Hacker News new | comments | show | ask | jobs | submit login
The PGPi scanning project (pgpi.org)
45 points by yew 1292 days ago | hide | past | web | 12 comments | favorite

PGP (and all encryption schemes that offered key lengths greater than 40-bits) were banned under the State Department ITAR regulations.

These are the same regulations that prohibit the export of 3D model files over the internet if the model is a weapon or a part of a weapon.

The 3D models are banned because they are "technical documentation" (blueprints, manufacturing information). I would argue that the source code to encryption (a "weapon" according to the regulations) also counts are technical documentation. Therefor I think that printing the source code was just as illegal as sending the source code (or compiled software) over the internet.

Try exporting the blueprints or software source for a Gen III+ night vision and see how quickly you are picked up by the FBI.

I can't help but think this whole book thing was more designed to shame the government into letting it be exported, or for a judge to declare that the regulations were unconstitutional, or the guys who did it were misinformed about the law.

The theory was that this was protected as free speech. There's a very strong precedent for the courts protecting arbitrary printed text.

It's difficult to say one way or the other whether it would have held up in the long run because the government backed out of prosecuting without further comment. There were similar issues with DeCSS, the various 'illegal primes', etc . . .

An interesting email on the actual scanning process is available here: http://www.pl.pgpi.org/files/pgp55scan.txt

There's a link to the same content on the main page, but it seems to be broken.

I had trouble finding this with Google-fu but was there not discussion a while back of a format for stringifying file content and encrypting it for printing and dead-tree archiving in a safe or whatnot? I am having trouble finding any info about. I found OllyDbg Paperback, but I am not sure that is what I was looking for. Anyone remember?

I am curious if someone could "paper up" something like PGP to be stored in a safe, if the format I vaguely recall did not go that far.

The two I've seen recently are optar [1] and paperkey [2]. Paperkey is just for pgp keys, however. Optar claims to get about 200kB per A4 page, which seems fairly dense.

[1] http://ronja.twibright.com/optar/ [2] https://news.ycombinator.com/item?id=5746625

Thanks for the links. I spent like 30 minutes searching for this yesterday and totally dropped the ball.

Is it naive of me to think that subsequent "book releases" of the software would be best encoded as patchsets against the original release? It seems wasteful to re-print and then re-OCR the entirety of the codebase.

While I was typing that, I thought of a second point: would it still be a munition if it were only diffs? E.g. Could one put the patchsets on a public server without legal woes, because it's only the full source that's problematic?

Oh wow, I actually remember downloading PGP from PGPi back in the day. My 16 year old mind was blown that they actually scanned the code from books.

Isn't it strange to say that it was then legal when the law is US only and is about export, not about what happens once it is exported?

I guess you could say that this is the first copy of PGP that an American could legally use outside the country, or give to somebody outside the country?

Otherwise yeah, I agree that what they are saying is strange. The fact that prior to this any German using a copy of PGP was using a copy that an American broke the law to give him doesn't mean that the German was himself breaking the law.

> actually 12 books - over 6000 pages

Wouldn't it have been sufficient to scan only the crypto-code? I guess that the bulk of the code deals with UI, keyservers, file formats, etc, so why bother with exporting the non-crypto stuff in paper form?

It was the 90s... There wouldn't have been any structure to the code!

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact