Re: US Encryption Policy Change Now Official!
> >>>>> "Bear" == Bear Giles <firstname.lastname@example.org> writes:
> Bear> I think that's what the ham radio licenses are intended to
> Bear> address. Operating a ham station without a license is a
> Bear> criminal act. Some licenses require special software to
> Bear> operate, and this software has no use other than operation
> Bear> of a specific type of ham station. Therefore anyone using
> Bear> the software must be planning to operate a ham station.
> Bear> Therefore knowingly providing the software to someone
> Bear> without a suitable license is aiding the commission of a
> Bear> crime.
> This is a very, very dangerous line of reasoning. [...]
> What if definitions in different
> countries conflict? Do you take the most restrictive? The least
> restrictive? The middle ground?
AFAIK, all countries focus on the issue I emphasized in my original post.
Compilers that can compile arbitrary programs are safe. Browsers
that display arbitrary images are safe. Sure, they can be used to
produce hacking tools or view pornography, but that's not their
But an application which has no legitimate purpose, e.g., a program
that extracts the PIN number from an ATM card, may be considered a
criminal tool and the author might face legal difficulties. (BTW,
you shouldn't be able to do that anymore, but it was possible when
ATM machines operated in a stand-alone mode and had to rely on the
information on the card.) The ham radio license issue isn't as
clear cut since it has a legitimate use, but that use is dependent
upon a government license. So many people would argue it's a prudent
There are a few exceptions to this interpretation. Nuclear and
biological weapons technology, for instance. The risks are so
high that all "dual use" technology is presumed to be intended for
the production of weapons of mass destructions unless proven
Encryption and authentication technology also falls under this
umbrella, although to a far lesser extent since sometimes you want
the other side to "accidently" get your secrets. The PALs used
to control nuclear weapons are a classic example - it's better
to quietly share that information than risk a rogue agent gets a
nuke with a simple on/off switch.
The last time I checked no Debian package was used in the production
of weapons of mass destruction, so the usual "does any other
legitimate purpose for this software exist?" question should be
Sure, it's possible that some country, somewhere, would still
take offense at the package. But if it's not unreasonable, so
what? Will you be extradicted halfway around the world for it?
Will that country launch a military intervention to retrieve you
by force? Will you ever step foot in that country?