Cryptome DVDs are offered by Cryptome. Donate $25 for two DVDs of the Cryptome 12-and-a-half-years collection of 47,000 files from June 1996 to January 2009 (~6.9 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of cryptome.org, cryptome.info, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org, and 23,100 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost.

Google
 
Web cryptome.org cryptome.info jya.com eyeball-series.org cryptome.cn


22 March 1998: Add more messages
21 March 1998: Add more messages
20 March 1998: Add messages

20 March 1998


Date: Thu, 19 Mar 1998 22:49:13 -0500
To: cryptography[at]c2.net
From: Will Rodger <rodger[at]worldnet.att.net>
Subject: Inter@ctive Week : PGP to be sold abroad

The theoretical has become the real.

I wrote about PGP's moves in Europe in March 1997 based on conversations's
at that year's CFP conference. After more than a year of looking around,
NAI is not licensing abroad, but selling directly.

As former NSA Counsel Stewart Baker told me this evening, "this takes
cojones."



http://www.zdnet.com/zdnn/content/inwo/0319/296341.html
By Will Rodger, Inter[at]ctive Week Online
 March 19, 1998 6:56 PM PST

Pretty Good Privacy, a computer security product long associated with
opposition to US export controls on data-scrambling exports, will be sold
outside the United States for the first time ever beginning this week,
sources at Network Associates Inc. said.

The sales initiative comes perilously close to violating US felony
prohibitions on exports of strong encryption software. But it also exposes
a gaping hole in export laws that could lead to the ultimate downfall of
the regulations themselves, observers say.

"It's yet another example of the absurdity of export controls," said Alan
Davidson, staff counsel with the Center for Democracy and Technology. "You
can't stop ideas at the border."

Powerful encryption techniques were once the province of empire-fighting
patriots like John Adams and Thomas Jefferson, spies and military officers.
For centuries they used the arcane mathematical concepts behind code making
to protect secret communiques, form new governments and win wars. But those
skills have rapidly spread to the private sector over the past 20 years,
giving companies and private citizens secure email and voice communications
over cell phones, conventional telephones and a hacker-ridden Internet.

The core conflict

At the same time, the technology that renders privacy certain in a digital
age can also hide criminal plans and conspiracies. It's for that reason
that the US government has controlled encryption exports tightly since
World War II. More recently, the Clinton Administration has forced
encryption exporters to supply spare encryption "keys" for storage with
third parties in case wiretaps are needed or forego exports in all but a
few cases.

The clear conflict between the need for personal security on one hand and
the ability to track down criminals on the other has exploded on Capitol
Hill. On one side stand civil libertarians and businesses who fear
uncontrolled police power. On the other: federal wiretappers who want
access to all electronic communications with court orders.

"Our reaction is this is something to be investigated," said Bill Reinsch,
undersecretary for export control at the US Department of Commerce. "This
case may be a ground breaker."

How PGP slipped past the Feds

To sell the controlled encryption software abroad, Pretty Good Privacy
executives last year exported copies of the software source code in book
form. Since the software went over in books, there was no violation of
export laws, they say.

Once abroad, volunteers supportive of PGP's fight to liberalize encryption
laws scanned the books into computers and converted that source code into
usable software. Had the software been shipped on floppies, by contrast,
those who exported it could have been charged with felony violations of the
law.

Executives at Network Associates' Dutch affiliate have since taken the
software and begun striking deals to sell the American-developed product
abroad - all in compliance with US laws, they say. The Commerce
Department's Reinsch isn't so sure, however. US laws prohibit not just the
export of powerful encryption technology, but re-export as well. As a
result, he says, any attempt by Network Associates' executives to export
the software from the Netherlands would be a crime punishable in a court of
law if federal lawyers could show the end product was at least 25 percent
American. Prosecution of foreign nationals could be difficult, especially
given the Netherland's disinterest in controlling strong encryption.

"Can we reach a foreign national? Sometimes we can, sometimes we can't," he
said.

Books yes, software no

Encryption advocates say there's more than a bit of irony in the Network
Associates story. For years, the government has avoided First Amendment
challenges to encryption controls by drawing distinctions between source
code in book form and software on diskettes. As long as US attorneys could
claim they would control only finished software and not books, they could
safely say their controls were constitutional.

Yet two court challenges to the regulations say that source code itself is
speech, regardless of whether it exists in books or floppy disks. By giving
safe harbor to books, attorney Cindy Cohn said, the government has
effectively reduced export controls to meaninglessness. Cohn is counsel to
Daniel Bernstein, a professor who has filed suit to publish the source code
to his encryption program "Snuffle" on the Internet.

Cohn disputed Reinsch's interpretation of regulations governing "re-export"
of encryption.

"I don't think you can take something that's protected expression at the
time it's exported and then claim that it suddenly becomes an export item
on the other side," she said. "I'm pleased that PGP is continuing to take
advantage of the obvious inconsistencies in the regulations."

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
MessageID: jLhFL5vDJkMvChIcgL5fY9XCiqxysT4b

iQA/AwUBNRHnP9ZgKT/Hvj9iEQJBzACaAgxPSxltl5LnATk1Zgwdwa+crZcAoMb7
+2AlauvlhUBTN8AW8pFxaWoy
=/f27
-----END PGP SIGNATURE-----



Date: Fri, 20 Mar 1998 17:47:08 GMT From: Adam Back <aba[at]dcs.ex.ac.uk> To: cypherpunks[at]cyberpass.net Cc: rodger[at]worldnet.att.net Subject: PGP/NAI euro-PGP re-written or not? Some commentary on Will Rodger's article: : How PGP slipped past the Feds : : To sell the controlled encryption software abroad, Pretty Good Privacy : executives last year exported copies of the software source code in book : form. Since the software went over in books, there was no violation of : export laws, they say. : : Once abroad, volunteers supportive of PGP's fight to liberalize encryption : laws scanned the books into computers and converted that source code into : usable software. Had the software been shipped on floppies, by contrast, : those who exported it could have been charged with felony violations of the : law. : : Executives at Network Associates' Dutch affiliate have since taken the : software and begun striking deals to sell the American-developed product : abroad - all in compliance with US laws, they say. Will appears to be claiming here that NAI is selling the actual version of the PGP 5.x code which Stale Schumacher scanned. Yet John Markoff in his NYT article reports that the version being sold was developed by Cnlab, Switzerland, from Markoff's article: ] Network Associates executives said that in developing the international ] version of PGP they took care not to violate U.S. laws. The international ] version was developed by Network Associates in Europe in partnership with ] a small group of cryptographers at Cnlab Software in Switzerland. The two stories don't sound consistent, unless I am missing something. Someone commented that PGP was licensing the right to use the PGP name to non-US companies, so perhaps this is what Will is referring to. Where as Markoff is referring to NAI europe actually selling PGP directly themselves. Some more from Will Rodger's article: : The Commerce Department's Reinsch isn't so sure, however. US laws : prohibit not just the export of powerful encryption technology, but : re-export as well. As a result, he says, any attempt by Network : Associates' executives to export the software from the Netherlands : would be a crime punishable in a court of law if federal lawyers could : show the end product was at least 25 percent American. Prosecution of : foreign nationals could be difficult, especially given the : Netherland's disinterest in controlling strong encryption. : : "Can we reach a foreign national? Sometimes we can, sometimes we : can't," he said. Really stretching things aren't they :-) Grasping at straws. If I follow the contorted logic, Reinsch is claiming that because US EAR regulations forbid re-export of crypto software, that this same regulation applies in Netherlands???? And one presumes in UK, Australia, and all the rest of the world! To follow this to it's logical conclusion, the US had better go track down all 100,000 non-US ftp sites in 100 odd countries around the world and seek extradition of their operators and users. Sheesh, this Reinsch guy has taken leave of his senses! Adam -- Now officially an EAR violation... Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U[at]{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
Date: Fri, 20 Mar 1998 13:29:02 -0500 To: Adam Back <aba[at]dcs.ex.ac.uk>, cypherpunks[at]cyberpass.net From: Will Rodger <rodger[at]worldnet.att.net> Subject: Re: PGP/NAI euro-PGP re-written or not? Adam observantly pointed out: >Will appears to be claiming here that NAI is selling the actual >version of the PGP 5.x code which Stale Schumacher scanned. Yet John >Markoff in his NYT article reports that the version being sold was >developed by Cnlab, Switzerland, from Markoff's article: > >] Network Associates executives said that in developing the international >] version of PGP they took care not to violate U.S. laws. The international >] version was developed by Network Associates in Europe in partnership with >] a small group of cryptographers at Cnlab Software in Switzerland. > >The two stories don't sound consistent, unless I am missing something. Markoff is right, Adam. I mentioned the previous publishing and scanning of PGP chiefly to show that the code is widely available. John evidently had more cooperation from company spokespeople than I; my sources could confirm only that US PGP source code went over in book form. They didn't have all the details on which copies went where nor to what extent Cnlab Software may have changed the code for the European product. They did say, however, that this was the real McCoy, straight from the US. >Some more from Will Rodger's article: > >: The Commerce Department's Reinsch isn't so sure, however. US laws >: prohibit not just the export of powerful encryption technology, but >: re-export as well. As a result, he says, any attempt by Network >: Associates' executives to export the software from the Netherlands >: would be a crime punishable in a court of law if federal lawyers could >: show the end product was at least 25 percent American. Prosecution of >: foreign nationals could be difficult, especially given the >: Netherland's disinterest in controlling strong encryption. >: >: "Can we reach a foreign national? Sometimes we can, sometimes we >: can't," he said. > >Really stretching things aren't they :-) Grasping at straws. > >If I follow the contorted logic, Reinsch is claiming that because US >EAR regulations forbid re-export of crypto software, that this same >regulation applies in Netherlands???? And one presumes in UK, >Australia, and all the rest of the world! > >To follow this to it's logical conclusion, the US had better go track >down all 100,000 non-US ftp sites in 100 odd countries around the >world and seek extradition of their operators and users. Sheesh, >this Reincsh guy has taken leave of his senses! You're not alone in your thinking, to be sure. Here's some more stuff to think about: I asked former NSA Counsel Stewart Baker what he thought of the reexport prosecution gambit. He also thought it had a chance in court. Even more provocative: he suggested the shipment of source code itself was probably illegal since it was clearly not done as an "academic exercise." The presence of checksums at the bottom of each page, he said, only strengthened his argument against an academic exception for the source code. I suppose he would argue the software PGP ships in order to make the scanning go more smoothly is questionable, too. Will Rodger Voice: +1 202-408-7027 Washington Bureau Chief Fax: +1 202-789-2036 Inter[at]ctive Week http://www.interactiveweek.com A Ziff-Davis Publication http://www.zdnn.com PGP 5.0: 584D FD11 3035 0EC2 B35C AB16 D660 293F C7BE 3F62 PGP 2.6.2: D83D 0095 299C 2505 25FA 93FE DDF6 9B5F
Date: Fri, 20 Mar 1998 14:13:30 -0500 To: Adam Back <aba[at]dcs.ex.ac.uk> From: Declan McCullagh <declan[at]well.com> Subject: Re: PGP/NAI euro-PGP re-written or not? Cc: cypherpunks[at]cyberpass.net Will is almost certainly right on the point about the scanning. However, I'm not sure about PGP executives shipping the book overseas. PGP's executives have told me they did no such thing. -Declan At 17:47 +0000 3/20/98, Adam Back wrote: [snipped]
Date: Fri, 20 Mar 1998 16:34:14 -0800 (PST) From: Declan McCullagh <declan[at]well.com> To: Adam Back <aba[at]dcs.ex.ac.uk> cc: cypherpunks[at]cyberpass.net Subject: Re: Nand0 articles (Re: PGP confusing and conflicting reports!) The situtation is even more interesting than I thought. I have Reinsch on the phone right now. Will report back later this weekend, or maybe in an article on Monday. --Declan
Date: Sat, 21 Mar 1998 17:09:12 -0800 To: cypherpunks[at]cyberpass.net From: Tim May <tcmay[at]got.net> Subject: Prediction: NAI will issue a "Clarification" about PGP from Europe At 4:34 PM -0800 3/20/98, Declan McCullagh wrote: >The situtation is even more interesting than I thought. I have Reinsch on >the phone right now. Will report back later this weekend, or maybe in an >article on Monday. --Declan I look forward to hearing what these "interesting" items are. I'm going to go out on a limb and make a prediction:  The European version of PGP, wherever it came from and however it got to Europe, will not see wide release. A few copies may already have been sold (the Hannover announcement said sales would "begin" this past Friday...I sort of doubt this was accurate). But widespread availability will not happen. We have seen similar "in your face, NSA!" announcements in the past. The RSA chip that a Japanese chip company planned to export from Japan, and that RSA President Jim Bidzos held up triumphantly in front of  Congress. The Elvis product from Russia that Sun was going to sell. Well, that Japanese RSA chip got buried Real Fast, and Elvis still has not left the building. It sure looks like both announcements provoked the predicitable jawbonings, threats, carrots, sticks, and other such things which John Young can probably better purple prose than I can. Net result: business as usual. So, Network Associates issues the Mother of All In Your Faces announcement, that freedom fighters, terrorists, mother rapers, and even Scientologists would soon be free to acquire PGP without Big Brother backdoors and without any sayso or objection from the U.S. State Department. I think that even as we are sitting here wondering what's going on, David Aaron and William Reinsch and all the other FUDders are busily doing damage control, holding out the carrots and the sticks, and ensuring that Network Associates will soon be issuing a "clarification." You heard it here. I hope I'm wrong. --Tim May Just Say No to "Big Brother Inside" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May              | Crypto Anarchy: encryption, digital money, ComSec 3DES:   408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets, Higher Power: 2^3,021,377   | black markets, collapse of governments.
Date: Sat, 21 Mar 1998 21:22:17 -0500 To: Tim May <tcmay[at]got.net> From: Declan McCullagh <declan[at]well.com> Subject: Re: Prediction: NAI will issue a "Clarification" about PGP from Europe Cc: cypherpunks[at]cyberpass.net Difference is that in the case of RSA-Japan (check netlynews.com archives for my article from Nov 96), U.S. gvt applied presssure to Japan. In Sun's case, U.S. gvt apparently applied pressure directly to the company -- which has substantial government contracts. In the end, NAI's calculation will be an economic one: are the potential benefits from selling PGP worldwide greater than the potential benefits from complying with the government's wishes? Also, what are the pressure points the gvt can use against NAI? -Declan At 17:09 -0800 3/21/98, Tim May wrote: >Well, that Japanese RSA chip got buried Real Fast, and Elvis still has not >left the building. > >It sure looks like both announcements provoked the predicitable jawbonings, >threats, carrots, sticks, and other such things which John Young can >probably better purple prose than I can.
Date: Sat, 21 Mar 1998 18:49:39 -0800 To: Declan McCullagh <declan[at]well.com> From: Tim May <tcmay[at]got.net> Subject: Re: Prediction: NAI will issue a "Clarification" about PGP from Europe Cc: cypherpunks[at]cyberpass.net At 6:22 PM -0800 3/21/98, Declan McCullagh wrote: >Difference is that in the case of RSA-Japan (check netlynews.com archives >for my article from Nov 96), U.S. gvt applied presssure to Japan. In Sun's >case, U.S. gvt apparently applied pressure directly to the company -- which >has substantial government contracts. > >In the end, NAI's calculation will be an economic one: are the potential >benefits from selling PGP worldwide greater than the potential benefits >from complying with the government's wishes? Sure, and these are no doubt the points even now being made forcefully to the honchos at NAI. "Look at what you have to lose...and what you have to gain." >Also, what are the pressure points the gvt can use against NAI? > They cannot do a frontal assault by claiming that the PGP-Europe product is illegal for NAI-Europe to sell. (They could, but it would present messy problems, and make the Bernstein-Junger-Karn cases look like the academic exercises they apparently are. Not meaning to insult B, J, or K, but no criminality is involved, and none of B, J, or K is facing serious risk. A frontal assault on NAI would be high stakes poker.) Rather, other sticks and carrots will be used: 1. They can block the merger with TIS (which might, in my view, be doing NAI a favor...). (It's even conceivable, to a paranoid like me, that the PGP-Europe thing is a bargaining chip, to ensure favorable treatment of NAI. It costs them essentially nothing to wave this red flag around, and then to fold.) 2. Prosecution of NAI or NAI personnel for the original export. I was at some of the meetings where the stacks of PGP documents, "hot off the presses," were distributed. The reliable rumor is that Federal Express envelopes were ready and waiting to be filled for shipment that night to Holland and perhaps other places in Europe. If this went before a jury of ordinary folks, it would be hard to argue that this would not be a willful act of exporting for the purpose of having a machine-executable form a short while later. 3. Witholding of contracts by the government. NAI must surely be counting on business from the government, especially with the TIS acquisition. My hunch is that the actual _sale_ of European-originated PGP products would be a tiny total amount. We could debate this, but I don't see huge sales in countries like Germany and France. It would not be surprising to me if the potential lost sales to NAI, even if the government doesn't completely boycott them, are much, much greater than the revenues from a PGP-Europe. As for your original point, about government applying pressure to Japan and to Sun, this was exactly my point. I don't see why NAI would be exempt, given their need for government contracts for Gauntlet and their fairly conventional antiviral and network security products. Guaranteeed that if NAI becomes the Champion for Sticking Big Brother in the Eye, the lost sales to the government (and its allies, who will be urged strongly not to buy from NAI) will far exceed the incremental sales gains made in Europe. (Where all the crypto-interested folks I know have already downloaded one of the many versions of PGP already floating around.) Don't get me wrong. I would _like_ to see NAI take a stand and poke a sharp stick in Big Brother's eye. I just think "cooler heads will prevail" and the PGP-Europe announcement will be modified.  One of the early signs will be back-pedalling by NAI, in coming weeks, saying the Hannover announcement was "taken out of context" (translation: NAI-Europe went off the reservation). I could of course be completely and totally and absolutely wrong. It could be that the head of NAI is actually a crypto-Cypherpunk and is even now helping Hamas and the Tamil Tigers deploy PGP through their ranks of freedom fighters. But I don't think I'm wrong. Time will tell. Probably sooner rather than later. --Tim May Just Say No to "Big Brother Inside" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May              | Crypto Anarchy: encryption, digital money, ComSec 3DES:   408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets, Higher Power: 2^3,021,377   | black markets, collapse of governments.
Date: Sat, 21 Mar 1998 22:45:33 -0500 To: cypherpunks[at]cyberpass.net From: John Young <jya[at]pipeline.com> Subject: Re: Prediction: NAI will issue a "Clarification" about PGP from Europe As minor supplement to Tim's good points: The other US crypto vendors who have agreed to GAK for their products are sure to raise hell with BXA to punish NAI and to protect their investment in GAK-compliance. It has been global free-ware PGP that has most annoyed the crypto-merchants, along with its impeccable reputation putting to shame their craven cooperation. So whacking PGP is what most unifies the corporations and the government. Then, it could very well give NAI grounds to spin off PGP to let it function at its best as an international organization in full-bore competition with USG-crippled firms. Growing hostility to USG global surveillance is sure to lead to more of an international market for a trustworthy PGP than for any American tool offered by the corporate giants working hand in hand with the USG to rig the markets. It would be great if PGP left the US for good, to thrive a borderless cosmopole. Then sell its best stuff to those of us unable to give up the fading American conceit of technological supremacy. PGP surely could do better outside the US than inside, and for certain join with excellent cryptographers who have no desire for cooking spook-poisoned American pie.
Date: Sun, 22 Mar 1998 00:12:03 -0500 To: cypherpunks[at]cyberpass.net From: Robert Hettinga <rah[at]shipwright.com> Subject: Re: Prediction: NAI will issue a "Clarification" about PGP from Europe "Telegraph, Telephone, Tell Hettinga" :-). Rumor has it (no, not from the usual suspects) that: 1. NAI bought TIS for the firewall. Think: Virus, Encryption, Firewall. Sounds like a plausible market strategy for a security software company, right? (At least until Mr. Bill puts it all into Windows '01 for Hairdryers, or something.) 2. TIS would make a good Federal Division for NAI because they're all government spook-wannabe consultants anyway, and not real crypto folks. ;-). (Don't look at *me*, look at the little bird that just shat on my sholder and flew off...) TIS can sell cryppled crypto to the Feds till the cows come home, and that's cool, because the only people who're *really* going to buy cryppleware are the Feds anyway. :-). 2a. Unless of course, NAI gets TIS out of the GAKware business altogether, which NAI seems to be waiting until after the merger to do. Remember Tiawan. In line with Duncan Frissell's "Blob" argument about the century-long declining government ownership of the global economy, US government crypto may be *really* big to some people right now, and it may even *grow*, but it has an exponentionally declining marketshare compared to the anticipated market for commercial -- read that, financial -- cryptography. A fart in a hurricane, is more like it. Quick. You're an NAI exec with a bunch of noisy shareholders and no real government contracts to speak of, even with TIS on your books. Whatcha gonna do if asked to choose between a static or marginally increasing "public" sector market and an apeshit-fucking-nuts, exploding-off-the-wallchart, rich-beyond-our-wildest-dreams private sector market?  I thought so. Isn't Occam's Razor wonderful stuff? For them keeping score of such things, it *is* the endgame, folks. Only "they're" loosing. I love that old calculation argument. Every time the Feds crank up yet another Five Year Plan to End Cryptography, I have to just laugh anymore. My nose aches from all the morning coffee in last few months which has gone through it and all over the newspaper. Wife doesn't think it's funny anymore, for some reason. Maybe because it's *her* newspaper I'm reading the back of when the Caffeine Sneeze happens? <ewwwww!> Moral: Don't strain your neck looking backward. I mean, worse than getting a pain in the neck, you could trip, fall down, and loose market share, right? Remember the (e$xcrable :-)) e$yllogism: Digital Commerce is Financial Cryptography Financial Cryptography is Strong Cryptography No Strong Cryptography, no Digital Commerce Reality, economic or otherwise, is not optional. All politics -- socialist, democratic, anarchic -- is economics. Cryptopolitics is no different. Financial cryptography is the only crypto that matters. Put *that* soft target up against the wall and shoot it. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah[at]shipwright.com), Philodox e$, 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' The e$ Home Page: http://www.shipwright.com/
Date: Sun, 22 Mar 1998 00:19:24 -0500 From: Fabrice Planchon <fabrice[at]math.Princeton.EDU> To: cypherpunks[at]cyberpass.net Subject: Re: Prediction: NAI will issue a "Clarification" about PGP from Europe X-http://www.math.princeton.edu/~fabrice/ On Sat Mar 21 1998 at 06:49:39PM -0800, Tim May wrote: > 2. Prosecution of NAI or NAI personnel for the original export. I was at > some of the meetings where the stacks of PGP documents, "hot off the > presses," were distributed. The reliable rumor is that Federal Express > envelopes were ready and waiting to be filled for shipment that night to > Holland and perhaps other places in Europe. If this went before a jury of > ordinary folks, it would be hard to argue that this would not be a willful > act of exporting for the purpose of having a machine-executable form a > short while later. Even if it was proved that the shipment was made by PGP folks, I don't see why they could be prosecuted for it. As pointed out several times, exporting a book is ok, so if you stick to the letter of the law, it's not illegal. To make it so obliges to make rather twisted argumentations. Not that it wouldn't happen, but in the end I would still have faith in the court to have common sense on the subject. > 3. Witholding of contracts by the government. NAI must surely be counting > on business from the government, especially with the TIS acquisition. This is a much bigger issue. Mc Afee is probably selling antivirus all over the place to various gvt agencies. > My hunch is that the actual _sale_ of European-originated PGP products > would be a tiny total amount. We could debate this, but I don't see huge > sales in countries like Germany and France. You won't see even one sale in France. The new crypto regulations, or more exactly the guidelines to apply the most recent law on the subject, from july 96, have just appeared, (see http://girafe.ensba.fr/iris/crypto/decrets.html for details, all in french of course) and they amount merely to a change of the wordings, and provide guidance for the set up of the trusted third parties. Absence of key escrow outlaws PGP from the beginning. > It would not be surprising to me if the potential lost sales to NAI, even > if the government doesn't completely boycott them, are much, much greater > than the revenues from a PGP-Europe. Maybe in Germany, it will create some momentum for widespead use of crypto. That is, currently that's where the most people in Europe are using PGP, and if PGP appears as a commercial product, other (presumably german) companies will start selling their own products (or, as they already have some, market them more aggressively). This is a good thing, because if say, France and Germany have opposed view on the matter, then it raises some problems at the EEC level, and restrictive laws like the french one might get striked down by the european justice court. > gains made in Europe. (Where all the crypto-interested folks I know have > already downloaded one of the many versions of PGP already floating around.) And the GNU version of pgp is developped in Germany ;-) > Don't get me wrong. I would _like_ to see NAI take a stand and poke a sharp > stick in Big Brother's eye. I just think "cooler heads will prevail" and > the PGP-Europe announcement will be modified.  One of the early signs will probably... but still, les petits ruisseaux font les grandes rivières...                       F. -- #!/usr/local/bin/perl --    -export-a-crypto-system-sig -RSA-3-lines-PERL print pack"C*",split/\D+/,`echo "16iII*o\U[at]{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`