From: hmiller@orion.it.luc.edu (Hugh Miller) Subject: REVISED: Zimmermann Defense Fund Appeal Date: 1995/12/16 Message-ID: <4at6dc$q58@news.missouri.edu> followup-to: alt.security.pgp,talk.politics.crypto resent-from: rich organization: Loyola University of Chicago newsgroups: misc.activism.progressive originator: rich@pencil.cs.missouri.edu -----BEGIN PGP SIGNED MESSAGE----- Phil Zimmermann Legal Defense Fund Appeal In November, 1976, Martin Hellman and Whitfield Diffie announced their discovery of public-key cryptography by beginning their paper with the sentence: "We stand today on the brink of a revolution in cryptography." We stand today on the brink of an important battle in the revolution they unleased. Philip Zimmermann, who encoded and released the most popular and successful program to flow from that discovery, Pretty Good Privacy ("PGP"), may be about to go to court. It has been over fourteen months now since Phil was first informed that he was the subject of a grand jury investigation being mounted by the San Jose, CA, office of US Customs into the international distribution, over the Internet, of the original version of the program. On January 12th, Phil's legal team will meet for the first time with William Keane, Assistant US Attorney for the Northern District of California, who is in charge of the grand jury investigation, in San Jose. An indictment, if one is pursued by the government after this meeting, could be handed down very shortly thereafter. If indicted, Phil would likely be charged with violating statute 22 USC 2778 of the US Code, "Control of arms exports and imports." This is the federal statute behind the regulation known as ITAR, "International Traffic in Arms Regulations," 22 CFR 120.1 et seq. of the Code of Federal Regulations. Specifically, the indictment would allege that Phil violated 22 USC 2778 by exporting an item listed as a "munition" in 22 CFR 120.1 et seq. without having a license to do so. That item is cryptographic software -- PGP. At stake, of course, is far more than establishing whether Phil violated federal law or not. The case presents significant issues and will establish legal precedent, a fact known to everyone involved. According to his lead counsel, Phil Dubois, the US government hopes to establish the proposition that anyone having anything at all to do with an illegal export -- even someone like Phil, whose only involvement was writing the program and making it available to US citizens and who has no idea who actually exported it -- has committed a federal felony offense. The government also hopes to establish the proposition that posting a "munition" on a BBS or on the Internet is exportation. If the government wins its case, the judgment will have a profound chilling effect on the US software industry, on the free flow of information on the emerging global networks, and in particular upon the grassroots movement to put effective cryptography in the hands of ordinary citizens. The US government will, in effect, resurrect Checkpoint Charlie -- on the Information Superhighway. By now, most of us who are reading this know about Phil and the case, whether by having the program and reading the doc files or by seeing reports in the Wall Steet Journal, Time, Scientific American, the New York Times, Wired, US News and World Report, and hundreds of other news outlets; on Usenet groups like talk.crypto.politics or alt.security.pgp; or by listening to Phil give talks such as the one he gave at CFP '94 in Chicago. We know that PGP has made great strides since version 1.0, and is now a sophisticated encryption and key-management package which has become the de facto standard in both micro and mainframe environments. We know that Phil and the PGP development team successfully negotiated a commercial license with Viacrypt, and, through the efforts of MIT, a noncommercial license for PGP with RSA Data Security, the holders of the patent on the RSA algorithm on which PGP is based, thus freeing the program from the shadow of allegations of patent infringement. We know that programs such as PGP represent one of our best bulwarks in the Information Age against the intrusions of public and private information gatherers. We know that PGP is a key tool in insuring that the "Information Superhighway" will open the world to us, without opening us to the world. What we may not all know is the price Phil has had to pay for his courage and willingness to challenge the crypto status quo. For years now Phil has been the point man in the ongoing campaign for freely available effective cryptography for the everyday computer user. The costs, personal and professional, to him have been great. He wrote the original code for PGP 1.0 by sacrificing months of valuable time from his consulting career and exhausting his savings. He continues to devote large amounts of his time to testifying before Congress, doing public speaking engagements around the world, and agitating for "cryptography for the masses," largely at his own expense. He is now working, still for free, on the next step in PGP technology, PGP Phone, which will turn every PC with a sound card and a modem into a secure telephone. And we know that, just last month, he was searched and interrogated in the absence of counsel by US Customs officials upon his return from a speaking tour in Europe. Phil's legal team consists of his lead counsel, Philip Dubois of Boulder, CO; Kenneth Bass of Venable, Baetjer, Howard & Civiletti, in Washington, DC, first counsel for intelligence policy for the Justice Department under President Carter; Eben Moglen, professor of law at Columbia and Harvard Universities; Curt Karnow, a former assistant US attorney and intellectual property law specialist at Landels, Ripley & Diamond in San Francisco; and Thomas Nolan, noted criminal defense attorney in Menlo Park. While this is a stellar legal team, what makes it even more extraordinary is that several of its members have given their time for free to Phil's case. Still, while their time has been donated so far, other expenses -- travel, lodging, telephone, and other costs -- have fallen to Phil. If the indictment is handed down, time and costs will soar, and the members of the team currently working pro bono may no longer be able to. Justice does not come cheap in this country, but Phil deserves the best justice money can buy him. This is where you and I come in. Phil Dubois estimates that the costs of the case, leaving aside the lawyers' fees, will run from US$100,000 - $150,000. If Phil's team must charge for their services, the total cost of the litigation may range as high as US$300,000. The legal defense fund is already several thousand dollars in the red and the airline tickets to San Jose haven't even been purchased yet. In September, 1993 I wrote a letter urging us all to support Phil, shortly after the first subpoenas were issued by Customs. Today the need is greater than ever, and I'm repeating the call. Phil has assumed the burden and risk of being the first to develop truly effective tools with which we all might secure our communications against prying eyes, in a political environment increasingly hostile to such an idea -- an environment in which Clipper chips and digital telephony bills are our own government's answer to our concerns. Now is the time for us all to step forward and help shoulder that burden with him. It is time more than ever. I call on all of us, both here in the US and abroad, to help defend Phil and perhaps establish a groundbreaking legal precedent. PGP now has an installed base of hundreds of thousands of users. PGP works. It must -- no other "crypto" package, of the hundreds available on the Internet and BBS's worldwide, has ever been subjected to the governmental attention PGP has. How much is PGP worth to you? How much is the complete security of your thoughts, writings, ideas, communications, your life's work, worth to you? The price of a retail application package?i Send it. More? Send it. Whatever you can spare: send it. A legal trust fund, the Philip Zimmermann Defense Fund (PZDF), has been established with Phil Dubois in Boulder. Donations will be accepted in any reliable form, check, money order, or wire transfer, and in any currency, as well as by credit card. You may give anonymously or not, but PLEASE - give generously. If you admire PGP, what it was intended to do and the ideals which animated its creation, express your support with a contribution to this fund. * * * Here are the details: To send a check or money order by mail, make it payable, NOT to Phil Zimmermann, but to "Philip L. Dubois, Attorney Trust Account." Mail the check or money order to the following address: Philip Dubois 2305 Broadway Boulder, CO USA 80304 (Phone #: 303-444-3885) To send a wire transfer, your bank will need the following information: Bank: VectraBank Routing #: 107004365 Account #: 0113830 Account Name: "Philip L. Dubois, Attorney Trust Account" Now here's the neat bit. You can make a donation to the PZDF by Internet mail on your VISA or MasterCard. Worried about snoopers intercepting your e-mail? Don't worry -- use PGP. Simply compose a message in plain ASCII text giving the following: the recipient ("Philip L. Dubois, Attorney Trust Account"); the bank name of your VISA or MasterCard; the name which appears on it; a tele- phone number at which you can be reached in case of problems; the card number; date of expiry; and, most important, the amount you wish to do- nate. (Make this last item as large as possible.) Then use PGP to en- crypt and ASCII-armor the message using Phil Dubois's public key, en- closed below. (You can also sign the message if you like.) E-mail the output file to Phil Dubois (dubois@csn.org). Please be sure to use a "Subject:" line reading something like "Phil Zimmermann Defense Fund" so he'll know to decrypt it right away. Bona fides: My relation to Phil Z. is that of a long-time user and advocate of PGP and a personal friend. For over a year I moderated the (no longer published) digest, Info-PGP, on the old lucpul.it.luc.edu site here at Loyola. I am in no way involved with the administration of the PZDF. I volunteer my time on its behalf. Phil Dubois is Phil Z.'s lawyer and lead counsel in the Customs case. He administers the PZDF. To obtain a copy of my public key (with which you can verify the signature on this doc), you have a number of options: - Use the copy which I will append below. - Send mail to me at hmiller@luc.edu with the "Subject:" line reading "send pubkey" - Get it by anon ftp at ftp://ftp.math.luc.edu/pub/hmiller/pubkey.hm - Obtain it from an Internet PGP keyserver machine such as pgp-public-keys@pgp.ai.mit.edu. Just send a mail message to this address with the "Subject:" field "GET hmiller". Other keyserver machines on the Net which accept the same message format (and automatically synchronize keyrings with each other every 10 minutes or so) include: pgp-public-keys@pgp.mit.edu pgp-public-keys@demon.co.uk pgp-public-keys@pgp.ox.ac.uk pgp-public-keys@ext221.sra.co.jp pgp-public-keys@kub.nl pgp-public-keys@pgp.iastate.edu pgp-public-keys@dsi.unimi.it pgp-public-keys@pgp.dhp.com You can verify my public key by calling me at 312-338-2689 (home) or 312-508-2727 (office) and letting me read you my key fingerprint ("pgp -kvc hmiller" after you have put my key on your pubring.pgp keyring). I include it also in my .sig, below, if that's good enough for you. You might also note that Phil Zimmermann has signed my public key. Hopefully he is Node #1 in your Web-of-Trust! His key is available on the net keyservers and in the 'keys.asc' file in the PGP distribution packages. Phil Dubois's pubkey can also be obtained from the keyservers, if you prefer that source to the text below, and from 'keys.asc'. Phil Z. has signed his key as well. Here is Phil Dubois's public key: - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.7 mQCNAiyaTboAAAEEAL3DOizygcxAe6OyfcuMZh2XnyfqmLKFDAoX0/FJ4+d2frw8 5TuXc/k5qfDWi+AQCdJaNVT8jlg6bS0HD55gLoV+b6VZxzIpHWKqXncA9iudfZmR rtx4Es82n8pTBtxa7vcQPhCXfjfl+lOMrICkRuD/xB/9X1/XRbZ7C+AHeDONAAUR tCFQaGlsaXAgTC4gRHVib2lzIDxkdWJvaXNAY3NuLm9yZz6JAJUCBRAsw4TxZXmE uMepZt0BAT0OA/9IoCBZLFpF9lhV1+epBi49hykiHefRdQwbHmLa9kO0guepdkyF i8kqJLEqPEUIrRtiZVHiOLLwkTRrFHV7q9lAuETJMDIDifeV1O/TGVjMiIFGKOuN dzByyidjqdlPFtPZtFbzffi9BomTb8O3xm2cBomxxqsV82U3HDdAXaY5Xw== =5uit - -----END PGP PUBLIC KEY BLOCK----- Here is my (Hugh Miller's) public key: - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAy7frrEAAAEEALzOAQt+eWHzXSDLRgJaQMQ7Uju1xrD9mXAZGAG1GmiTNjKl wK68qOXrwJvnH1BmGtg8GGv53nTeabltpn5crsQVFm+0623M56/T7SOeUBWxxoa0 vvqAA8sJ6ac1/MXY9KIgqxu8Mu6Qwf68C4OnwCbE7T71bi+fjdEdYC5Hk8UpAAUR tB1IdWdoIE1pbGxlciA8aG1pbGxlckBsdWMuZWR1PokAlQMFEC7ryVNleYS4x6lm 3QEBW6YD/2IOIZX9FOggNyemvPwM/EN86KW74ZGuYuTIfPCrvOMy8pFqfE33Bw93 UkyIDj1Yh/nDlclEOO/J0tyngPn2BD2vMtaKIGRhVjnoxQc3BfzdjJ2nnHoFzAjz 0MBxYthysmWYsyF8cQxST6LZLITKkf41dti8SVKYVRWIgkyub02HiQCVAwUQLt/F oNEdYC5Hk8UpAQHD1wP9GdN9OHAKkIRsHeHy0wsEkI4Emb/bHiU+W59Zw7NPWsWF 3WTT1z8GKNToQLUdysbbJuSSk3rD3F4SNGJ+KPjR4674pmEfCVVP8cQPXEl4a3Zs xSLWNI6rG3muUAfLdyZiFP08NthOVlP2h1aOLCqIgkjEYMfQNEgkefBRJd6JywI= =hWCA - -----END PGP PUBLIC KEY BLOCK----- * * * This campaign letter will be posted in a number of Usenet groups. I will also be turning it into a FAQ-formatted document, which will be posted monthly in the relevant groups and which will be available by anonymous ftp from ftp://ftp.math.luc.edu/pub/hmiller/PGP/pzdf.FAQ. If you come upon, or up with, any other ways in which we can help raise funds for Phil, drop me a line at hmiller@luc.edu and let me know, so that I can put it in the FAQ. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLvFO3tEdYC5Hk8UpAQF6IwQAp3Ig71gGRj/dDGXDBdqj55uMQQsywhi2 pEzh0arfrRonqMX0UleysqYqjcUtm0rvbrXoYUy8a9vJzj4Wuyf1dQ6WyqBkcmOX z7RGtoLVxsfTjNNTrY0810SXx/yOMYtBW7mq+zNmqEykGFZTdfsVKFEyFw6AJ//B Ah+LQNb01Xo= =aW2m -----END PGP SIGNATURE----- -- Hugh Miller, Ph.D. Voice: 312-508-2727 Asst. Professor of Philosophy FAX: 312-508-2292 Loyola University Chicago Home: 312-338-2689 6525 N. Sheridan Rd. E-mail: hmiller@luc.edu Chicago, IL 60626 WWW: http://www.luc.edu/~hmiller PGP Public Key 4793C529: FC D2 08 BB 0C 6D CB C8 0B F9 BA 55 62 19 40 21