[wordup] Please Make Stable NON-US Homes for Strong Crypto Projects

[Adam Shand]

for those that aren't in the open source / free software community
freshmeat is one of the big places where new software is announced.  they
run editorials occasionaly when someone has something to say.

adam.

From: http://freshmeat.net/articles/view/298/

Please Make Stable NON-US Homes for Strong Crypto Projects
by John Gilmore, in Editorials
Thursday, September 20th 2001 00:00 EDT

"We freedom-loving U.S. citizens have had to rely on the freedom-loving
citizens of saner countries to do the work of making strong encryption for
many years. We had a brief respite, which we will eventually resume for
good. In the meantime, please let me apologize for my countrymen and for
my government for asking you to shoulder most of the burden again..."

It's clear that the U.S. administration is putting out feelers to again
ban publication of strong encryption. See
http://www.wired.com/news/politics/0,1283,46816,00.html.

The evil gnomes who keep advancing unconstitutional U.S. anti-crypto
policies know that the current hysteria in Congress and the Administration
will not last forever, so they will probably move very quickly -- within a
week is my guess -- to re-control encryption, either by a unilateral
action of the Administration (by amending the Export Administration
Regulations), or by stuffing a rider onto some so-called "emergency" bill
in Congress.

They maneuvered very carefully in the Bernstein case, so that there is no
outstanding injunction against violating the Constitution this way -- and
even no binding 9th-Circuit precedent that tells them it's
unconstitutional to do so. They know in their hearts that numerous judges
have found it unconstitutional, but they have proven throughout the
seven-year history of the case that they don't give a damn about the
Constitution. That means it may take weeks, months, or years for civil
liberties workers to get a judge to roll back any such action. Not just
days. We won the case, but they squirmed out of any permanent restrictions
-- so far.

The U.S. government has a new mania for wiretapping everyone in case he
might be a terrorist. There are already two bills in Congress to make it
trivial for them to wiretap anybody on flimsy excuses, and to
retroactively justify their precipitous act of rolling Carnivore boxes
into major ISPs this week and demanding, without legal authority, that
they be put at the heart of the networks (see
http://www.politechbot.com/docs/cta.091401.html).

Even more than before, we will need good encryption tools, merely to
maintain privacy for law-abiding citizens, political activists, and human
rights workers. (In the current hysteria, mere messages advocating peace
or Constitutional rights might best be encrypted.) The European Parliament
also recently recommended that European communications be routinely
encrypted to protect them from pervasive U.S. Echelon wiretaps.

Some U.S. developers, who thought such a reversal would never happen, have
built or maintained a number of good Open Source encryption tools in the
United States, and may not have lined up solid foreign maintainers or home
sites.

LET'S FIX THAT! We need volunteers in many countries to mirror current
distributions, CVS trees, etc. We need volunteers to also act as
maintainers, accepting patches and integrating them into solid releases.

(Note that too many countries have pledged to stand toe-to-toe with the
U.S. while they march off to make war on somebody, though they can't
figure out who it is yet. If you live in one of those countries, you may
suddenly find that your own crypto regs have been sneakily altered. Take
care that each useful package has maintainers and distribution points in
diverse countries.)

I haven't kept close track of which packages are in danger. I suggest that
people nominate packages, that others immediately grab mirror copies of
them as they are nominated, and that some of those who mirror them keep
quiet, in case hysterical governments make a concerted effort to stamp out
all copies and/or all major distribution sites. If you aren't the quiet
type, then AFTER immediately pulling a copy of the code outside U.S.
jurisdiction, announce your mirror.

We freedom-loving U.S. citizens have had to rely on the freedom-loving
citizens of saner countries to do the work of making strong encryption for
many years. We had a brief respite, which we will eventually resume for
good. In the meantime, please let me apologize for my countrymen and for
my government for asking you to shoulder most of the burden again. Thank
you so much.

P.S.: Companies with proprietary encryption packages might consider
immediately Open Sourcing and exporting their encryption add-ins, so their
customers can still get them from overseas archives, or taking other
actions to safeguard the privacy and integrity of their customers' data
and their society's infrastructure. I also advise that they lobby like
hell to keep privacy and integrity legal in the U.S.