From msuinfo!agate!ucbvax!silverton.berkeley.edu!djb Sat Jul 31 14:01:54 1993
Path: msuinfo!agate!ucbvax!silverton.berkeley.edu!djb
From: djb@silverton.berkeley.edu (D. J. Bernstein)
Newsgroups: sci.crypt
Subject: Crypto censorship lives! The real story of export controls...
Message-ID: <3824.Jul3023.41.5593@silverton.berkeley.edu>
Date: 30 Jul 93 23:41:55 GMT
Organization: IR
Lines: 1014


``[Say] a reporter got his hands on some [USML technical data] from
a company. I don't know what company would want to put it out, but
let's suppose he did ... and he published that ... If he published
it in such a way that he knew that it would get into the hands of
foreign entities then he would be breaking the law ... Freedom of
the press doesn't give you the right to break the law knowingly.
And those reporters who do it knowingly usually do it willing to
accept the punishment for their beliefs in the First Amendment.''
---Charles Ray, Office of Defense Trade Controls

Three years ago I designed Snuffle, a simple system which converts a
one-way hash function into a cipher.

For the crime of setting Snuffle down on paper, I am an arms
manufacturer, and I must register with the State Department---or so I am
told by DTC, the Office of Defense Trade Controls. DTC also insists that
it would be a felony for me to publish Snuffle without their blessing
and approval.

My battle with the State Department has entered its second year and
continues to thicken. For many months I did not tell the story of this
battle, for I thought that the censors were reasonable men, and that
quiet negotiation would succeed while confrontation would surely fail.
I now know that I was wrong.

I intend to ensure that the law does not prohibit my publication of
Snuffle---or any other cryptographic materials I dream up.

I hereby place the ten attached documents into the public record. These
documents are far, very far, from a complete explanation of what has
occurred; the entire saga will undoubtedly fill an entire book. But they
will show you a bit of how the censors work.

---Dan

# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# 920630.cj
# 920820.cjrej
# 930319.pd
# 930326.ray
# 930402.loop
# 930520.dellums
# 930527.bryant
# 930630.rob
# 930709.rob
# 930714.dellums
#
echo x - 920630.cj
sed 's/^X//' >920630.cj << 'END-of-920630.cj'
Xedited by DJB, 930722, for the public record
Xnote that the three pages of attached Snuffle information are omitted
Xfor obvious reasons
X
X [address]
X 30 June 1992
X
XPM/DTC
XRoom 228, SA-6
XDepartment of State
XWashington, DC 20522-0602
X
XSubject: Commodity Jurisdiction Request for snuffle 5.0 software
X
XDear Sirs:
X
X My name is Daniel J. Bernstein. I would like to export the software
Xknown as ``snuffle 5.0'', described below, together with the
Xdocumentation of my ``Snuffle'' encryption system, also described below.
XIt is my understanding that the Department of State can decide to
Xtransfer jurisdiction of this software to the Commerce Department
Xthrough a Commodity Jurisdiction Procedure. I'd like that to happen. I
Xapologize in advance for any errors I may have made in this procedure;
Xif necessary you can leave a message for me at [phone], but I may
Xnot receive the message for some time. I can be reached on the Internet
Xcomputer network as [email].
X
X The Snuffle encryption system is designed to convert any one-way
Xhash function into a zero-delay private-key encryption system. This
Xmeans that it can be used, for instance, to exchange text between two
Xpeople who have previously exchanged keys, provided that it is combined
Xwith a one-way hash function. ``Zero-delay'' means that Snuffle can be
Xused for interactive conversations: each character typed by one person
Xcan be encrypted, sent to the other person, and decrypted by the other
Xperson immediately. A precise definition of Snuffle appears on the
Xattached sheet ``The Snuffle Encryption System.''
X
X snuffle 5.0 is my implementation of Snuffle. It consists of the two
XC language source files snuffle.c and unsnuffle.c, for encryption and
Xdecryption respectively. When combined with an implementation of a
Xone-way hash function, snuffle.c and unsnuffle.c can be used for various
Xapplications requiring private-key cryptography, including the example
Xabove of interactive text exchange. The files are designed to interface
Xsmoothly, with minimal effort upon the user's part, with the Xerox
XSecure Hash Function, known as Snefru 2.0, which has been distributed
Xfor free by Xerox. Complete listings of snuffle.c and unsnuffle.c are
Xattached.
X
X The three possibly controlled items which I would like to export
Xare (1) the document ``The Snuffle Encryption System,'' attached; (2)
Xthe snuffle.c source file, attached; (3) the unsnuffle.c source file,
Xattached. Snuffle and snuffle 5.0 result from fundamental research and,
Xsince last year, have been available for free to U.S. citizens within
Xthe U.S. I would like to publish these items in a widely read
Xinternational electronic conference known as ``sci.crypt'' for
Xdiscussion by the worldwide academic community.
X
X page 2
X
X The portions of snuffle.c and unsnuffle.c which actually perform
Xencryption and decryption contain just 15 lines each of C code with no
Xcryptographic technology per se. All the work is done by the one-way
Xhash function code. Similarly, the description of Snuffle is short; the
Xsystem itself does not contain appreciable complexity. In effect what I
Xwant to export is a description of a way to use existing technology in a
Xmore effective manner. I do not foresee military or commercial use of
XSnuffle by anyone who does not already have access to the cryptographic
Xtechnology contained in, e.g., the Xerox Secure Hash Function. I do
Xforesee practical use of Snuffle by those who do have such access, in
Xparticular for the purpose of interactively exchanging encrypted text.
X
X Thank you for your kind attention.
X
X Sincerely,
X
X [signature]
X
X
X Daniel J. Bernstein
END-of-920630.cj
echo x - 920820.cjrej
sed 's/^X//' >920820.cjrej << 'END-of-920820.cjrej'
Xtyped in by DJB, 930722, for the public record
X
X United States Department of State
X Bureau of Politico-Military Affairs
X Office of Defense Trade Controls
X Washington, DC 20522-0602
X
X Aug 20 1992
X
XIn reply refer to
XODTC Case: CJ 191-92
X
XYOUR LETTER DATED: June 30, 1992
X
XREQUEST FOR COMMODITY JURISDICTION DETERMINATION FOR: Snuffle
X5.0 Software
X
XAfter consultation with the Departments of Commerce, Defense and
Xother appropriate government agencies, the Department of State
Xhas determined that the referenced commodity is subject to the
Xlicensing jurisdiction of the Department of State in accordance
Xwith the International Traffic in Arms Regulations (22 CFR 120
Xthrough 130). This commodity is a stand-alone cryptographic
Xalgorithm which is not incorporated into a finished software
Xproduct. As such, it is designated as a defense article under
XU.S. Munitions List Category XIII(b)(1). Licenses issued by
Xthis office are required prior to export.
X
XHowever, once Snuffle 5.0 is incorporated into a commercial
Xsoftware product, that software may not be subject to Department
Xof State control. Software incorporating Snuffle 5.0 should be
Xthe subject of a separate commodity jurisdiction request.
X
XShould you require further assistance on this matter, please
Xcontact Maj. Gary Oncale at (703) 875-5655.
X
X Sincerely,
X
X [signature]
X
X William B. Robinson
X Director
X Office of Defense Trade Controls
X
XDaniel J. Bernstein
X[address]
END-of-920820.cjrej
echo x - 930319.pd
sed 's/^X//' >930319.pd << 'END-of-930319.pd'
Xedited by DJB, 930722, for the public record
X
X
X\nopagenumbers
X\parindent0pt
X
X
X\hskip 3in [address]
X
X\hskip 3in 19 March 1993
X
X\vskip 0.5em
X
XWilliam B. Robinson
X
XUnited States Department of State
X
XBureau of Politico-Military Affairs
X
XOffice of Defense Trade Controls
X
XWashington, DC 20522--0602
X
X\parskip 0.5em
X
XDear Mr. Robinson:
X
XI have created certain information which I would like to export.
XIt is my understanding that, under the definition in 22 CFR 121.1(a),
Xthis information is a defense article.
XNevertheless
XI do not believe that I need a license or any other approval
Xfrom the State Department for this export.
XI would greatly appreciate your prompt
Xwritten assurance that I have correctly
Xinterpreted the relevant regulations.
X
XThe remainder of this letter consists of
Xa series of specific questions.
XPlease send your responses to the above address.
XPlease include with your responses a countersigned and dated copy
Xof this letter.
X
X1. This information is published and available to the public.
XAs per the definition of ``public domain'' in 22 CFR 120.18,
Xthis information is in the public domain.
XIt is therefore my understanding from 22 CFR 125.1(a)
Xthat this information is not subject to any of the controls of
X22 CFR Subchapter M.
XIs this conclusion correct?
X
X2. In particular, it is my understanding that I am not required
Xto obtain an export license as per 22 CFR 123.1(a),
Xthat I am not required to obtain an export license as per
X22 CFR 125.2(a), and that I am not required to obtain an
Xexport license as per 22 CFR 125.3(c).
XAre these conclusions correct?
X
X3. I am not seeking a license or other approval for
Xthis export. It is therefore my understanding that
Xthe policy
Xstated in 22 CFR 126.1 is irrelevant for this export.
XIs this conclusion correct?
X
X4. I have not been granted any license or approval or exemption
Xunder 22 CFR Subchapter M, nor am I applying for any
Xlicense or approval.
XIt is therefore my understanding that the policy stated
Xin 22 CFR 126.7 is irrelevant for this export.
XIs this conclusion correct?
X
X5. Does
Xthe Department of State control
Xexports via any regulations
Xother than 22 CFR Subchapter M?
X
X6. This information does appear on the United States Munitions List.
XAs per 22 CFR 120.4, this export is
X``regulated exclusively by the Department of State.''
XIt is therefore my understanding that I do not have
Xto comply with the export regulations of other agencies,
Xsuch as the Department of Commerce, and hence that this export is lawful.
XAre these conclusions correct?
X
X7. If I do comply with all regulations outside of 22 CFR Subchapter M,
Xthen is this export lawful?
X
X8. Although I have created information which I believe to be
Xa defense article, I am not in the business of either manufacturing
Xor exporting defense articles or furnishing defense services.
X(In fact
XI would like to contribute this information to the worldwide academic
Xcommunity via this export.)
XIt is thus my understanding that I am not required to register
Xwith DTC.
XIs this conclusion correct?
X
X
X
XThank you for your kind attention.
X
X\hskip 3in Sincerely,
X
X\vskip 3em
X
X\hskip 3in Daniel J. Bernstein
X
X\vskip 1.5em
X
X\hskip 3in \underbar{Countersignature with date of receipt}
X
X\bye
END-of-930319.pd
echo x - 930326.ray
sed 's/^X//' >930326.ray << 'END-of-930326.ray'
XExcerpts from a State Department conversation
XDaniel J. Bernstein
X22 July 1993
X
XHere are some excerpts, edited for legibility, from a conversation I had
Xwith Charles Ray of the Office of Defense Trade Controls on 26 March
X1993. These excerpts are now in the public record. Please do not assume
Xthat the comments below reflect any official State Department position,
Xalthough my notes list Charles Ray as a ``special assistant'' to DTC
XDirector William B. Robinson.
X
XDots represent omissions, not pauses. DJB means me. CR means Ray.
X
XDJB: What I'm trying to understand is: Suppose somebody makes some
Xtechnical data which is a defense article, it's on the Munitions List,
Xand goes to a library. The library agrees, and puts it on their shelves.
XThen ... doesn't that make it public domain, assuming that there are no
Xcontractual problems or anything?
X
XCR: Actually, that could be argued a number of ways. But it could also
Xbe argued that if the person made something that was a Munitions List
Xitem, and particularly if they did it knowingly and they put it in a
Xpublic library where anyone has access to it, that it could be
Xconsidered a violation of the Arms Export Control Act. It would I think
Xdepend a lot on their motives for doing it.
X
XDJB: Let's just assume the worst possible motives... [At the time of
Xputting the item in several libraries] no export has gone on, so it's
Xnot possible that at that point there's any violation.
X
XCR: ... not necessarily. Again I think you'd have to look at what were
Xthe person's motives for doing it. That wouldn't necessarily make it, I
Xdon't think, public domain either, particularly if the person knew it
Xwas a U.S. Munitions List item. I think it would be looked at what was
Xthe person's motives for taking them to a library and putting them
Xthere ...
X
XDJB: The ITAR definition says that if something's published and
Xavailable at libraries open to the public, then it's public domain.
X
XCR: Yeah, I know it says that, but I think you have to use a little
Xcommon sense there. I think if someone created something that they knew
Xwas Munitions List and wanted to get around the law and took it to a
Xlibrary, I think the motivation has to be considered too.
X
XDJB: ... the definition of public domain here doesn't say the motive
Xis---
X
XCR: I think we both agree that quite often the laws aren't written so
Xthat they cover every possible thing, and that's why lawyers make so
Xmuch money ... You have to go quite often by what is intended ... I
Xthink the motive ... would have to be assessed before any decision was
Xmade ...
X
XDJB: So you're saying the State Department does care if somebody tries
Xto publish information.
X
XCR: Oh, yeah ... our job ... we're not an export control agency for
Xeconomic reasons. Basically our job is to control the flow of
Xtechnology, Munitions items, information, whatever that will affect
Xworld peace ...
X
XDJB: If something affects national security ... you're saying that
Xsomebody can't put something in a library ...
X
XCR: ... Hypothetically, if a person deliberately created a Munitions
XList item, and deliberately placed it in a public library so as to evade
Xthe restrictions ... I think that person might still find himself or
Xherself subject to certain sanctions should there be an incident of this
Xinformation falling into the hands of a foreign entity.
X
X...
X
XCR: I don't want to say he can't do it. Because we don't have thought
Xpolice, we don't have any way of being out there.
X
X...
X
XCR: That's like saying, if I go into the Pentagon and there is a
Xtop-secret document there about something that I think people ought to
Xknow, and I take it and I put it into a library, it's in the public
Xdomain. I've broken the law.
X
XDJB: Let's assume here that there's no theft going on, and there's no
Xviolation of contracts, no classified information.
X
XCR: Okay, but it's the same difference ... If I happen to write a
Xdocument or come into possession of a document that has a classification
Xor restricted dissemination mark on it and I want to get around the
Xrules, I take it and I put it in a library and anyone can read it. It is
Xpublicly accessible but it's not in the public domain. And I've broken
Xthe rules. It's the same general principle.
X
X...
X
XCR: There are no exempt groups. If you've got something that's
Xconsidered technical information covered by the Munitions List then
Xbeing a member of the press does not provide you with any sanctuary for
Xdiverting it. You can still be prosecuted.
X
XDJB: Even though we have a First Amendment which says that Congress
Xshall make no law abridging, blah blah blah, the freedom of the press,
Xof speech.
X
XCR: That freedom carries with it a responsibility to comply with the
Xexisting legislation and regulations. And the fact is that if the
Xtechnical data or information ... I don't think that's quite what the
Xfreedom-of-the-press statutes were meant to protect.
X
X...
X
XCR: ... [Say] a reporter got his hands on some [USML technical data]
Xfrom a company. I don't know what company would want to put it out, but
Xlet's suppose he did ... and he published that ... If he published it in
Xsuch a way that he knew that it would get into the hands of foreign
Xentities then he would be breaking the law ... Freedom of the press
Xdoesn't give you the right to break the law knowingly. And those
Xreporters who do it knowingly usually do it willing to accept the
Xpunishment for their beliefs in the First Amendment.
X
X...
X
XCR: You do not have an inherent right to violate the rules on
Xrestriction of flow of technology to foreigners.
X
X...
X
XDJB: What cases does this public-domain exemption actually apply to?
XWhen would some information actually, legally, enter the public domain
Xbut still be a defense article?
X
XCR: Well, the only thing I can think of, and they're no longer defense
Xarticles, is the technical data related to a lot of the software that
Xwas taken off the Munitions List.
END-of-930326.ray
echo x - 930402.loop
sed 's/^X//' >930402.loop << 'END-of-930402.loop'
Xedited by DJB, 930722, for the public record
X
X\vsize 10in
X\nopagenumbers
X\parindent0pt
X
X\hskip 3in [address]
X
X\hskip 3in 2 April 1993
X
X\vskip 0.3em
X
XWilliam B. Robinson
X
XPM/DTC, SA--6, Room 200
X
XOffice of Defense Trade Controls
X
XBureau of Politico-Military Affairs
X
XU.S. Department of State
X
XWashington, DC 20522--0602
X
X\parskip 0.35em
X
XDear Mr. Robinson:
X
XI have several questions.
XMy purpose in asking these questions is to clarify
Xmy understanding of 22 CFR Subchapter M.
XPlease send your prompt written responses to the above address.
XPlease include with your responses a countersigned and dated copy
Xof this letter.
XIf you will not be able to respond by 15 April,
Xplease immediately send to the above address
Xan estimate of when your responses will be mailed.
X
XConsider the following hypothetical situation.
XCertain information is created by a U.S. citizen.
XLet us assume that said information is a defense article
Xas per 22 CFR 121.1(a).
XAnother U.S. citizen
Xpublishes said information as part of a book.
XAs is normal in the book-publishing industry,
Xsaid book is distributed in a variety of ways not
Xconstituting export;
Xsaid book is placed on shelves at bookstores and public libraries;
Xand, eventually, said book including said information
Xis exported in a variety of ways.
X
XIn this hypothetical situation, several acts have occurred:
X(A) said creation of said information;
X(B) said distribution of said book in ways not constituting
Xexport;
X(C) said placement of said book on shelves at bookstores
Xand public libraries;
X(D) said export of said book, without State Department license
Xor approval.
X
XYes or no: Are there any conditions under which said acts (A)
Xwould be unlawful as per 22 CFR Subchapter M?
XAre there any conditions under which said acts (B)
Xwould be unlawful as per 22 CFR Subchapter M?
XAre there any conditions under which said acts (C)
Xwould be unlawful as per 22 CFR Subchapter M?
XAre there any conditions under which said acts (D)
Xwould be unlawful as per 22 CFR Subchapter M?
X
XIf the answer to any of the preceding four questions is ``yes,''
Xthen under {\it which\/} conditions would said acts be unlawful,
Xand {\it why\/}?
XIn particular, please explain exactly which regulations would
Xbe violated.
XPlease state that said acts would never be lawful
Xin this hypothetical situation, if that is the case;
Xotherwise please give reasonably broad examples where
Xsaid acts would be {\it lawful}.
X
XIn this hypothetical situation,
Xsaid information is published and available to the
Xpublic in bookstores and libraries at the time of said acts (D).
XAccording to 22 CFR 120.18, information which is published
Xand available to the public in libraries is in the
X``public domain.''
XAccording to 22 CFR 125.1(a), information which is in the
X``public domain'' is not subject to the controls of
X22 CFR Subchapter M.
XI draw the conclusion that, in this
Xhypothetical situation, said information is not subject to
Xthe controls of 22 CFR Subchapter M.
XIf there are any conditions under which said acts (D) are
Xunlawful as per 22 CFR Subchapter M,
Xplease explain exactly why said conclusion is incorrect.
XIn any case
Xplease explain the purpose of
Xthe second sentence of
X22 CFR 125.1(a).
X
XIn short:
XDoes 22 CFR Subchapter M exert prior restraint on
Xotherwise lawful publication?
XPlease state either that it does ``under some circumstances,''
Xor that it never does.
X
XOne final (unrelated) question:
XI have heard that certain cryptographic software and
Xother information,
Xdeveloped in Europe
Xby foreign persons,
Xhave been permanently imported into the U.S.
XProvided that no export or reexport occurs,
Xdoes the State Department regulate or otherwise control this import?
X
XThank you for your kind attention.
X
X\hskip 3in Sincerely,
X
X\vskip 2.5em
X
X\hskip 3in Daniel J. Bernstein
X
X\vskip 0.5em
X
X\hskip 3in \underbar{Countersignature with date of receipt}
X
X\bye
END-of-930402.loop
echo x - 930520.dellums
sed 's/^X//' >930520.dellums << 'END-of-930520.dellums'
Xedited by DJB, 930722, for the public record
X
X\nopagenumbers
X\parindent0pt
X
X\hskip 3in [address]
X
X\hskip 3in 20 May 1993
X
X\vskip 1em
X
XATTN: Andrew Henderson
X
X201 13th Street Suite 105
X
XOakland, CA 94612
X
X\parskip 0.3em
X
XDear Mr. Henderson:
X
XI have been dealing with a consistently uncooperative
Xgovernment employee who
Xhas repeatedly delayed responding to two of my letters.
XI would appreciate it if someone from the Congressman's office
Xwould be able to phone this employee and ask him to hurry up.
X
XThe employee is Clyde Bryant, phone number 703--875--6629.
XHe works in the Office of Defense Trade Controls (DTC)
Xinside the Bureau of Politico-Military Affairs
Xin the State Department in Washington.
X
XDTC controls the export of munitions.
XIt deals with the public all the time.
XIn particular it had previously sent me a letter
Xsaying that I had to register as an arms dealer
Xand apply for a license
Xbefore publishing certain information.
XI think it is reasonable of me to
Xask for DTC's interpretation of the relevant regulations
Xbefore I spend the money, time, and effort to
Xregister.
X
XI sent one letter 19 March
Xand the other 2 April, both by certified mail,
Xto William B. Robinson, director of DTC.
XEach letter was one page long, asking a variety of questions,
Xmostly yes-no questions,
Xabout DTC's position on certain subjects.
X
XAlthough the post office claimed to have delivered both letters
Xwithin a few days, I had an awful time verifying that they had
Xbeen received. Mr.\ Bryant was not at all helpful; he consistently
Xrefused to provide any useful information over the phone.
XA month ago I faxed the letters and, through a helpful secretary,
Xfound out that the letters had already been received and
Xwere in fact being handled by Mr.\ Bryant.
X
XIn the 2 April letter I had asked for a written estimate of when
Xa response would be mailed; neither Mr.\ Robinson nor Mr.\ Bryant
Xhas sent me such an estimate.
X
XOn 29 April Mr.\ Bryant refused to estimate how long he would
Xtake to respond to my letters; he said it would be ``at least another
Xweek.'' When I asked if he would say ``at most two weeks''
Xor ``at most a month'' he refused.
X
XOn 7 May Mr.\ Bryant stated that his office was drafting a response,
Xand that he would be ``sending it within a week.''
XMore than a week later,
Xon 17 May, Mr.\ Bryant stated that he was still working on the response.
XHe certainly knew which letters I was referring to, and certainly
Xknew how long he had been working on them, but he refused to
Xget his responses out the door.
X
XThis delay is outrageous.
XMr.\ Bryant's repeated delays have already begun to damage my career.
XThere is no conceivable reason that responding to a
Xsingle-page letter should take even a week, let alone two entire months.
XAt this point I'm not sure Mr.\ Bryant {\it ever\/} plans to
Xrespond to my letters.
XI find it obscene that a government office has time to tell me
Xto go through the pain of registration, but does not have time to
Xrespond to a page of questions about its policies.
X
XHence my request to you.
XI would greatly appreciate it if
Xsomeone in the Congressman's office could call
XMr.\ Bryant and ask that he express-mail his response
Xbefore 28 May.
X(He should recognize the phrase ``the two private
Xletters from Dan Bernstein that you have been working on.'')
XPlease let me know whether Mr.\ Bryant agrees to this
Xquite reasonable request.
XI am willing to forgive Mr.\ Bryant's failure so far---%
Xwhat is important is that he responds to the questions in
Xmy letters.
X
XThank you very much for your help.
XMy answering machine's phone number is [phone].
X
X\hskip 3in Sincerely,
X
X\vskip 4em
X
X\hskip 3in Daniel J. Bernstein
X
X\bye
END-of-930520.dellums
echo x - 930527.bryant
sed 's/^X//' >930527.bryant << 'END-of-930527.bryant'
Xtyped in by DJB, 930722, for the public record
X
X United States Department of State
X Bureau of Politico-Military Affairs
X Office of Defense Trade Controls
X Washington, DC 20522-0602
X
X May 27 1993
X
XMr. Daniel J. Bernstein
X[address]
X
XReference: CJ-191-92
X
XDear Mr. Bernstein:
X
X Reference is made to your March and April 1993 letters to this
Xoffice seeking advice with regard to hypothetically described
Xinformation. We are unable to advise you as to whether what you
Xhypothetically referred to is licensable.
X
X It would be advisable for you to send copies of the technical
Xdata at issue and a detailed explanation of its use(s) for a review
Xby the commodity jurisdiction process. Once you have initiated
Xthis process a response will be forthcoming.
X
X The Department does note, however, that on June 30, 1992, you
Xrequested a commodity jurisdiction determination for Snuffle 5.0
Xsoftware. As you are aware, on August 20, 1992, the Department
Xdetermined that the Snuffle 5.0 software is a designated defense
Xarticle under U.S. Munitions List Category XIII(b)(1) and would
Xrequire licensing. To that end, if your hypothetically described
Xinformation is pertaining to software incorporating Snuffle 5.0,
Xany type of an encryption algorithm designed for data encryption
Xand decryption or a stand-alone cryptographic algorithm to be
Xincorporated into a software product, the steps in paragraph two of
Xthis letter should be followed.
X
X Sincerely,
X
X [signature]
X
X Clyde G. Bryant, Jr.
X Chief
X Compliance and Enforcement Branch
END-of-930527.bryant
echo x - 930630.rob
sed 's/^X//' >930630.rob << 'END-of-930630.rob'
Xedited by DJB, 930722, for the public record
X
X\vsize 10in
X\nopagenumbers
X\parindent0pt
X
X\hskip 3in [address]
X
X\hskip 3in 30 June 1993
X
X\vskip 0.3em
X
XWilliam B. Robinson
X
XOffice of Defense Trade Controls
X
X\parskip 0.3em
X
XDear Mr.\ Robinson:
X
XI intend to perform certain actions which might violate the
Xregulations administered by your office.
X
X{\bf Background facts:}
XI have sent you three pages of information titled
Xsnuffle.c, unsnuffle.c, and SNUFFLE. (See CJ 191-92.) This information
Xis collectively known as Snuffle 5.0. This information is a defense
Xarticle as defined by USML XIII(b)(1). I created Snuffle 5.0 as a hobby.
XI am not in the arms business, i.e., the business of manufacturing or
Xexporting defense articles or furnishing defense services.
XAs I have stated several times I want to publish Snuffle 5.0.
X
X{\bf Previous communications:}
XIn my letters of 19 March and 2 April I sent you a total of
Xfourteen yes-no questions,
Xwith a few requests for further explanation if necessary.
XYou failed to respond in a reasonable, timely, or detailed manner.
XAfter an inquiry from Congressman Dellums,
XClyde Bryant responded,
Xin a letter dated 27 May and postmarked 1 June.
XHe failed to answer any of my questions.
X
XMr.\ Bryant's response summarizes my letters as
X``seeking advice with regard to hypothetically described information.''
XI appreciate Mr.\ Bryant's lack of ability, authority, or competence to
Xanswer hypothetical questions, but
XMr.\ Bryant's summary is incorrect.
XMost of my questions were not at all hypothetical.
XOne of my questions, for example, was whether the
XState Department regulates the import of certain
Xcryptographic software.
XI expected the response to be
X``No, the State Department does not regulate the permanent
Ximport of defense articles.''
X(1) Is the quoted statement correct?
X
X{\bf What I intend to do:}
XI will not register with DTC.
XI will publish Snuffle 5.0 without any license from DTC.
XI will never again ask DTC whether any particular item
Xis a defense article, and I will not apply for any license
Xfrom DTC.
X
XI asked you on 19 March whether I am required to register.
XI expected the answer to be ``If indeed you are not in
Xthe arms business, then you are not required to register.''
X(2) Does ITAR require me to register?
X
XLike any other publication, my publication of Snuffle 5.0
Xwill necessarily entail export.
XI asked you on 2 April whether any particular aspects
Xof such an act would be unlawful.
XI expected the answer to be ``No'' in each case.
X(3) Does ITAR prohibit the unlicensed publication of Snuffle 5.0?
X
XI have published many thousands of pages of information and
XI will publish many more.
XI see no reason to waste the time to determine
Xwhether I am publishing defense articles.
XNor do I see any reason to submit any of
Xmy information to DTC censorship.
XUnfortunately your office appears to have the policy
Xthat ITAR does require prior review and licensing for some publications.
XI asked you on 2 April whether ITAR exerts prior restraint
Xon otherwise lawful publication.
XOnce again:
X(4) Does ITAR exert prior restraint on otherwise lawful publication?
X
X{\bf Procedural issues:}
XIn my letter of 19 March I asked that you
Xinclude a countersigned and dated copy of
Xmy letter with your response.
XMr.\ Bryant failed to do so.
XPlease rectify this failure by including,
Xtogether with your response to this letter,
Xcountersigned and dated copies of
Xmy letter of 19 March, my letter of 2 April, and this letter.
X
XIn my letter of 2 April I asked that
Xyou immediately send me an estimate of when you would
Xbe able to respond to my questions.
XYou failed to do so.
XAs my questions in this letter are repetitions of
Xquestions which I asked you three months ago,
XI see no reason that your response should take more than
Xa day to prepare.
XPlease tell me {\it now\/} how long your response
Xto this letter will take to prepare.
X
XI demand that you make a good-faith attempt to answer
Xmy questions in a timely and informative manner.
XI need to know whether your regulations
Xprohibit my publication of information.
XUntil now your office has neither confirmed nor denied
Xmy understanding of the law.
XYou have achieved your apparent goal of censorship
Xby leaving me in fear that I {\it might\/} be committing a crime.
XSuch behavior is unacceptable in a free society.
X
X\hskip 3in Sincerely,
X
X\vskip 2.3em
X
X\hskip 3in Daniel J. Bernstein
X
X\vskip 0.3em
X
X\hskip 3in \underbar{Countersignature with date of receipt}
X
X\bye
END-of-930630.rob
echo x - 930709.rob
sed 's/^X//' >930709.rob << 'END-of-930709.rob'
Xtyped in by DJB, 930722, for the public record
Xnote that I have not yet seen the original copy of this letter
X
X United States Department of State
X Bureau of Politico-Military Affairs
X Office of Defense Trade Controls
X Washington, DC 20522-0602
X
X [undated, in the copy faxed to me]
X
XMr. Daniel J. Bernstein
X[address]
X
X
XDear Mr. Bernstein:
X
X I am writing in reference to your letter of June 30. I
Xregret the previous delays in responding to your other letters
Xand your apparent dissatisfaction with the content of our
Xresponses. Below, I will try to address your questions and the
Xpoints you have raised as specifically as possible.
X
X First: The Department of State regulates the permanent
Xexport, temporary export, and temporary import of defense
Xarticles. Permanent imports of defense articles, governed by
Xthe U.S. Munitions List, into the United States are regulated
Xby the Department of the Treasury (27 Code of Federal
XRegulations or CFR 47, 178, and 179).
X
X Second: As you noted the information known as Snuffle 5.0
Xhas been determined, under the Commodity Jurisdiction (CJ)
Xdetermination process, to be a defense article (any item or
Xtechnical data designated in sec. 121.1 of the Internatiomal [sic]
XTraffic in Arms Regulations (ITAR). The fact that you created
XSnuffle 5.0 as a hobby does not in itself exempt you being a
Xmanufacturer of defense articles as defined in the ITAR. U.S.
Xlaw requires both manufacturers and/or exporters of U.S.
Xdefense articles, related technical data or furnishers of
Xdefense services to register with the Department of State.
XBased on the information you have provided to this office, it
Xappears that you should register. The ITAR specifies the very
Xfew exceptions in which registration is not required. I am
Xenclosing a copy of the ITAR and a registration package for
Xyour reference and use. (Please note that registration does
Xnot confer any export rights or privileges, although it is a
Xprecondition to the issuance of any license or other approvals
Xfor defense exports.)
X
X -2-
X
X Third: A license issued by the Office of Defense Trade
XControls is required for the export of unclassified technical
Xdata unless the export is excepted from the licensing
Xrequirements of Part 125 of the ITAR. Information which is in
Xthe "public domain" (see secs. 120.11 and 125.4(b)(13) of the
XITAR), for example, is not subject to those controls. It would
Xappear, however, that Snuffle 5.0 is not in the "public domain"
Xas defined in the ITAR. Under the provisions of 22 CFR 127.1,
Xit is unlawful to export or attempt to export from the United
XStates any defense article or technical data or to furnish any
Xdefense service for which a license or written approval is
Xrequired without first obtaining the required license or prior
Xwritten approval from this office.
X
X For the reasons above, Mr. Bryant of this office advised
Xyou that if your hypothetical article pertains to software
Xincorporating Snuffle 5.0, or any type of encryption algorithm
Xdesigned for data encryption and decryption or a stand-alone
Xcryptographic algorithm to be incorporated into a software
Xproduct, you should submit it for a CJ determination in the
Xsame manner that you submitted the request on Snuffle 5.0 in
X1992.
X
X I trust that this letter and its enclosures provide the
Xinformation that you have requested and need to take proper
Xaction regarding your stated intentions.
X
X
X Sincerely,
X
X [unsigned, in the copy faxed to me]
X
X William B. Robinson
X Director
X
XEnclosures:
X Registration package
X International Traffic in Arms Regulations (ITAR)
END-of-930709.rob
echo x - 930714.dellums
sed 's/^X//' >930714.dellums << 'END-of-930714.dellums'
Xedited by DJB, 930722, for the public record
X
X\nopagenumbers
X\parindent0pt
X
X\hskip 3in [address]
X
X\hskip 3in 14 July 1993
X
X\vskip 1em
X
XATTN: A. A. Henderson
X
X201 13th Street Suite 105
X
XOakland, CA 94612
X
X\parskip 0.3em
X
XDear Mr. Henderson:
X
XLet me express my sincere gratitude
Xto you and to Congressman Dellums for your
Xletter of 24 May to Richard A. Clarke of the State Department.
X
XI am pleased to report that, in a letter dated 27 May and postmarked
X1 June, Clyde Bryant responded to my letters from March and April.
XUnfortunately he did not answer a single one of my questions,
Xbut I sent a followup letter on 30 June to William Robinson,
Xwho did respond in a timely fashion to
Xsome of my questions.
X
XPlease note that the State Department is engaging in unconstitutional
Xcensorship of material which I privately developed and which I wish to
Xpublish.
XWhat you are witnessing is a battle over the First Amendment.
XI believe that
XMr. Bryant was reluctant to respond to my questions because he knows that
Xhis office is acting in violation of the Bill of Rights.
XBoth Mr. Bryant and Mr. Robinson failed to answer
Xthis question: ``Does ITAR exert prior restraint on
Xotherwise lawful publication?''
X
XEnclosed for your records are copies of the letters I sent in March and
XApril, a copy of Mr. Bryant's response, a copy of my followup
Xletter, and an unofficial copy of Mr. Robinson's response.
X(As I am currently on vacation I have not seen
Xthe original of Mr. Robinson's response,
Xbut he also faxed it to me,
Xand I have enclosed a copy of the fax.)
X
XThank you again for your help.
X
X\hskip 3in Sincerely,
X
X\vskip 4em
X
X\hskip 3in Daniel J. Bernstein
X
X\bye
END-of-930714.dellums
exit