintainer of SIMTEL20's MSDOS, MISC & CP/M archives [IP address 26.2.0.74] Internet: w8sdz@WSMR-SIMTEL20.Army.Mil, w8sdz@brl.mil BITNET: w8sdz@NDSUVM1 Uucp: {ames,decwrl,harvard,rutgers,ucbvax,uunet}!wsmr-simtel20.army.mil!w8sdz
dank@eng.umd.edu (Daniel R. Kuespert) (03/28/90)
In article <KPETERSEN.12577135477.BABYL@WSMR-SIMTEL20.ARMY.MIL> w8sdz@WSMR-SIMTEL20.ARMY.MIL (Keith Petersen) writes: >Bill, it is true that PKWare's PKPAK, SEA's ARC, and NoGate's PAK all >contain encryption technology. It may become necessary for SIMTEL20 >and other Internet hosts in USA and Canada to delete these programs >from public download areas. Taken to the extreme, all BBS operators >in USA and Canada may be inviting legal trouble by offering ANY >program which encrypts or decrypts data if there is any chance that >someone from another country might call and download the file. > >This is a real can of worms which I intend to let others resolve. >It may take some federal legislation to resolve this. Does the Gov't (Federal Trade Commission?) bar transfer of _all_ data encryption programs across the US border? I knew of the proscription against exporting software which implements the Data Encryption Standard algorithm, but a ban on all data encryption software could easily reach ludicrous heights. After all, ROT13 encoding is a simple Caesar cipher, so by one interpretation of such a ban, rn, tr, awk, sed, and lots of other standard programs implement data encryption. The Snefru one-way hash function recently released by Xerox (?) is another, more significant development; since it's been incorporated into the comp.sources.unix program validator, that code could easily have left the US already. Daniel R. Kuespert, Grand Curmudgeon of the Poo-Bah Lodge Chemical Process Systems Laboratory University of Maryland, College Park, MD dank@eng.umd.edu
tt3x@vax5.cit.cornell.edu (03/28/90)
In article <KPETERSEN.12576936709.BABYL@WSMR-SIMTEL20.ARMY.MIL>, w8sdz@WSMR-SIMTEL20.ARMY.MIL (Keith Petersen) writes: > Well folks, we have a new development - it seems the latest PKWare > ZIP/UNZIP version 1.10 cannot be distributed on the international > networks (Internet, Usenet, BITNET, EARN, etc), because it contains > data encryption technology. Federal law prohibits the export of such > technology from the USA and Canada. > > PKWare does have an export version without the data encryption but > that disables one of the features that we badly need in software > distribution - data file validation. See the docs in PKZ110.EXE for > details. You'll have to get the file from your favorite BBS. > > By the way, you might tell your BBS Sysop that he or she may be in > trouble if the BBS has callers from countries other than the USA and > Canada and they download PKZ110.EXE. The same goes for CompuServe and > GEnie. > > It's interesting to note that if the Japanese add DES encrytion to > their LHarc program we could IMPORT it from Japan but we could not > EXPORT it from the USA or Canada. > > --Keith I think it is just plain stupid that there is even a law prohibiting products with data encryption algorithms to be exported out of the US. Imagine the effectiveness of such a law in the real world? By god, I bet that the people who we are trying to supposedly keep the software out of could get it in a snap. I mean, they could call practically anyonone in the US (even underground bulletin boards) and get say a copy of PC Tools or whatever the new version of PKZIP is. Bobby Li
ts@uwasa.fi (Timo Salmi LASK) (03/28/90)
>In article <KPETERSEN.12576936709.BABYL@WSMR-SIMTEL20.ARMY.MIL>, w8sdz@WSMR-SIMTEL20.ARMY.MIL (Keith Petersen) writes: >> Well folks, we have a new development - it seems the latest PKWare >> ZIP/UNZIP version 1.10 cannot be distributed on the international >> networks (Internet, Usenet, BITNET, EARN, etc), because it contains >> data encryption technology. Federal law prohibits the export of such >> technology from the USA and Canada. ... deleted ... >> By the way, you might tell your BBS Sysop that he or she may be in >> trouble if the BBS has callers from countries other than the USA and >> Canada and they download PKZ110.EXE. The same goes for CompuServe and >> GEnie. ... deleted ... This may spell serious trouble for the net community, since the US federal law does not apply in Europe. The US and international lawyers may be in for a field day (yet again). And, when are the superpowers including USA and Canada going to realize that the flow of information is not easily controllable in the modern free word. Or are all the telephone lines from Europe to all US and Canadian BBSes going to be cut or monitored. What are you going to do, when the version with encryption is distributed in Europe, as it is bound to. When SEA sued Phil, the symphaties of the community (mine included) were with Phil. But now Mr Katz and US stipulations are causing serious strife. This is very unfortunate, indeed. ................................................................... Prof. Timo Salmi (Moderating at anon. ftp site 128.214.12.3) School of Business Studies, University of Vaasa, SF-65101, Finland Internet: ts@chyde.uwasa.fi Funet: gado::salmi Bitnet: salmi@finfun
frisk@rhi.hi.is (Fridrik Skulason) (03/28/90)
In article <KPETERSEN.12577135477.BABYL@WSMR-SIMTEL20.ARMY.MIL> w8sdz@WSMR-SIMTEL20.ARMY.MIL (Keith Petersen) writes: >We may be forced to go to LHarc because it does not have file >encryption/decryption. What a stupid, stupid situation. DES programs are already available from other countries, so anyone can easily obtain one of them. However, I am permitted to send a copy of them to anybody, but if they were uploaded to a FTP site in the US, it would have to restrict the access to them - not allowing anybody outside the US to download a copy. This is just as stupid as not allowing the export of US-assembled PCs to countries like Bulgaria a few years back - considering the fact that Bulgaria assembled its own PCs at the time.... By the way - I have the following DES programs available: PC-DES by Bernd Fix - 'Charityware' or 'Shareware'. A bit slow, but does the job. F-DES - A very fast implementation, written in assembler. I was originally planning to include this in my F-PROT anti virus package, but decided to leave it out, as the distribution of the package might otherwise be restricted. Anyhow - I will distribute it as Freeware as soon as I have had the time to comment the code and write some instructions. Send me a note if you would like a copy when it is ready. -- Fridrik Skulason University of Iceland | Technical Editor of the Virus Bulletin (UK) | Reserved for future expansion E-Mail: frisk@rhi.hi.is Fax: 354-1-28801 |
buck@granite.cr.bull.com (Ken Buck) (03/28/90)
In article <1990Mar28.080100.27077@uwasa.fi> ts@uwasa.fi (Timo Salmi LASK) writes: >>In article <KPETERSEN.12576936709.BABYL@WSMR-SIMTEL20.ARMY.MIL>, w8sdz@WSMR-SIMTEL20.ARMY.MIL (Keith Petersen) writes: [stuff re: PKZIP, etc. deleted] This is just a thought, but... the Federal law (which I am *NOT* claiming to know in any detail) supposedly restricts EXPORT of data encription technology. If you load PKZIP, etc. on a public network, you haven't transferred the data TO anyone (it's just sitting there on your disk). If someone from netland across the borders decides to copy it, well, you did nothing ACTIVE to facilitate it. Is this a loophole? Of course, if the law says 'you can't make the stuff AVAILABLE to foreign countries', that's different, since even the act of making the data >reachable< breaks this one. Of course, the whole concept is ludicrous anyway, since if the unspecified foreign "bad guys" want data encription technology, they're certainly not about to disassemble PKZIP and reverse engineer the thing - trust me, they've already obtained it by other methods (for example, maybe they even thought it up THEMSELVES! now *that's* a novel concept, Mr. US Government!)
umcarls9@ccu.umanitoba.ca (Charles Carlson) (03/28/90)
In article <3726.261001b4@vax5.cit.cornell.edu> tt3x@vax5.cit.cornell.edu writes: > I think it is just plain stupid that there is even a law prohibiting >products with data encryption algorithms to be exported out of the US. >Imagine the effectiveness of such a law in the real world? By god, I bet >that the people who we are trying to supposedly keep the software out of >could get it in a snap. I mean, they could call practically anyonone in the >US (even underground bulletin boards) and get say a copy of PC Tools or >whatever the new version of PKZIP is. > >Bobby Li I agree! I was just about to post an article on it when I saw yours. I don't understand it either. If some foreign power wanted it, all they would have to do is walk into any one of 1000's of computer stores across the U.S. and Canada and pick up a copy of PC Tools or what have you. I do understand laws prohibiting the export of computer equipment, but hardware is a bit different for one big reason, it can't be copied! <well, you know what I mean!> All you need is _ONE_ copy of something that has data encryption, and you suddenly have as many copies as you need. Each piece of hardware desired has to be exported...although much harder than software<which can even be sent via modem if need be>, hardware probably isn't that big of a deal for them either. Maybe someone in the know can shed some light on this seemingly silly law?? Charles
sks@mentor.cc.purdue.edu (Dan Schikore) (03/29/90)
In article <1990Mar28.144418.832@ccu.umanitoba.ca> umcarls9@ccu.umanitoba.ca (Charles Carlson) writes: >In article <3726.261001b4@vax5.cit.cornell.edu> tt3x@vax5.cit.cornell.edu writes: >> I think it is just plain stupid that there is even a law prohibiting Well, I've found pkz110.exe to be available via anonymous ftp from grape.ecs.clarkson.edu in directory /f/uploads. I'm not sure how long it will be there, but for now, get it while you can. Dan Schikore sks@mentor.cc.purdue.edu
rspangle@jarthur.Claremont.EDU (Randy Spangler) (03/29/90)
Okay, I think we all can agree that the law is rather silly in this case. What we need now is a way to distribute PKZIP 1.10 to all of us with no idea what BBS's are in our area codes. (is there an ftp-able list somewhere?) I mean, at worst there should be a way to set up a mail server that will check the address to make sure it's in the US. At the least, does anyone know a BBS in the 714 area code that has 1.10? Or can someone mail me a UUENCODED copy? -- -------------------------------------------------------------------------- | Randy Spangler | The less things change, the | | rspangle@jarthur.claremont.edu | more they remain the same | --------------------------------------------------------------------------
sigma@pawl.rpi.edu (Kevin J Martin) (03/29/90)
In article <5544@jarthur.Claremont.EDU> rspangle@jarthur.Claremont.EDU (Randy Spangler) writes: >Okay, I think we all can agree that the law is rather silly in this case. I think what the government has in mind is not too bad, but the law is, I'll agree, hopelessly unenforceable. The official DES was developed by some or another branch of the Government (DoD?), and they supposedly use it in some form or another for classified material and whatnot. It may also be illegal to publish detailed information on the algorithm - I'm not sure. If they really wanted to develop an encryption standard that would have any chance of remaining domestic, though, it was a very bad idea to release it into the US PDomain! Connectivity is too great for that, these days. Technology transfer can be instantaneous. >What we need now is a way to distribute PKZIP 1.10 to all of us with no >idea what BBS's are in our area codes. (is there an ftp-able list somewhere?) I've seen copies of "compleat" BBS lists monthly in various places, but I've never paid enough attention to remember exactly where. >I mean, at worst there should be a way to set up a mail server that will >check the address to make sure it's in the US. This is virtually impossible. Even a mailserver which intelligently understood suffixes in addresses (accepting, perhaps, .ca and .us) would have difficulty deciding about .edu and .com addresses. Actually, it may not be possible to get those outside of the US; I don't know. But what about mail through relays? Like NSFNet-Relay.AC.UK or similar addresses? What about UUCP addresses? You could never guarantee that you weren't mailing the file across either ocean. >At the least, does anyone know a BBS in the 714 area code that has 1.10? >Or can someone mail me a UUENCODED copy? I don't know about 714 or any other area code, for that matter. But, as someone pointed out, there are two copies of PKZIP 1.10 at grape.ecs.clarkson. edu, in /f/uploads - one is disguised as PKZ101.EXE and the other is PKZ110.EXE and they seem to be the same. I doubt the files will stay there for any length of time now that someone has recently pointed them out... > -------------------------------------------------------------------------- >| Randy Spangler | The less things change, the | >| rspangle@jarthur.claremont.edu | more they remain the same | > -------------------------------------------------------------------------- By the way, does anyone know why many video games these days have a briefly displayed screen which says "Illegal to export outside US and Canada"? What sort of technology could a video game (for which most of the electronics are built in Taiwan or Japan, anyway) contain that would compromise natinal (national) security? The more I think about it, the funnier it seems. Kevin Martin sigma@pawl.rpi.edu
cramer@optilink.UUCP (Clayton Cramer) (03/29/90)
In article <3726.261001b4@vax5.cit.cornell.edu>, tt3x@vax5.cit.cornell.edu writes: > In article <KPETERSEN.12576936709.BABYL@WSMR-SIMTEL20.ARMY.MIL>, w8sdz@WSMR-SIMTEL20.ARMY.MIL (Keith Petersen) writes: # # Well folks, we have a new development - it seems the latest PKWare # # ZIP/UNZIP version 1.10 cannot be distributed on the international # # networks (Internet, Usenet, BITNET, EARN, etc), because it contains # # data encryption technology. Federal law prohibits the export of such # # technology from the USA and Canada. # # # # It's interesting to note that if the Japanese add DES encrytion to # # their LHarc program we could IMPORT it from Japan but we could not # # EXPORT it from the USA or Canada. # # # # --Keith # # I think it is just plain stupid that there is even a law prohibiting # products with data encryption algorithms to be exported out of the US. # Imagine the effectiveness of such a law in the real world? By god, I bet # that the people who we are trying to supposedly keep the software out of # could get it in a snap. I mean, they could call practically anyonone in the # US (even underground bulletin boards) and get say a copy of PC Tools or # whatever the new version of PKZIP is. # # Bobby Li Want to hear REAL stupid? A few years back, I was selling a low-end data encryption program for PCs (it was a multiple rotor style of encryption with a few interesting twists). I got an inquiry from the Norwegian Consulate in San Francisco. I wasn't sure if it would be legal to sell it or not, and since at least one order was sold to a company near NSA HQ at Fort Meade, I thought someone might be watching. So I called the Dept. of Commerce, and asked if it was legal to sell such a program to an employee of a foreign government's diplomatic service in the U.S.. "Sure. You just can't sell it outside the U.S. and Canada." Morons. Utter morons. -- Clayton E. Cramer {pyramid,pixar,tekbspa}!optilink!cramer Politicians prefer unarmed peasants. Ask the Lithuanians. ---------------------------------------------------------------------------- Disclaimer? You must be kidding! No company would hold opinions like mine!
hstroma@hubcap.clemson.edu (a concerned citizen ...) (03/29/90)
My .02 worth: It is my understanding that PKZip 1.10 uses the same encryption method as 1.0x and 0.92. This algortihm is not the DoD DES algorithm and as such is not covered by the export restriction (a very silly law in my opinion) Disclaimers (aka flame retardant) 1) I have not yet got PKZ 1.1 (I'm off to grape next). If it uses DES, all bets are off 2) The law, as I understand it, only prohibts foreign distribution of products using the DES algorithm. This, I think, is confirmed by the fact that PC Tools 5.x notes in the docs that the US/Canadian version uses DES and may not be exported. The "foreign" version uses a different, "less secure" and incompatable encryption algorithm. If distribution of _any_ encryption technology was prohibitted, they couldn't legally do this. -Hepburn Stroman -hstroma@hubcap.clemson.edu -or- hepburn@cs.clemson.edu -Spell checkers? Who needs 'em? (Rhetorical, as above amply proves)
ted@helios.ucsc.edu (Ted Cantrall) (03/29/90)
This whole idea is absurd! If these encryption routines are so valuable to foreign persons, our borders are so open, that they would just come here on "vacation" and buy them! (or have their embassy buy them and send them in a diplomatic pouch) In other words, the bad guys get them before we do. ------------------------------------------------------------------------------- ted@helios.ucsc.edu | "If I get any phone calls while I'm gone, (408)459-2110 | just don't answer them." -------------------------------------------------------------------------------
news@haddock.ima.isc.com (overhead) (03/29/90)
In article <X+G#*D$@rpi.edu> sigma@pawl.rpi.edu (Kevin J Martin) writes: >agree, hopelessly unenforceable. The official DES was developed by some or >another branch of the Government (DoD?), and they supposedly use it in some >form or another for classified material and whatnot. It may also be illegal Actually, I believe that DES is not used for classified material; it's too easy to crack. If I remember correctly, DES was _limited_ to an algorithm that various government agencies would be able to decrypt quickly when "necessary".
sigma@pawl.rpi.edu (Kevin J Martin) (03/29/90)
OK, due to the questionable legality or safety of obtaining the new version of PKZip from incoming directories at FTP sites, I'm going to (hold my breath and) offer to mail the file to North American users during the next seven days only. It's a self-extracting executable, uuencoded, and I make no guarantees about it other than to swear it's the same version I've been using all day with no problems. The compression improvements I've obtained have been minimal, to say the least, but it seems a little quicker, and it's certainly improved overall, I'd say. Send a mail request to sigma@pawl.rpi.edu before April 4th. Be warned; the file is 200K uuencoded. While we're on this subject, can anyone who's had direct contact with the PK-BBS verify that ZIP files created with the new version are backwards compatible with PKZ1.02? It seems reasonable, considering how many variables are involved in implosion, that the new version is just more accurate in its selections, but it'd be nice if we could be sure it's reasonable to move to the new version without worrying about stranding un-updated users. Please note that I highly recommend registering this product! Kevin Martin sigma@pawl.rpi.edu Please, North American sites only!
bakke@plains.UUCP (Jeffrey P. Bakke) (03/29/90)
In article <2170@darkstar.ucsc.edu> ted@helios.ucsc.edu (Ted Cantrall) writes: >This whole idea is absurd! >If these encryption routines are so valuable to foreign persons, our >borders are so open, that they would just come here on "vacation" and buy >them! (or have their embassy buy them and send them in a diplomatic pouch) >In other words, the bad guys get them before we do. >------------------------------------------------------------------------------- >ted@helios.ucsc.edu | "If I get any phone calls while I'm gone, >(408)459-2110 | just don't answer them." >------------------------------------------------------------------------------- I just got a copy of Pkzip 1.10 from the signetics BBS, its a 800 number. I can't believe that they would worry about having it on the network. As far as I can tell, the so called "security" problem that is caused is because of a data verification algorithm which you means you can zip up a program and include your company and name and a special serial number which becomes encoded inside the zip file. When you unzip, it then checks to make sure that your files haven't been modified. Basically it protects against unauthorized modifications and possible trojan modifications. Also, not just anyone can use this feature, you must register your copy in order to receive a serial number that will function correctly with the authorization function. And, you can only get this version in the U.S and Cananda. Jeff Bakke bakke@plains.NoDak.edu Also, the t
d89-bfr@sm.luth.se (d89-bfr) (03/29/90)
In article <1990Mar28.144418.832@ccu.umanitoba.ca> umcarls9@ccu.umanitoba.ca (Charles Carlson) writes: <In article <3726.261001b4@vax5.cit.cornell.edu> tt3x@vax5.cit.cornell.edu writes: <> I think it is just plain stupid that there is even a law prohibiting <>products with data encryption algorithms to be exported out of the US. <> <>Bobby Li Indeed, aren't you right? Possibly the most stupid law I've heard of. At least it's on my top ten list. <I agree! I was just about to post an article on it when I saw yours. <I don't understand it either. If some foreign power wanted it, all they would <have to do is walk into any one of 1000's of computer stores across the <U.S. and Canada and pick up a copy of PC Tools or what have you. Or, as now is the case. Try some ftp:ing. The programs are available on many ftp sites and also from various BBS:s < <I do understand laws prohibiting the export of computer equipment, but hardware <is a bit different for one big reason, it can't be copied! <well, you know <what I mean!> All you need is _ONE_ copy of something that has data <encryption, and you suddenly have as many copies as you need. <Each piece of hardware desired has to be exported...although much harder <than software<which can even be sent via modem if need be>, hardware <probably isn't that big of a deal for them either. Hmm. You have a point, but people outside the U.S. and Canada are inventive too. As well as people can buy the program, they can invent an algorithm of their own. That's true for hardware too. By the way. Why was there no fuzz about PKZIP 1.02? It has an encryption facility as well. At least my copy has. Note that I'm NOT American and I'm not living there either. Did I break some law? I highly doubt it. I even got my copy from a European BBS. < <Maybe someone in the know can shed some light on this seemingly silly law?? < <Charles Unfortunately not. _ /Bjorn.
sigma@pawl.rpi.edu (Kevin J Martin) (03/29/90)
In article <3930@plains.UUCP> bakke@plains.UUCP (Jeffrey P. Bakke) writes: >I just got a copy of Pkzip 1.10 from the signetics BBS, its a 800 number. >I can't believe that they would worry about having it on the network. > >As far as I can tell, the so called "security" problem that is caused is >because of a data verification algorithm which you means you can zip up >a program and include your company and name and a special serial number >which becomes encoded inside the zip file. When you unzip, it then >checks to make sure that your files haven't been modified. Basically >it protects against unauthorized modifications and possible trojan >modifications. >Also, not just anyone can use this feature, you must register your copy >in order to receive a serial number that will function correctly with >the authorization function. And, you can only get this version in >the U.S and Cananda. >Jeff Bakke >bakke@plains.NoDak.edu No, I don't think you've got it quite right. The DES algorithm, as I understand it, is used by the password feature of PKZip, which allows you to enter a password with which to encrypt your ZipFile. It's purely coincidental (perhaps?) that the reduced exportable version does not offer the serial number feature, although I'll admit it is possible that such a feature would also employ the same DES code. What you say about the data verification algorithm is correct, but that is typically done through a 32-bit (in this case) CRC, not the DES algorithm. Once again, I'm offering a uuencoded copy of PKZ110.EXE (with instructions on uudecoding and downloading) to anyone who I can verify as a North American (non-Mexican? do they cover that?) mail address. Offer expires Wed 4/4/90. A few e-mail comments (accompanied by whole-hearted requests, I might add) have made me uneasy about this situation, absurd as that might seem. Could we discuss the legalities? Considering how recent Secret Service busts seem to hold BBS operators entirely responsible for anything their users may do, I wonder if, along the same lines, I could be responsible for not accounting for the possibility of, say, the "Russkies" tapping an Ethernet wire in rural Ohio and intercepting my mail?! It's all so ludicrous anyway, so why not? Kevin Martin sigma@pawl.rpi.edu
d89-bfr@sm.luth.se (d89-bfr) (03/29/90)
In article <5544@jarthur.Claremont.EDU> rspangle@jarthur.Claremont.EDU (Randy Spangler) writes: >I mean, at worst there should be a way to set up a mail server that will >check the address to make sure it's in the US. And that would be extremely safe, wouldn't it? Suppose this is done now. I want to get a file from some ftp site that checks my address. It says I can't get it. What do you think I do if I really want it? Just stop there? Nope. I write to some friend of mine in America. Saying "Hi. I've tried to copy this program, but I can't get it. Can you sent it to me?" Some moralist may say it's breaking the law, but so is speeding, and people do it all the time. Besides speeding can cause the death of people. Copying this program can, at most, give some paper moving desk chauffeur a red face. > >-- > -------------------------------------------------------------------------- >| Randy Spangler | The less things change, the | >| rspangle@jarthur.claremont.edu | more they remain the same | > -------------------------------------------------------------------------- _ /Bjorn.
d89-bfr@sm.luth.se (d89-bfr) (03/29/90)
In article <X+G#*D$@rpi.edu> sigma@pawl.rpi.edu (Kevin J Martin) writes: >I think what the government has in mind is not too bad, but the law is, I'll >agree, hopelessly unenforceable. The official DES was developed by some or >another branch of the Government (DoD?), and they supposedly use it in some >form or another for classified material and whatnot. It may also be illegal >to publish detailed information on the algorithm - I'm not sure. If they >really wanted to develop an encryption standard that would have any chance >of remaining domestic, though, it was a very bad idea to release it into the >US PDomain! Connectivity is too great for that, these days. Technology >transfer can be instantaneous. > So the idea isn't too bad, is it? I think it is. Just look at the situation. The law says (If I'm not misinformed, which I might of course be), that this kind of software is available for every US or Canadian citizen living in US or Canada, but not to anyone else. Is that right? How can anyone imagine that such a law will prevent anything. And prevent what? What is the purpose of this law? To make sure that other nations can't encrypt data? In such case I think it'd be a good idea for someone to visit a psyciatrist. Or is it to make sure that other nations can't decrypt data of importance for America? Stupid too. Data that is so important shouldn't be encrypted by systems available as shareware. Believe me when I say that there are people IN America who can cause lots of damage too. And for them it's allowed. >By the way, does anyone know why many video games these days have a briefly >displayed screen which says "Illegal to export outside US and Canada"? What >sort of technology could a video game (for which most of the electronics >are built in Taiwan or Japan, anyway) contain that would compromise natinal >(national) security? The more I think about it, the funnier it seems. I've heard reasons for this, but it's so silly I certainly hope it's not true. Most of those video games are WAR-games. So. Someone thought that for example "Enemy nation fighter pilots" may increase their skill in combat with help of these games. Or learn how US aircrafts behave. Well. As I said. I certainly hope this isn't true. > >Kevin Martin >sigma@pawl.rpi.edu _ /Bjorn
d89-bfr@sm.luth.se (d89-bfr) (03/29/90)
In article <2170@darkstar.ucsc.edu> ted@helios.ucsc.edu (Ted Cantrall) writes: >This whole idea is absurd! >If these encryption routines are so valuable to foreign persons, our >borders are so open, that they would just come here on "vacation" and buy >them! (or have their embassy buy them and send them in a diplomatic pouch) >In other words, the bad guys get them before we do. Or how about THIS? People outside America CAN invent their own encryption algorithms. Maybe even better algorithms than the ones available in shareware programs. Shock and horror. Can this really be possible? >------------------------------------------------------------------------------- >ted@helios.ucsc.edu | "If I get any phone calls while I'm gone, >(408)459-2110 | just don't answer them." >------------------------------------------------------------------------------- _ /Bjorn
ts@uwasa.fi (Timo Salmi LASK) (03/29/90)
In article <393@sigma3.sm.luth.se> <d89-bfr@sigma3.sm.luth.se> writes: >In article <2170@darkstar.ucsc.edu> ted@helios.ucsc.edu (Ted Cantrall) writes: >>This whole idea is absurd! If nothing else PKWARE certainly has managed here a fabulous publicity stunt for pkzip. As I've said earlier, when SEA sued PKWARE the symphaties of the community were on Mr Katz's side. Once is understandable. But isn't Mr Katz's product beginning to look suspiciously controversy prone. ................................................................... Prof. Timo Salmi (Moderating at anon. ftp site 128.214.12.3) School of Business Studies, University of Vaasa, SF-65101, Finland Internet: ts@chyde.uwasa.fi Funet: gado::salmi Bitnet: salmi@finfun
eichi@forty2.UUCP (Stefan Eichenberger) (03/29/90)
In article <390@sigma3.sm.luth.se> <d89-bfr@sigma3.sm.luth.se> writes: >By the way. Why was there no fuzz about PKZIP 1.02? It has an >encryption facility as well. At least my copy has. Note that I'm NOT >American and I'm not living there either. Did I break some law? I >highly doubt it. I even got my copy from a European BBS. Well, as we understand it here in Europe, you not only have broken US law, but american security services even claim the right to get hold of you, kill you if necessary, or at least kidnap you and present you to a american courtyard. No, this is not a joke, but was seriously debated by the Bush administration, and to my understanding is now US law. Thats the arrogancy of a superpower! Thats how they understand peace and freedom! -- ---------------------------------------------------------------------------- UUCP: ...mcvax!cernvax!forty2!eichi Stefan Eichenberger BITNET: K807817@CZHRZU1A University of Zurich ----------------------------------------------------------------------------
hartnegg@sun1.ruf.uni-freiburg.de (Klaus Hartnegg) (03/29/90)
In article <KPETERSEN.12576936709.BABYL@WSMR-SIMTEL20.ARMY.MIL>, w8sdz@WSMR-SIMTEL20.ARMY.MIL (Keith Petersen) writes: > Well folks, we have a new development - it seems the latest PKWare > ZIP/UNZIP version 1.10 cannot be distributed on the international > networks (Internet, Usenet, BITNET, EARN, etc), because it contains > data encryption technology. Federal law prohibits the export of such > technology from the USA and Canada. The older version (1.02) did also contain encryption. Why was it no problem to distibute this one? By the way, what encryption technique does pkzip use ? I just looked into manual.doc of pkz110.exe. It says nothing about it. P.S. It's no problem at all to get pkz110 from overseas :-) although I'm not sure, wether the archive is ok (length is 149504) I think it will distribute quickly so there should be no need for simtel to use LZH instead of ZIP. ---------------------------------------------------------------- Klaus Hartnegg | hartnegg@ruf.uni-freiburg.dbp.de | for future expansions Bitnet: HAKL@DFRRUF1 | ----------------------------------------------------------------
elund@pro-graphics.cts.com (Eric Lund) (03/30/90)
In-Reply-To: message from w8sdz@WSMR-SIMTEL20.ARMY.MIL > Well folks, we have a new development - it seems the latest PKWare > ZIP/UNZIP version 1.10 cannot be distributed on the international > networks (Internet, Usenet, BITNET, EARN, etc), because it contains > data encryption technology. Federal law prohibits the export of such > technology from the USA and Canada. I just received the new version and anxiously read the postings in light of the PKZIP/LHARC arguments. I did some personal benchmarking (very, very innacurate but it proves a point), and found the new ZIPPER to be slightly (A guess: 8%?) faster with DEcompression, no change in compression (compared to 1.02) and a very, very, small decrease in archive size. (50 bytes off a 30k archive. eh!) However, the self-extraction scheme seems to have been vastly improved, with greatly reduced file overhead, and the need for only ONE program to convert it. (ZIP2EXE is necessary, MAKESFX or whatever has been eliminated, as well as the file it creates.) I have yet to make LHarc comparisons, though. Question: What is the business about the "data encryption technology" garbage? What laws prevent export from the USA? Sounds like BS to me. >%^( Eric W. Lund *DISCLAIMER "Disclaimers are for weak people."* Prodigy: xcbr22b UUCP: ...crash!pro-graphics!elund *COWS FOR RENT* ProLine: elund@pro-graphics Internet: elund@pro-graphics.cts.com ** ARPA/DDN: pro-graphics!elund@nosc.mil
elund@pro-graphics.cts.com (Eric Lund) (03/30/90)
In-Reply-To: message from w8sdz@WSMR-SIMTEL20.ARMY.MIL Eric W. Lund *DISCLAIMER "Disclaimers are for weak people."* Prodigy: xcbr22b UUCP: ...crash!pro-graphics!elund *COWS FOR RENT* ProLine: elund@pro-graphics Internet: elund@pro-graphics.cts.com ** ARPA/DDN: pro-graphics!elund@nosc.mil
sigma@pawl.rpi.edu (Kevin J Martin) (03/30/90)
In article <392@sigma3.sm.luth.se> <d89-bfr@sigma3.sm.luth.se> writes: >In article <X+G#*D$@rpi.edu> sigma@pawl.rpi.edu (Kevin J Martin) writes: >>I think what the government has in mind is not too bad, but the law is, I'll >>agree, hopelessly unenforceable. > >So the idea isn't too bad, is it? I think it is. Just look at the >situation. The law says (If I'm not misinformed, which I might of >course be), that this kind of software is available for every US or >Canadian citizen living in US or Canada, but not to anyone else. Is >that right? How can anyone imagine that such a law will prevent >anything. And prevent what? What is the purpose of this law? To make >sure that other nations can't encrypt data? In such case I think it'd >be a good idea for someone to visit a psyciatrist. Or is it to make >sure that other nations can't decrypt data of importance for America? >Stupid too. Data that is so important shouldn't be encrypted by >systems available as shareware. Believe me when I say that there are >people IN America who can cause lots of damage too. And for them it's >allowed. No! I think the law is pitiful too! The problem, in my estimation, is that the government ever released the algorithm into North American public domain! It's obvious to everyone that that's totally unenforceable; I agree entirely with everything you say. It's not a bad idea for the govt. to develop a special encryption technology, but to then "publish" it is the ultimate in idiocy. >>By the way, does anyone know why many video games these days have a briefly >>displayed screen which says "Illegal to export outside US and Canada"? What >>sort of technology could a video game (for which most of the electronics >>are built in Taiwan or Japan, anyway) contain that would compromise natinal >>(national) security? The more I think about it, the funnier it seems. > >I've heard reasons for this, but it's so silly I certainly hope it's >not true. Most of those video games are WAR-games. So. Someone thought >that for example "Enemy nation fighter pilots" may increase their >skill in combat with help of these games. Or learn how US aircrafts >behave. Well. As I said. I certainly hope this isn't true. This is almost what I was afraid of. It sounds like the recent Feds busting the Steve Jackson Games' BBS and, according to dubious rumours, discovering that the GURPS CyberPunk material "may be overly useful to true hacking or phreaking in today's world." Yeah, just like people who play magic-users in D&D or such systems actually learn how to summon demons and elementals! Kevin Martin sigma@pawl.rpi.edu
kdq@demott.COM (Kevin D. Quitt) (03/30/90)
In article <5544@jarthur.Claremont.EDU> rspangle@jarthur.Claremont.EDU (Randy Spangler) writes: >At the least, does anyone know a BBS in the 714 area code that has 1.10? >Or can someone mail me a UUENCODED copy? The Signetics BBS has pkz110.exe available, at (800) 451-6644. Since I couldn't get through to PKWARE, I got it from Signetics. kdq -- Kevin D. Quitt Manager, Software Development DeMott Electronics Co. VOICE (818) 988-4975 14707 Keswick St. FAX (818) 997-1190 Van Nuys, CA 91405-1266 MODEM (818) 997-4496 Telebit PEP last 34 12 N 118 27 W srhqla!demott!kdq kdq@demott.com "Next time, Jack, write a God-damned memo!" - Jack Ryan - Hunt for Red October
sjl@ukc.ac.uk (S.J.Leviseur) (03/30/90)
Wha is the fuss about? I pulled the USA version of a BBS here in the UK a week ago. On past experience I would expect it to be on all the BBS here by now. I suggest if people want a copy they just look on their nearest BBS, it is pretty certain to be there. This restriction is just unenforceable and brings the law into disrepute. sean
w8sdz@smoke.BRL.MIL (Keith Petersen) (03/30/90)
ts@uwasa.fi (Timo Salmi LASK) writes: >If nothing else PKWARE certainly has managed here a fabulous >publicity stunt for pkzip. As I've said earlier, when SEA sued >PKWARE the symphaties of the community were on Mr Katz's side. Once >is understandable. But isn't Mr Katz's product beginning to look >suspiciously controversy prone. Perhaps I didn't make myself clear. File encryption is also done in SEA's ARC and NoGate's PAK archivers. They are subject to the same law which prohibits exporting encryption devices or programs from the USA or Canada. Keith -- Keith Petersen Maintainer of SIMTEL20's MSDOS, MISC, & CP/M archives [IP address 26.2.0.74] Internet: w8sdz@WSMR-SIMTEL20.Army.Mil, w8sdz@brl.mil BITNET: w8sdz@NDSUVM1 Uucp: {ames,decwrl,harvard,rutgers,ucbvax,uunet}!wsmr-simtel20.army.mil!w8sdz
leemc@csri.toronto.edu (Matthew Lee) (03/30/90)
In article <^KG#L#_@rpi.edu> sigma@pawl.rpi.edu (Kevin J Martin) writes: > >A few e-mail comments (accompanied by whole-hearted requests, I might add) >have made me uneasy about this situation, absurd as that might seem. Could >we discuss the legalities? Considering how recent Secret Service busts seem >to hold BBS operators entirely responsible for anything their users may do, >I wonder if, along the same lines, I could be responsible for not accounting >for the possibility of, say, the "Russkies" tapping an Ethernet wire in rural >Ohio and intercepting my mail?! It's all so ludicrous anyway, so why not? Yes, if I were you I'd secure the movie rights as soon as possible :-) Seriously speaking, I have yet to see a posting of the "letter of the law" regarding this situation. While I'm sure we are *all* unanimous in our commdemnation of what appears to be an idiotic law, IMHO we should establish without question that PKZIP 1.10 is indeed affected by this restriction, and then ascertain what constitutes a violation of said law. Then we can decide whether to write our local congressman/MP/whatever or maybe that a lot of noise is being made over nothing. By the way Kevin, thanks for so promptly sending me the new PKZIP, I'll chip in a few bucks for your legal defense fund :-) Matthew Lee leemc@csri.toronto.edu
sigma@pawl.rpi.edu (Kevin J Martin) (03/30/90)
In article <12458@smoke.BRL.MIL> w8sdz@wsmr-simtel20.army.mil (Keith Petersen) writes: >Perhaps I didn't make myself clear. File encryption is also done in >SEA's ARC and NoGate's PAK archivers. They are subject to the same >law which prohibits exporting encryption devices or programs from the >USA or Canada. > >Keith Petersen Whoa! Are you saying that the law in question prohibits the export of ANY encryption hardware/software?! That's insane! Well, we can just throw all our nifty programs like UUEncode/UUDecode, Rot13, and the like out the window! How about a Norwegian-to-English dictionary like the one I used to have at home? Isn't that an "encryption" tool? Or any program, say, which takes source code and converts it to object code? I can just see it - cc(1V) will have to be removed from the net... Now, if we could only convince them that Ada qualifies! ( :-) :-) ;-) ) Does anyone know which law we're talking about? I'm going to subscribe to sci.crypt and misc.legal, and consider asking in those forums. It seems more ridiculous at every turn. For example, my man page says that crypt, which uses a variant of the 'German enigma' system (am I allowed to say that without fear of prosecution? Probably not...), is not included on software shipped out of the U.S. - no mention of Canada or DES. On the other hand, makekey, which does use a DES-type system (I'm not familiar with DES details, I admit), clearly says it uses DES, but has no restriction mentioned! Yeah, I know, man pages are never uptodate or entirely accurate, but...? Kevin Martin sigma@pawl.rpi.edu North Americans, get PKZip 1.10 from me - offer expires 4/4/90.
Nagle@cup.portal.com (John - Nagle) (04/10/90)
With the coming revisions to the export control laws, it is probably time to lobby Congress for the removal of this stupid restriction. IF anyone follows this issue, please post, and let us know where and to whom to write. Incidentally, you can import crypto gear into the US without any restrictions. Most non-superpowers get their crypto gear from Hagelin Crypto AG, Zug, Switzerland. John Nagle
root@kunivv1.sci.kun.nl (Privileged Account) (04/12/90)
In article <28753@cup.portal.com> Nagle@cup.portal.com (John Nagle) writes: > Incidentally, you can import crypto gear into the US without any >restrictions. Most non-superpowers get their crypto gear from >Hagelin Crypto AG, Zug, Switzerland. > > John Nagle If you import this gear into the US, can you send it back for repair? Or would that be considered illegal export of crypto hardware? Just curious. Hans Mulder hansm@cs.kun.nl