cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1993-09-22 - Re: the $64K question?

Header Data

From: greg@ideath.goldenbear.com (Greg Broiles)
To: cypherpunks@toad.com
Message Hash: 0c6b1968463302b5263e129a282995797428ea8891dbb914e1c768cae7a99540
Message ID: <qsq00B3w164w@ideath.goldenbear.com>
Reply To: <9309220314.AA12039@longs.lance.colostate.edu>
UTC Datetime: 1993-09-22 08:10:15 UTC
Raw Date: Wed, 22 Sep 93 01:10:15 PDT

Raw message

From: greg@ideath.goldenbear.com (Greg Broiles)
Date: Wed, 22 Sep 93 01:10:15 PDT
To: cypherpunks@toad.com
Subject: Re: the $64K question?
In-Reply-To: <9309220314.AA12039@longs.lance.colostate.edu>
Message-ID: <qsq00B3w164w@ideath.goldenbear.com>
MIME-Version: 1.0
Content-Type: text/plain


"L. Detweiler" <uunet!longs.lance.colostate.edu!ld231782> writes:

> *wow* -- we find that (1) `computer software and documentation'
> `related to [verb1,verb2,verb3 ad infinitum] of defense articles' is
> *banned*. but in the same paragraph, (2) `general scientific or
> commonly taught mathematical or engineering principles' are *not*
> banned. Surely, (1) is the clause that Bidzos would claim applies --
> restricting the export of technical data in the form of software.


ITAR seems to contemplate (at least) two different classes of things relevant
here: "defense articles" and "technical data". While RSA and IDEA 
implementations may well escape being technical data by way of the academic 
exemption, they are pretty clearly defense articles.

$121.1 General. The United States Muntions List.

(a) The following articles, services, and related technical data are 
designated as defense articles and defense services pursuant to sections 38 
and 47(7) of the Arms Export Control Act (22 USC 2778 and 2794(7)). Changes 
in designations will be published in the Federal Register.

[ . . .]

(c)

[. . .]
Category XIII - Auxiliary Military Equipment

(b) Information Security Systems and equipment, cryptographic devices, 
software, and components, specifically designed or modified therefore, 
including:

(1) Cryptographic (including key management) systems, equipment, assemblies, 
modules, integrated circuits, components or software with the capability of 
maintaining secrecy or confidentiality of information or information 
systems, except cryptographic equipment of software as follows:
   (long list of narrow applications of crypto deleted, none seem relevant.)
(2) [Crypto systems making use of spread spectrum tech.]
(3) Cryptanalytic systems, equipment, assemblies, modules, integrated 
circuits, components, or software.
(4) [Systems for multiuser security of B2 or better, or certification 
software]
(5) Ancillary equipment specifically designed or modified for paragraphs (b) 
(1), (2), (3), (4), or (5) of this category;

[. . .]


[end of quoted ITAR text]

Sorry if the subdivisions/deleted text there is confusing - will snarf the 
full ITAR text tomorrow, perhaps it'll be more nicely formatted.


--
Greg Broiles
greg@goldenbear.com                     Baked, not fried.

Thread