1995-11-24 - Re: real life problems with ITAR (was Spam the Sign!)

Header Data

From: aba@atlas.ex.ac.uk
To: cypherpunks@toad.com
Message Hash: f849eb45d2a96b94cb81f4acf57f937f2d4d6cce29e2e42f39cb23e4109b132c
Message ID: <604.9511240945@exe.dcs.exeter.ac.uk>
Reply To: N/A
UTC Datetime: 1995-11-24 10:02:04 UTC
Raw Date: Fri, 24 Nov 1995 18:02:04 +0800

Raw message

From: aba@atlas.ex.ac.uk
Date: Fri, 24 Nov 1995 18:02:04 +0800
To: cypherpunks@toad.com
Subject: Re: real life problems with ITAR (was Spam the Sign!)
Message-ID: <604.9511240945@exe.dcs.exeter.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain



Attila <attila@primenet.com> writes:
>    On Thu, 23 Nov 1995, jim bell wrote: 
>  
> > [US companies hiring non-US programmers to avoid ITAR]
> 
>     <attila sez>  I think they have that one covered --not only is it 
> violation of ITAR's intent to send a programmer out of the U.S., but is 
> illegal to hire a foreign national to program for your non-U.S. products.

Having your company legally based outside the US, with just a US
office (on paper) would seem to get around this.  If all your code is
shipped from Sun Corp, Russia (and actually you get CDs in the mail
from Russia literally if you order software from them), then it would
seem to avoid the problem.  They'd probably have to make sure that no
programming at all occured in the US otherwise they'd be susceptible
to the claim that they were violating ITAR by their US development
team exporting software with a hole for crypto to their main
development team in Russia.

Multinationals could juggle that much easily.

The other problem is that multi-nationals don't like stepping on the
govts toes, because the govt might retaliate by not buying Sun, or Sun
mysteriously losing contracts.  Sound right?

>     the test is going to be with someone like Sun who "bought" a group of 
> Russian crypto programmers and left them in Russia.  Now, the problem 
> with ITAR is that if you import that code, you can not then export the 
> code since it is now covered by ITAR.

However this is the real problem, the don't want crypto no matter
what.  They'll do their damnest to stop it by whatever means: legal or
illegal, monetary pressure, threats, FUD, overbroad ITAR, selective
enforcement, etc.

>     secondly, it appears there is a move afoot to make it an ITAR 
> violation to hire the foreign nationals to circumvent ITAR --basically, 
> the Feds want to stop cryptography _everywhere_, including telling 
> Russians they can not work for U.S. companies!  Just where do they think 
> they are getting off?
> 
>     then, when ALL hitech moves out of the U.S. and the DoD needs us, we 
> will not be here, will we?

Something that is puzzling me is how DigiCash is doing.  Their
software I think is ITAR regulated (or would be if it were shipped
from a US ftp site).  OK, so they get around it by shipping their
software from Digicash, Bv, Netherlands.

But, somewhere on their pages it mentions that: "Digicash, Bv is a
wholly owned subsidiary of Digicash" (which *is* based in the US).

Does that make them a counter example who is currently getting away
with it?  Just to complicate things further David Chaum is a US
citizen, right?  Maybe he himself is ok because he doesn't write the
code himself, the digicash development team does.  Is Digicash (US)
hiring (collectively) Digicash, Bv if it is a wholly owned subsidiary,
in US legal terms?

Reckon the long term message is for companies to just pull out of the
US.  Moving to a suitable jurisdiction would be possible for Netscape,
and would be a coool blow against ITAR.

Adam






Thread