Date: Sat, 1 Jul 1995 17:56:33 GMT From: Adam Back Newgroups: alt.security.pgp, talk.politics.crypto, comp.org.eff.talk, sci.crypt, comp.lang.perl, alt.2600, sci.crypt, alt.politics.org.nsa Subject: ANNOUNCEMENT: perl-RSA "Munitions T-shirt" ready -----BEGIN PGP SIGNED MESSAGE----- Finally I have sorted out ordering info for the UK printing of the munitions T-shirt, and also have found a brave volunteer to print them in the US. Orders are now being taken for both US and UK shirt offers. If you can think of any more relavent forums to post this to, feel free to distribute, last announcement someone posted to some compuserve forums, maybe someother places. Let me know if you do this, so I have an idea of where it's been so nobody sees it twice. (I have also posted to the cypherpunks mailing list, so don't post there, other than that look at the Newsgroups line for groups I have covered). If you're new to the Munitions T-shirt story, read this bit ... otherwise skip to the end for order info. The aim of this shirt is to demonstrate the ridiculous nature of ITAR (crypto regulations) and to show defiance to the NSA and the US state department for their rabid defense of ITAR which they falsely tout as being in the "National security interests". Also the aim is to develop revenue for the Phil Zimmermann Legal Defense Fund. If you don't know who Phil Zimmermann is you should, he put his livelihood, (and possibly his freedom if they indict) on the line for you and your future. If you don't know what ITAR is, you should find out, it is adversely affecting the US software industry, and the whole worlds use of secure crypto on the internet. It is a fight between the rights of the individual and the ever growing power of 'Big Brother'. The loss of privacy, and erosion of freedom of speech for individuals, so read on... - -------------------------------------------------------------------------- Munitions-T EXPLANATION So the question you might be asking yourself is what could you *possibly* print on a T-shirt which would get the T-shirt classified as an export controlled munition? A good question indeed. Well it's all tied up with a set of US regulations called ITAR, and the prosecution of a selfless US software developer name of Phil Zimmermann who is being persecuted by the US state department. There is a set of US regulations called ITAR which make it illegal to export heavy artillery, military aircraft, tanks, chemical and biological weapons, and (spot the odd one out) crypto software. Crypto software (of sufficient strength, the RSA implementation below being capable of using 1024 bit or larger PGP generated RSA keys qualifies amply) is listed on the defense export control list. But all of the openly published algorithms are available and used outside the US. So, for PGP for instance it's pretty silly to restrict export, as PGP uses RSA and IDEA. IDEA was developed in Switzerland, and the RSA algorithm was published in the international CACM journal back in 1978 (and yes there's a copy here in the library at Exeter Univ, as well as just about any other academic library in the world). The RSA algorithm was developed by researchers at MIT one of whom (the 'S' in RSA, Adi Shamir) is an Israeli national, then a researcher at MIT, the other two (Ron Rivest, and Len Adelman) are american. These days RSA programs are sold on the streets of Moscow for a few roubles on floppy disks. And yet the NSA and state department are admant that it is in the "National Security interest" to control export of such software. In reality it is costing the US software industry many millions in lost trade to European, and other software producers who are able to ship secure software without restriction. That mouthful is the motivation behind this small piece of perl code (optimised for size rather than readability :-): #!/usr/local/bin/perl -s-- -export-a-crypto-system-sig -RSA-in-3-lines-PERL { deleted to avoid prosecution... } (WARNING for US people: think carefully before quoting the above 3 lines of code, ITAR may be silly, but the penalties are pretty high ($1,000,000 fines and 10 year prison terms per count of export), you can't say you haven't been warned). That piece of code implements RSA encrypt and decrypt, and is able to use 1024 bit (and larger) PGP generated RSA keys. (RSA being one of the key components of PGP). try it out if you're on a unix system, have a look at: http://dcs.ex.ac.uk/~aba/rsa/ for details of usage etc. Phil Zimmermann is being investigated for possible ITAR violation for writing PGP and allowing it to be exported (he didn't export it btw, neither did the friend he gave a copy to, but some unknown third party without their permission did, so his persecution is just as a scape goat, they're trying to make an example of him to scare others off). Places like MIT, and RSADSI and hundreds of .edu sites have PGP available for ftp with various (not always very secure) export restriction mechanisms, so it is hard to see how Phil is somehow more guilty of ITAR violation than them. Perhaps it is more to do with it being easier to pick on an individual software developer rather than well funded big business or prestigious educational establishments. - -------------------------------------------------------------------------- ITAR A little bit of ITAR should help explain the fun that can be had by printing the program on a T-shirt. Here, verbatim is section 120.17(4) of the ITAR regulations: (4) Disclosing (including oral or visual disclosure) or transferring technical data to a foreign person, whether in the United States or abroad So when you consider that the T-shirt is the technical data, and the proud wearer is doing the disclosing you can see where the fun starts. Note the "visual disclosure .. to a .. foreign person .. in the United States" So you mustn't even let a foreign national *see* it whilst you walk down the street! Are we having fun yet :-) - -------------------------------------------------------------------------- ORDER INFO Either cost only (UK), or 25% proceeds to Phil Z (US)... We now have 2 suppliers, one in the US (for US & Canadians only), and one in the UK (that's me) for the 'free world', you know places like Europe (with the strange exception of France), Australia, New Zealand, Singapore, Japan, etc, etc. US) US orders (25% of proceeds to the Phil Zimmermann legal defense fund): http://colossus.net/wepinsto/ (It's all set up for WWW forms, you can use VISA, M/C, or NetCash buy on-line, optionally using PGP to encrypt CC number) kindly undertaken by Don Henson, WEPIN, if anything goes wrong, like he gets unwanted attention from the NSA, or the US state department, he reserves the right to redirect the 25% to a "Don Henson Legal Defense Fund" :-| Hopefully it won't get to that, as he will only accept US and Canadian orders so that no ITAR violations happen. (If you don't have WWW forms access, send email to dhenson@itsnet.com with subject: SHIRT) If you're not a US or Canadian citizen or permanent resident living in the US or Canada, use the UK shirt offer below. (If you're a foreign national living in the US or Canada, you must obtain the shirt from the UK, as it would be illegal for Don to sell you one. There are no corresponding restrictions on import) UK) Free world: printed in the UK for shipping to anywhere http://dcs.ex.ac.uk/~aba/rsa/uk-shirt.html Cost only (estimated cost, if there is any change, it goes to the PZLDF also) If you're in the US Don's offer is going to work out cheaper. (If you don't have WWW access, send me mail at aba@dcs.ex.ac.uk with subject: SHIRT) And remeber, say NO to key escrow :-) Adam - -- HAVE *YOU* EXPORTED A CRYPTO SYSTEM TODAY? --> http://dcs.ex.ac.uk/~aba/rsa/ - --rsa--------------------------------8<------------------------------------- #!/usr/local/bin/perl -s-- -export-a-crypto-system-sig -RSA-in-3-lines-PERL { deleted to avoid prosecution... } - -------------------------------------8<------------------------------------- TRY: echo squeamish ossifrage | rsa -e 3 7537d365 | rsa -d 4e243e33 7537d365 -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBL/WLaSnIuJ1VakpnAQHXjwP/WIQAXuBuWEdqmKvsz7rVbARE/658BxfN tD4mvK+aZLqUaqdYs6QAC8eFB0lyA0Q5emO81my3O/MZqBgFGZ5VudpI7S910xm8 zrVXtgr8F2XDvOGcGZEDHz2zGpK6jU+4FQNKIA3/55YcaGQIi2T1xLpt8KsaYtmd eNXOJHlcOus= =QSry -----END PGP SIGNATURE----- { some contents deleted to avoid prosecution... }