One of my prized possessions, now in a box in a closet somewhere, is a T-shirt that says on its front "This T-shirt is a munition." Underneath it is some machine-readable barcode that encodes the RSA public-key encryption algorithm expressed in Perl. As the seller of the shirt advertised, "it's machine washable and machine readable."
When I bought and regularly wore that shirt, taking it out of the country was a crime punishable by up to a $1 million fine and 10 years in federal prison. This is because U.S. rules under the International Traffic in Arms Regulation (ITAR), then enforced by the Department of Commerce, ruled that strong encryption qualified as a munition subject to export controls and requiring a special license for export. After the
Dan Bernstein case was decided in 1996, computer source code printed in a book (human readable format) was not subject to export controls, but computer source code in a machine readable format, such as on my shirt, still was. So I could wear my other T-shirt with RSA Perl code on it, which had a program in the shape of a dolphin, out of the country, but not the machine readable "This T-shirt is a munition" shirt. The implication was that you could take a copy of Bruce Schneier's
Applied Cryptography out of the country without an export license, but not a disk containing the very same code fragments printed in the book.
This website authored by Adam Back, written at the time, proposed some possible motives for government restrictions on cryptography.
What the ITAR regulations on cryptography did for Internet software development was prohibit web browsers and server software from implementing the strong encryption necessary to protect electronic commerce from being exported from the United States. The result was that this development work simply occurred offshore. There were no barriers to importation of the software into the U.S., only to export it out. So the software was developed and sold by companies in places like Canada, Russia, and Estonia, which had no such inane restrictions.
Finally, in 1999, the U.S. wised up and relaxed the ITAR restrictions on encryption, allowing export without a license to most countries (the exceptions being countries with links to state-sponsored terrorism).
But ITAR is still around, and still having the unintended effect of pushing business out of the United States. The current victim is commercial satellite production. In 1999, ITAR authority over satellite technology export was shifted from the Department of Commerce to the Department of State, and since that time the U.S. share of commercial satellite manufacturing has dropped from 83% to 50%. The company Alcatel Alenia Space, now known as Thales Alenia, took steps in the late nineties to eliminate all U.S.-manufactured components from its satellites, with the result that it has subsequently doubled its market share to over 20%. The European Space Agency, Canada's Telesat, and the French company EADS Sodern, that makes satellite control and positioning systems, have all been phasing out their use of U.S.-supplied components. They've done this because dealing with U.S. vendors increases costs (due to regulatory compliance costs) and causes unpredictable delays in the supply of parts.
Nevada's Bigelow Aerospace delivered an aluminum satellite stand to Russia in 2006, which Robert Bigelow described as "indistinguishable from a common coffee table." But because it's associated with a satellite and officially part of a satellite assembly, it is covered by ITAR and had to be guarded by two security guards at all times. Even commodity items like screws and wiring, when part of a satellite, are covered by ITAR regulations.
The purpose of ITAR is to prevent key U.S. technologies with military applications from being leaked out to other countries that might be hostile to the U.S. But the effect of its overly broad application has been to shift the development of that technology to other countries and reduce the ability of U.S. companies to compete in the commercial satellite business.
Congress should look to reform ITAR--when export controls are so badly broken as to have nearly the opposite of the intended effect, they clearly need to be relaxed.
(Satellite and ITAR info via
"Earthbound," The Economist, August 23, 2008, pp. 66-67.)
Posts
