Please make stable NON-US homes for strong crypto projects

From: Eugene Leitl (
Date: Sat Sep 15 2001 - 11:13:09 MDT

I'm usually not forwarding messages from cryptography@ here, but this one
is an exception.

---------- Forwarded message ----------
Date: Sat, 15 Sep 2001 00:32:12 -0700
From: John Gilmore <>
Subject: Please make stable NON-US homes for strong crypto projects

It's clear that the US administration is putting out feelers to
again ban publication of strong encryption. See:,1283,46816,00.html

The evil gnomes who keep advancing unconstitutional US anti-crypto
policies know that the current hysteria in Congress and the
Administration will not last forever. So they will probably move very
quickly -- within a week is my guess -- to re-control encryption,
either by a unilateral action of the Administration (by amending
the Export Administration Regulations), or by stuffing a rider onto
some so-called "emergency" bill in Congress.

They maneuvered very carefully in the Bernstein case such that there
is no outstanding injunction against violating the Constitution this
way -- and even no binding 9th-Circuit precedent that tells them it's
unconstitutional to do so. They know in their hearts that numerous
judges have found it unconstitutional, but they have proven throughout
the seven-year history of the case that they don't give a damn about
the Constitution. Which means it may take weeks, months or years for
civil liberties workers to get a judge to roll back any such action.
Not just days. We won the case, but they squirmed out of any
permanent restrictions -- so far.

The US government has a new mania for wiretapping everyone in case
they might be a terrorist. There's already two bills in Congress to
make it trivial for them to wiretap anybody on flimsy excuses, and to
retroactively justify their precipitous act of rolling Carnivore boxes
into major ISPs this week and demanding, without legal authority, that
they be put at the heart of the networks. See:

Even more than before, we will need good encryption tools, merely to
maintain privacy for law-abiding citizens, political activists, and
human rights workers. (In the current hysteria, mere messages
advocating peace or Constitutional rights might best be encrypted.)
The European Parliament also recently recommended that European
communications be routinely encrypted to protect them from pervasive
US Echelon wiretaps.

Some US developers, who thought such a reversal would never happen,
have built or maintained a number of good open source encryption tools
in the United States, and may not have lined up solid foreign
maintainers or home sites.

LET'S FIX THAT! We need volunteers in many countries to mirror
current distributions, CVS trees, etc. We need volunteers to also
act as maintainers, accepting patches and integrating them into
solid releases.

(Note that too many countries have pledged to stand toe-to-toe with the
US while they march off to make war on somebody they can't figure out
who it is yet. If you live in one of those countries, you may
suddenly find that your own crypto regs have been sneakily altered.
Take care that each useful package has maintainers and distribution
points in diverse countries.)

I haven't kept close track of which packages are in danger. I
suggest that people nominate packages on this mailing list, and that
others immediately grab mirror copies of them as they are nominated.
And that some of those who mirror them keep quiet, in case hysterical
governments make a concerted effort to stamp out all copies and/or all
major distribution sites. If you aren't the quiet type, then *AFTER*
announce your mirror on this mailing list.

We freedom-loving US citizens have had to rely on the freedom-loving
citizens of saner countries, to do the work of making strong
encryption, for many years. We had a brief respite, which we will
eventually resume for good. In the meantime, please let me apologize
for my countrymen and for my government, for asking you to shoulder
most of the burden again. Thank you so much.

        John Gilmore

PS: Companies with proprietary encryption packages might consider
immediately open-sourcing and exporting their encryption add-ins, so
their customers can still get them from overseas archives. Or taking
other actions to safeguard the privacy and integrity of their
customers' data and their society's infrastructure. I also advise
that they lobby like hell to keep privacy and integrity legal in the US.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to

This archive was generated by hypermail 2b30 : Fri Oct 12 2001 - 14:40:47 MDT