edited by DJB, 931012, for the public record

					[address]
					22 September 1993

Ambassador Michael Newlin, Acting Director
Center for Defense Trade, Department of State
2201 C Street NW
Washington, DC 20520

Subject: Commodity Jurisdiction appeal for snuffle 5.0 software

Dear Ambassador Newlin:

Please be advised that my mail delivery is not reliable. Whenever you
mail something to me, please also send a copy to Shari Steele, Director
of Legal Services, Electronic Frontier Foundation, 1001 G Street NW,
Suite 950E, Washington, DC 20001.

I hereby appeal the commodity jurisdiction decision in CJ 191-92.

The decision stated that snuffle 5.0 ``is designated as a defense
article under U.S. Munitions List Category XIII(b)(1).'' It has come to 
my attention that there may not be a factual basis for this designation.

Category XIII(b)(1) covers ``Cryptographic (including key management)
systems, equipment, assemblies, modules, integrated circuits, components
or software with the capability of maintaining secrecy or
confidentiality of information or information systems,'' with certain
exceptions.

For snuffle 5.0 to be covered by Category XIII(b)(1), it must have ``the
capability of maintaining secrecy or confidentiality of information or
information systems.'' It does not, in fact, have that capability. It 
must be combined with certain cryptographic technology, namely a hash 
function. The hash function provides the capability of maintaining
secrecy or confidentiality. If the hash function is strong then the user
will be able to maintain secrecy. If the hash function is weak then the
user will not be able to maintain secrecy.

There is a difference between, on the one hand, a device which includes
cryptographic technology, and, on the other hand, instructions for using
separate cryptographic technology. The instructions are not the 
technology.

As I stated in my 30 June 1992 CJ request: ``In effect what I want to
export is a description of a way to use existing technology in a more
effective manner. I do not foresee military or commercial use of Snuffle
by anyone who does not already have access to the cryptographic
technology contained in, e.g., the Xerox Secure Hash Function.''

Thank you for your kind attention.

					Sincerely,


					Daniel J. Bernstein

cc: Shari Steele, Director of Legal Services, Electronic Frontier
Foundation, 1001 G Street NW, Suite 950E, Washington, DC 20001