From: me@muddcs.cs.hmc.edu (Michael Elkins)
Date: Wed, 3 Apr 1996 15:28:10 +0800
To: cypherpunks@toad.com
Subject: software with "hooks" for crypto
Message-ID: <199604022231.OAA10821@muddcs.cs.hmc.edu>
MIME-Version: 1.0
Content-Type: text/plain


Hello all,

I'm trying to figure out exactly what the laws are regarding the export of
software which contains "hooks" for PGP.  In various forms, I've heard
that it's not the ITAR which prevents this, but more a "suggestion" by
the NSA that we "shouldn't do it."  Does anyone have any pointers to
real legislation/laws regarding this?

Also, since we all know that our gov't thinks it perfectly legal to export
source code in hardcopy form (albeit with a license, right?) I was wondering...
I've written a Unix e-mail client which contains support for PGP/MIME and
also a front end for mixmaster.  Right now I basically reap all the "bad"
code before I distribute it (at _least_ 50% of my testers are outside the
US).  However, this has been annoying for those users because they want
to be able to use the PGP support (so do I!).  So, what I'm wondering is
what the laws are regarding snail-mailing source code to these people.
The actually pgp/remailer stuff isn't more than a few pages of code, which
could easily be transcribed or scanned in with OCR software.  Would I
have to get a "license for export" in order to send the code outside the
US?

It's worth the $1.00 it would cost to do this if it really is legal...

me
--
Michael Elkins <me@cs.hmc.edu>			http://www.cs.hmc.edu/~me
PGP key fingerprint = EB B1 68 32 3F B5 54 F9  6C AF 4E 94 5A EB 90 EC