24 December 1997
To: bernstein-announce@toad.com To: paul@vix.com, carl@also.media.org, gnu@toad.com To: spock@rsa.com, pol@rsa.com, baldwin@rsa.com Subject: Gilmore Publishes Strong Crypto Code Online for Authentication Date: Tue, 23 Dec 1997 12:40:43 -0800 From: John Gilmore <gnu@toad.com> [This announcement does not relate directly to the Bernstein case, but I felt the overlap of interest would be very strong. -- John] Strong Crypto Code Published Online for Authentication San Francisco, December 23, 1997 - Civil libertarian John Gilmore today published strong authentication source code on the Internet, making it available for worldwide access, despite U.S. National Security Agency attempts to restrict such software. He is publishing Domain Name System Security software that contains a complete copy of RSAREF, well-known cryptography software that is a predecessor to the DNSsafe software released in October by RSA Data Security, Inc. Mr Gilmore explains, "Internet publication of cryptography software is considered an export by the US Government, and often requires government permission under the Export Administration Regulations (EAR). But those regulations specifically exempt programs which merely prove that information is authentic (authentication), rather than hiding the information (privacy)." The export regulations were amended in 1989 to exclude authentication software. Since that time, however, the National Security Agency has been telling people privately that the exclusion only applies to ready-to-run "binary" programs. They have reportedly claimed that the regulations still require government permission to export the human-readable "source code" of authentication programs. The plain text of the regulations makes no such distinction, though; all authentication programs are exempt. Readers can obtain the software from Mr. Gilmore's web site for Domain Name System Security, at http://www.toad.com/~dnssec or at http://www.flash.net/~dnssec. Future releases will be available from the Internet Software Consortium, http://www.isc.org/bind.html. The Electronic Frontier Foundation, which Mr. Gilmore co-founded, is sponsoring a lawsuit to have the entire cryptography software export control regime overturned. In the three-year suit, Bernstein v. State, Judge Marilyn Hall Patel has invalidated export controls administered by both the State Department and the Commerce Department. She ruled they are an unconstitutional prior restraint against our First Amendment right to speak and publish about cryptography. The case is now in the Ninth Circuit Court of Appeals. Domain Name System Security: http://www.toad.com/~dnssec or http://www.flash.net/~dnssec Internet Software Consortium: http://www.isc.org RSA Data Security: http://www.rsa.com Electronic Frontier Foundation: http://www.eff.org Press Contacts: John Gilmore, Founding Board Member, EFF +1 415 221 6524, gnu@toad.com Shari Steele, Staff Attorney, Electronic Frontier Foundation +1 301 375 8856, ssteele@eff.org More press background is available at: http://www.toad.com/~dnssec/pressrel1.background.txt