[Noisebridge-discuss] Deep Crack

Meredith L. Patterson mlp at thesmartpolitenerd.com
Thu Oct 8 09:47:54 UTC 2009


Mikael Vejdemo-Johansson wrote:
> On Oct 7, 2009, at 11:56 PM, Jacob Appelbaum wrote:
>> To give a sense of scale, a reasonable sized cluster of Play  
>> Stations is more powerful than Deep Crack!
> 
> I am well aware of that. Also, after one of my adventures in form  
> filling at Stanford, I've counted myself lucky to not have taught  
> linear algebra yet: I'd probably include field extensions in an  
> interesting enough course, which would give me a reason to discuss AES  
> - and I might even talk modular arithmetic - and RSA.
> 
> And a crypto implementation done on campus - such as an example  
> implementation done for in-class demonstration - falls under separate  
> and MUCH stricted export rules; which means that taking my laptop with  
> my lecture preparations to Europe with me might be ITAR degrees of  
> dangerous... :-(

Ok, now I'm seriously wondering if the naive interpretation[1] actually
does apply to foreign nationals who are professional academics, e.g.,
postdocs and professors, and whose involvement with export-restricted
crypto occurs during the normal course of their employment. As another
example, Nikita Borisov is a Canadian of Russian extraction and a
computer science professor at the University of
Illinois/Urbana-Champaign (and previously was a PhD student at UC
Berkeley). He teaches courses in security and crypto, and is one of the
co-authors of OTR. He also frequently travels to Europe and Asia for
conferences, and it would not surprise me in the slightest if his laptop
contains lecture notes, presentation slides and/or reference
implementations of algorithms such as RSA and AES.

I don't know what visa he's on (though actually I think now it's a green
card, as he married an American), but it strikes me as patently
ridiculous that it would be possible for a university to hire a foreign
national to work on crypto research, or basic research which has bearing
on crypto, and yet for it to be illegal for that researcher to do
his/her job!

On the gripping hand, though, this wouldn't be the first time that US
law has been self-contradictory. I also completely sympathise with
Mikael not wanting to be a legal test case against the US government ...
firsthand experience here, it's totally not as cool as it's cracked up
to be :(

In any case, I look forward to hearing the EFF's opinion. It might also
be of value to solicit opinions from other groups, such as whoever
handles these sorts of legal issues at Stanford and/or Berkeley, in
order to present a stronger argument if the INS does get pissy ("five
out of five legal experts in the field say that your bureaucrats are
full of shit!"). If anyone wants, I would be happy to ask Nikita if he,
his department, or his department's legal counsel have ever encountered
a similar situation.

[1] I am not calling anyone here "naive", I mean "naive" as in
"uninformed/unsophisticated", e.g., the attitude I expect the average
INS employee would have toward cryptography.


Cheers,
--mlp



More information about the Noisebridge-discuss mailing list