Re: Export Strong Crypto (was: reference)

New Message Reply About this list Date view Thread view Subject view Author view

Ian Goldberg (iang@CS.Berkeley.EDU)
21 Mar 1998 19:40:51 GMT


In article <199803210044.TAA09214@jekyll.piermont.com>,
Perry E. Metzger <perry@piermont.com> wrote:
>I'm not sure that U.S. law can legally prohibit you from simply
>putting up strong crypto for open FTP.

Actually, it does (the _constitutionality_ may be questionable, but
it's certainly in the Regulations, which are assumedly backed up by law
at some point). From section 734 of the EAR; note that FTP and WWW are
_specifically_ mentioned (this does not allow non-FTP and non-WWW exports,
though; those are just examples).

# (9) Export of encryption source code and object code software. (i)
# For purposes of the EAR, the export of encryption source code and
# object code software means:
# (A) An actual shipment, transfer, or transmission out of the United
# States (see also paragraph (b)(9)(ii) of this section); or
#
# (B) A transfer of such software in the United States to an embassy
# or affiliate of a foreign country.
# (ii) The export of encryption source code and object code software
# controlled for EI reasons under ECCN 5D002 on the Commerce Control List
# (see Supplement No. 1 to part 774 of the EAR) includes downloading, or
# causing the downloading of, such software to locations (including
# electronic bulletin boards, Internet file transfer protocol, and World
# Wide Web sites) outside the U.S., or making such software available for
# transfer outside the United States, over wire, cable, radio,
# electromagnetic, photooptical, photoelectric or other comparable
# communications facilities accessible to persons outside the United
# States, including transfers from electronic bulletin boards, Internet
# file transfer protocol and World Wide Web sites, unless the person
# making the software available takes precautions adequate to prevent
# unauthorized transfer of such code outside the United States. Such
# precautions shall include:
# (A) Ensuring that the facility from which the software is available
# controls the access to and transfers of such software through such
# measures as:
# (1) The access control system, either through automated means or
# human intervention, checks the address of every system requesting or
# receiving a transfer and verifies that such systems are located within
# the United States;
# (2) The access control system, provides every requesting or
# receiving party with notice that the transfer includes or would include
# cryptographic software subject to export controls under the Export
# Administration Act, and that anyone receiving such a transfer cannot
# export the software without a license; and
# (3) Every party requesting or receiving a transfer of such software
# must acknowledge affirmatively that he or she understands that the
# cryptographic software is subject to export controls under the Export
# Administration Act and that anyone receiving the transfer cannot export
# the software without a license; or
# (B) Taking other precautions, approved in writing by the Bureau of
# Export Administration, to prevent transfer of such software outside the
# U.S. without a license.

   - Ian "at SFO waiting for my 2-hour delayed flight to Canada; good thing
            I kept my Metricom in my carry-on"

-- 
Run this on your export version of netscape 4.04 to enable strong crypto!

#!/usr/bin/perl -0777pi s/ITS:.*?\0/$_=$&;y,a-z, ,;s, {4}$,true,gm;s, 512,2048,;$_/es


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:16:09 ADT