1997-01-17 - Re: New US regs ban downloadable data-security software

Header Data

From: Bill Stewart <stewarts@ix.netcom.com>
To: proff@iq.org
Message Hash: 8df42e115cc21cce374c8a4a6dcd7fe1d9557340e270ce2f25ace55a3a291d26
Message ID: <3.0.1.32.19970116091533.0062ece0@popd.ix.netcom.com>
Reply To: N/A
UTC Datetime: 1997-01-17 01:36:19 UTC
Raw Date: Thu, 16 Jan 1997 17:36:19 -0800 (PST)

Raw message

From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 16 Jan 1997 17:36:19 -0800 (PST)
To: proff@iq.org
Subject: Re: New US regs ban downloadable data-security software
Message-ID: <3.0.1.32.19970116091533.0062ece0@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:53 AM 1/15/97 +1100, proff@suburbia.net wrote:
>If you read ITAR you will see that State explicity bans export of any
>operating system with a security rating of B2 or above.
>The adgenda is pretty obvious.

Actually, it's less obvious than that :-)
The only way to get a security rating of B2 or above (or even D or above)
is to submit your operating system for rating by the NCSC, which is
a long, expensive process even for C2.  By the time you get to B2,
you're dealing with products that may have real-world uses but are
primarily designed specifically for the military market. 
One of the sensitivities, besides keeping Scary Foreigners from getting
Real Operating Systems, is that it makes it easier for the Scary
Foreigners to look for any bugs the NCSC may have missed and understand
any other weaknesses that the products may have which would let them
break into US Military or Intelligence Agency systems.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
#     (If this is a mailing list, please Cc: me on replies.  Thanks.)






Thread