In 1949, the FDA banned domestic production and import of raw-milk cheeses aged fewer than 60 days, following a typhoid outbreak in Canada. The rule was narrow. Its consequences were not.
Soft raw-milk cheeses — Brie de Meaux, Camembert, Reblochon, Époisses, the British Baron Bigod — can’t survive 60 days of aging without fundamentally changing character. These are among the most prized cheeses in the world. Many carry AOC status, Appellation d’Origine Contrôlée, a designation guaranteeing not just origin but production method, and the production method requires raw milk. Strip the raw milk and you don’t have a worse version of the cheese. You have a different cheese using the same name.
The result: an American cheese market populated by pasteurized approximations of things that exist in their genuine form elsewhere. A small trade in the real versions operates underground, reported by the New Yorker as early as 2002, available to those who know where to look.
In 1995, Daniel Bernstein, a mathematician, filed suit against the US State Department. He had written a paper on an encryption algorithm called Snuffle and wanted to publish it. The State Department told him publishing was illegal. Under the International Traffic in Arms Regulations (ITAR), encryption software above a certain key strength was classified as a munition. Posting it to a website accessible from other countries was a federal crime carrying up to ten years in prison.
The government’s position, defended across four years of litigation, was that the specific mathematical property making Bernstein’s algorithm secure — the key length — was what made it a weapon. Strong encryption was the definition of the prohibited category. A mathematician asked to publish a paper on cryptography received the official answer: your work is too strong to be legal.
What followed had the same structure as the cheese underground. PGP was distributed via newsgroups in segments, each small enough to argue that no single piece constituted an export. Phil Zimmermann, who created it, was investigated for three years. To test whether printed source code was protected speech in a way that software files were not, the RSA algorithm was printed on a T-shirt. Wearing it across an international border made you an arguable arms exporter.
Raw-milk cheese runners and PGP segment distributors operated in entirely separate communities and have never been discussed together. The artisanal cheese world has no reason to know about the Bernstein case. Cryptographers don’t follow Époisses import policy. But both operated from the same structural premise: somewhere in the regulatory logic, authenticity had been mistaken for danger. The property that made the thing genuinely itself — unpasteurized milk, strong cryptographic keys — was treated as the disqualifying characteristic. The legal version existed: pasteurized brie, 40-bit encryption. The legal version was not the thing.
Both the raw milk rule and the ITAR encryption controls were drafted to prevent specific harms. Each identified a property associated with the harm, then prohibited any good possessing it — regardless of context. And in both cases, the prohibited property wasn’t incidental to the thing’s value. It was constitutive of it. The milk being raw was what made the cheese that cheese. The key being long was what made the encryption that encryption.
The error came from collapsing context into property. A long cryptographic key isn’t dangerous when used to protect private correspondence; it becomes dangerous only when an adversary uses it to conceal operations from investigators. Unpasteurized milk carries genuine risks in certain handling conditions, not in a carefully aged, low-moisture cheddar turning in a stone cellar for eighteen months. Both regulations treated the property as inherently disqualifying and couldn’t distinguish uses.
Bernstein’s case eventually forced a correction. By 2000, encryption software had moved from the Munitions List to the Commerce Control List. The key lengths previously classified as weapons became the cryptographic layer beneath every HTTPS connection. Liberalization of what had been contraband didn’t produce the feared national security catastrophe. It built the infrastructure of the web.
The cheese regulations haven’t moved. The soft-cheese underground reported in 2002 is still operating. A 2026 piece on the theft of hundreds of thousands of dollars of British artisanal cheddar identifies Russia’s counter-sanction black market and American border crossings as the likeliest destinations. One courier was stopped traveling from Finland with 67 wheels of contraband cheese stuffed into his Volkswagen’s side compartments.
Prohibition doesn’t eliminate demand for the genuine article. It relocates the market. The category error that produces this pattern is recognizable: when the property that defines the thing — raw milk, key length, whatever makes it itself — is the same property used to justify the prohibition, the legal market will always stock an inferior substitute, and the genuine article will always find a way across a border. The correction, when it comes, tends to look obvious in retrospect. The HTTPS layer of the web is built from what used to require a smuggler’s T-shirt. The cheese is still in the Volkswagen.