Bill: My suspicion is that the EFF folk have never heard of Ciphershed, and could use a little more background on what we're doing. You might want to forward the concerns I list in my initial letter, with a general description of the project. Something like.... We're building a forked version of Truecrypt 7.1a. See https://ciphershed.org This is strong, general purpose, file and disk encryption for data at rest. It is intended to be distributed for free. The development team is international and includes US citizens. The developers will not be anonymous, nor will they be paid. The (non-IP) issues I can think of are: What ERA regs apply to this activity? What do we need to do to comply? Does a source code commit to a git repository require notification? How about a binary commit of compiled code? Does it matter if the repository is inside or outside the US? What, if any, are the requirements to distribute the completed, compiled project to end users? Does there need to be a legal nexus in the US? At the moment, we plan to be based overseas, with some developers in the US. Do there remain any concerns over international discussion related to cryptographic technology, as there were in the 1990s? Are there countries whose citizens we should exclude from participation in the development process? Peter Trei -- At the time of writing the above letter, I, Peter Trei, am not under any personal legal compulsion regarding my participation in this project, nor have I been served any warrants, nor do I know of any search or seizure of my assets.