this post was submitted on 07 Sep 2025

736 points (99.2% liked)

Today I Learned

24627 readers

719 users here now

What did you learn today? Share it with us!

We learn something new every day. This is a community dedicated to informing each other and helping to spread knowledge.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)

Rule 1- All posts must begin with TIL. Linking to a source of info is optional, but highly recommended as it helps to spark discussion.

** Posts must be about an actual fact that you have learned, but it doesn't matter if you learned it today. See Rule 6 for all exceptions.**

Rule 2- Your post subject cannot be illegal or NSFW material.

Your post subject cannot be illegal or NSFW material. You will be warned first, banned second.

Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.

Rule 4- No self promotion or upvote-farming of any kind.

That's it.

Rule 5- No baiting or sealioning or promoting an agenda.

Posts and comments which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.

Rule 6- Regarding non-TIL posts.

Provided it is about the community itself, you may post non-TIL posts using the [META] tag on your post title.

Rule 7- You can't harass or disturb other members.

If you vocally harass or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.

For further explanation, clarification and feedback about this rule, you may follow this link.

Rule 8- All comments should try to stay relevant to their parent content.

Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.

Rule 10- Majority of bots aren't allowed to participate here.

Unless included in our Whitelist for Bots, your bot will not be allowed to participate in this community. To have your bot whitelisted, please contact the moderators for a short review.

Partnered Communities

You can view our partnered communities list by following this link. To partner with our community and be included, you are free to message the moderators or comment on a pinned post.

Community Moderation

For inquiry on becoming a moderator of this community, you may comment on the pinned post of the time, or simply shoot a message to the current moderators.

founded 2 years ago

MODERATORS

Thekingoflorda@lemmy.world

Rooki@lemmy.world

_MoveSwiftly@lemmy.world

DriftingDeep@lemmy.world

ericisshort@lemmy.world

Decoy321@lemmy.world

736

TIL: Until the late 90s, it was illegal to export encryption software that used keys over 40 bits in size from the USA. This lead to a criminal investigations of the creator of PGP and others. (en.wikipedia.org)

submitted 2 days ago by als@lemmy.blahaj.zone to c/til@lemmy.world

58 comments fedilink hide all child comments

The software was classed as munitions and one needed an arms dealer's license to publish it, including online. The creator of PGP published the full source code as a book, as these are covered under first amendment rights.

top 50 comments

sorted by: hot top controversial new old

[–] DandomRude@lemmy.world 182 points 2 days ago* (last edited 2 days ago) (2 children)

Yes, that was indeed a very interesting story:

Zimmermann challenged these regulations in an imaginative way. In 1995, he published the entire source code of PGP in a hardback book, via MIT Press, which was distributed and sold widely. Anyone wishing to build their own copy of PGP could cut off the covers, separate the pages, and scan them using an OCR program (or conceivably enter it as a type-in program if OCR software was not available), creating a set of source code text files. One could then build the application using the freely available GNU Compiler Collection. PGP would thus be available anywhere in the world. The claimed principle was simple: export of munitions—guns, bombs, planes, and software—was (and remains) restricted; but the export of books is protected by the First Amendment. The question was never tested in court with respect to PGP. In cases addressing other encryption software, however, two federal appeals courts have established the rule that cryptographic software source code is speech protected by the First Amendment (the Ninth Circuit Court of Appeals in the Bernstein case and the Sixth Circuit Court of Appeals in the Junger case)...

(Source)

[–] Im_old@lemmy.world 51 points 2 days ago

Yep, we called them crypto wars

[–] SPRUNT@lemmy.world 2 points 1 day ago

Zimmerman flew, and Tyler knew!

[–] DeathByBigSad@sh.itjust.works 78 points 2 days ago (6 children)

Fun fact: They made encryption on Ham/GMRS radios illegal because they didn't want the average citizenry to have access to secure off-grid comms without government spyware on networks that they control.

Reject Smarphones, Return to Amateur Radios. Just modify some radios, add a raspberry pi to do enccyption on the voice before it gets transmitted.

THEY CANT ARREST US ALL! (seriously tho, I haven't heard of the FCC actually doing anything, unless you were jamming the airport radios or something crazy)

[–] Natanael@infosec.pub 25 points 1 day ago (1 children)

It's illegal on licensed HAM channels, but legal on unlicensed channels like the 2.4 and 5Ghz ranges

Don't ask me why the distinction still remains

[–] missfrizzle@discuss.tchncs.de 12 points 1 day ago

international treaties, for one. second because lack of encryption discourages commercial/non-hobbyist use. third because the spirit of Ham is for Hams to all listen and transmit to each other.

[–] missfrizzle@discuss.tchncs.de 19 points 1 day ago* (last edited 1 day ago)

I think FCC still takes it pretty seriously.

just use Meshtastic/LoRa. you can use encryption and you don't need a Ham license. your output power is limited but I've heard of people getting 50+ miles of range for reception.

specifically, for ham you're not allowed to obscure the meaning of your transmissions. this means no:

symmetric cryptography
numbers stations (one-time pad ciphers)
communicating in codewords ("the Falcon has left the nest, over!"

but you can use:

compression
commercial telegraph codes (e.g. 22415 = "Partly cloudy with a chance of showers"), as long as you're using a public codebook
message authentication codes (to prevent forging messages)
(arguably) asymmetric cryptography for signatures, identity challenge/response
encrypted control messages for hobbyist satellites (special exemption)

so authentication is possible, just not privacy.

[–] prettybunnys@sh.itjust.works 14 points 2 days ago (1 children)

… this sounds like a fun project for the high school electronics club

[–] josefo@leminal.space 2 points 1 day ago

Hell is a fun project for me too lol. I wonder if I could layer it with ggwave for shit and jiggles

[–] bigfondue@lemmy.world 11 points 1 day ago* (last edited 1 day ago)

The primary reason is the FCC can't tell if the encrypted transmissions are commercial or otherwise illegal. The amateur bands would be full of high frequency trading brokerages, drug traffickers, and spies.

[–] possiblylinux127@lemmy.zip 7 points 1 day ago

...they definitely can arrest a bunch of people. A better way would be to challenge it in court.

Or you could use other protocols like LoRaWAN

[–] GreenShimada@lemmy.world 7 points 1 day ago

Encryption using IP over HAM is still illegal - you can't access Lemmy because it's an HTTPS site, because we live in the 21st century.

[–] quick_snail@feddit.nl 52 points 2 days ago* (last edited 2 days ago) (1 children)

You're referring to the Crypto Wars

https://en.wikipedia.org/wiki/Crypto_Wars

Darknet diaries has a great episode on it. Highly recommend.

https://darknetdiaries.com/episode/12/

[–] AnarchistArtificer@slrpnk.net 9 points 2 days ago (1 children)

Thank you. I've watched a bunch of Darkness diaries (Usually ones that people on external sites say "this one is really good, you should watch it"), but I've found it hard to get into (the perils of a podcast's large backlog being compared to a highlight reel). I haven't watched this episode though, so I look forward to checking it out

load more comments (1 replies)

[–] CosmicTurtle0@lemmy.dbzer0.com 45 points 2 days ago (1 children)

Related xkcd

load more comments (1 replies)

[–] Kolanaki@pawb.social 33 points 1 day ago (2 children)

the software was clsssified as munitions

lol wtf

[–] massacre@lemmy.world 19 points 1 day ago (2 children)

Encryption has played deciding roles in warfare going back to ancient times

[–] Kolanaki@pawb.social 15 points 1 day ago (4 children)

Like, I get wanting to not give your enemies cool toys, but the way they did it here is pretty funny. Why not just... Make a new, specific classification?

[–] Tja@programming.dev 8 points 1 day ago

Because pizza is a vegetable and politicians are not the most competent bunch.

[–] dmention7@midwest.social 5 points 1 day ago

Playing Devil's Advocate - If the classification of "munitions" effectively provided all the legal protections and requirements that they wanted to apply to encryption software, it would have been a lot of wasted time and effort to create a new classification and then update all the other legal documents to include and refer to that new classification.

Like, I don't even want to guess how many references to "munitions" exist in various laws and regulations that would have then needed to be reviewed, amended, debated in committees, and ultimately voted on.

load more comments (2 replies)

[–] pressanykeynow@lemmy.world 3 points 1 day ago (3 children)

How did they use encryption in ancient times?

[–] Ludrol@szmer.info 8 points 1 day ago (1 children)

https://en.m.wikipedia.org/wiki/Scytale

[–] pressanykeynow@lemmy.world 3 points 1 day ago

Damn, 7th century BC, that's amazing.

[–] massacre@lemmy.world 6 points 1 day ago

I cannot recommend this book enough: https://en.wikipedia.org/wiki/The_Code_Book and your local library should have it. It's an entertaining read.

[–] ChairmanMeow@programming.dev 5 points 1 day ago (2 children)

Well the Caesar Cipher is named after you-know-who, who used it. And the subsequent Vigènere Cipher has been in use since medieval times.

[–] pressanykeynow@lemmy.world 3 points 1 day ago (1 children)

I wonder how it worked for them given how simple this cipher is and that messages could take months to deliver.

[–] ChairmanMeow@programming.dev 5 points 1 day ago (1 children)

Probably well enough, your basic footsoldier may not have been literate, and few were probably familiar enough with ciphers in general to know or be able to recognize the technique used.

load more comments (1 replies)

[–] Threeme2189@lemmy.world 2 points 1 day ago* (last edited 1 day ago) (1 children)

How does Voldemort play into this? Which of the Harry Potter books included Caesar?

[–] vaultdweller013@sh.itjust.works 3 points 1 day ago

Harry Potter Et Ille Imperator Et Gaulia

[–] zqps@sh.itjust.works 4 points 1 day ago

Restricting import and export of "military-grade" encryption hardware is still a thing in some countries. And this reaction from boomer politicians is not too surprising if that's how it is advertised, rather than "encryption implemented by every cheap-ass smart appliance out there". Which is what RSA and ECDSA are.

[–] Itdidnttrickledown@lemmy.world 31 points 2 days ago (1 children)

Also anyone with a civilian GPS couldn't use it for precise measurement because they added a deliberate error into them. It also took twenty to thirty minutes to download a gif of Samantha Foxes tits. PGP was really popular then. There were version on every dial in BBS in the US. Without a doubt someone/anyone overseas that wanted it, had it. It was a joke of security theater and didn't last.

[–] Dasus@lemmy.world 12 points 1 day ago (1 children)

It wasn't an error, as such. They had just limited the resolution available for most people. It was called "Selected Availability".

[–] Itdidnttrickledown@lemmy.world 4 points 1 day ago

It was described at the time by every one including the government as a deliberate error. I knew it had a name attached to it but it is inconsequential. It caused the readings to jump around randomly making the resolution somewhere are fifty to seventy five feet. Bill the blowjob bubba clinton had it turned off during his administration.

[–] kinther@lemmy.world 21 points 2 days ago (1 children)

I had one of those t-shirts in the early 00s. Got it at a Goodwill and hung it on my wall for a while

[–] shane@feddit.nl 2 points 1 day ago

I got one in the late 1990s. I wore it on a few trips from the US to Europe and was happily never jailed.

[–] RaccoonBall@lemmy.ca 17 points 2 days ago (2 children)

Yep I remember the scary text the came with certain software threatening superjail if you sent the exe overseas

[–] Tja@programming.dev 2 points 1 day ago

As some from outside of the US, I also remember you had to pinky promise you are in the US to download the good version of Mozilla.

[–] dullbananas@lemmy.ca 2 points 1 day ago

Jail Pro.

[+] halfapage@lemmy.world 14 points 2 days ago (2 children)

[deleted]

[–] Danitos@reddthat.com 19 points 1 day ago* (last edited 1 day ago) (3 children)

You'll love to hear that Blu-ray's format protection creators tried making illegal publishing the hexagesimal number "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0". https://en.m.wikipedia.org/wiki/Illegal_number#Background.

[–] Dasus@lemmy.world 5 points 1 day ago (1 children)

that came to prominence in May 2007 is an example of a number claimed to be a secret, and whose publication or inappropriate possession is claimed to be illegal in the United States

The article doesn't even assert it's illegal. Just asserts someone has said so.

[–] Danitos@reddthat.com 2 points 1 day ago* (last edited 1 day ago)

AACS did push with DMCA complains to remove any referente of the number back in the day. However, another article claims "No one has been arrested or charged for finding or publishing the original key".

You are right, thanks for the correction, will edit my comment.

load more comments (2 replies)

[–] jerkface@lemmy.ca 17 points 2 days ago* (last edited 2 days ago) (1 children)

It's shocking to me the major events of my life that have fallen into the memory hole. It's not just that younger people haven't learned about them, older people have just filtered them out. It's like we live in an eternal now that stretches infinitely in both directions, until it abruptly changes and yet another new reality becomes our new past and future.

[–] Alcoholicorn@mander.xyz 5 points 2 days ago

That's not new, often you can look at events boomers claim to have witnessed and find actual accounts completely different, like soldiers returning home from Vietnam and getting spit on and called baby killer, feminists burning bras.

You look back further and there's so much discrepancy between accounts of the civil war and then reconstruction, and then second rise of the kkk during these events and just 2 decades later.

[–] thebudman420@lemmy.world 14 points 1 day ago (2 children)

The whole thing reads like this is weak encryption that doesn't actually work and that is what they wanted people to have for that false sense of security. That's wild

load more comments (2 replies)

[–] wulrus@lemmy.world 12 points 2 days ago* (last edited 1 day ago) (1 children)

An annoyance that came shortly after was that they were not allowed to ship the Java Runtime Environment / Development Kit with a javax.crypto library that allowed for algorithms stronger than DES (such as AES, Twofish, Blowfish, ...), or long passwords, iirc.

There was some way to download something extra (Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files) and fiddle it in, but with regulation in the US, I think.

I was quite sad when I made one of my early programs based on that and it turned out to be useless to US citizens, and hard to use for everyone else. I think I made a bouncycastle-based version later, but it was basically a full rewrite.

Edit: I'm starting to remember more absurdities of the time: Even with the JCE, the best algorithm for symmetric encryption was 3DES, which was not a legal requirement, just laziness of Sun Microsystems. While it was somewhat safe, it was less than ideal and really slow.

[–] Tja@programming.dev 2 points 1 day ago

Fun fact, Google pay and other "modern" payment processors still had to use 3DES until 2020 at least (might still do, I got out of the industry).

[–] carrylex@lemmy.world 10 points 2 days ago (1 children)

Not all heroes wear capes

[–] possiblylinux127@lemmy.zip 5 points 1 day ago

https://en.m.wikipedia.org/wiki/Bernstein_v._United_States

[–] pineapplelover@lemmy.dbzer0.com 3 points 2 days ago

Alr how do I get this shirt?

load more comments