Today’s New York Times, in an article by John Schwartz, reports on the availability of export-controlled software outside the U.S. Certain software that has defense applications is not allowed to be shipped to “pariah countries” such as North Korea and Iraq. Unauthorized copies of such software are available for sale in China, and presumably the Chinese sellers would be willing to ship them anywhere.

The article works hard to conflate export violations with copyright infringement, even using the word “piracy” in the title, and claiming that “Digital piracy … has moved into more dangerous territory” as “[a] black market has emerged for scientific and engineering software powerful enough to fall under United States export restrictions.”

The implication is that the Internet is a big part of the problem. And yet a careful reading of the article reveals no evidence that the illicit copies of the software left the U.S. via the Internet (as opposed to being mailed or hand-carried). Certainly the black market in export-controlled software was flourishing long before the Internet became popular.

The real problem is the illusion that a software package can be sold widely, even to customers outside the U.S., without its becoming available to a motivated adversary who wants it. Even if it were somehow made impossible to copy export-controlled software packages, our adversaries would still be able to buy or steal authorized copies.

This is obvious to people who have experience in the export-control wars. Stewart Baker, who was General Counsel at the National Security Agency during the crypto export control debates, points out the folly of the current approach:

To his mind, Mr. Baker said, [these] problems are part of a broader trend of mistakenly looking at national security issues as problems for law enforcement. “O.K., you can’t prosecute ’em,” he said. “Well, duh.”

Ted Bridis at AP confirms, based on an internal investigation by court staff, that the early release to the Web of Judge Kollar-Kotelly’s rulings in the Microsoft case was just a mistake by someone on the staff.

Simson Garfinkel has an interesting reaction to Kevin Mitnick’s recent book.

Mitnick, “the most famous computer hacker of our time,” claims to have operated mainly by social engineering, that is, by conning people into giving him restricted information. Garfinkel describes how Mitnick-type attacks can be mitigated by wisely-designed technology.

Update (8:42 PM): The item below, which I am leaving here only to maintain a complete record, was INCORRECT. It was based on an inaccurate report from a reader, which was discovered when I asked the reader a few more questions. At this point, although the ruling was put on the Court’s website early, there is no evidence that the Court’s email was also released early.

======

[INCORRECT ITEM:]

Earlier I wrote about Friday’s Microsoft ruling being available at a hidden URL on the Court’s site at 2:40 PM, about two hours before the official release time.

Reader [name deleted] reports receiving the Court’s emailed release of the ruling at about 3:15 PM, more than an hour before the scheduled release. (I received it about about 5:00 PM, but the message was listed as sent at 3:15 PM.)

Previous rulings in the case had been released after the stock market closed on a Friday, and this ruling was announced to follow that schedule. It’s not clear why it was released early. It seems unlikely that the judge changed her mind about when to release it. Perhaps the plan was to release it at 4:30, but once it was clear that the information had leaked from the website, somebody decided to release the email.

Any other theories?