1997-01-14 - Re: New US regs ban downloadable data-security software

Header Data

From: Lucky Green <shamrock@netcom.com>
To: Ian Goldberg <risks@CSL.sri.com
Message Hash: bb9280c6b1fff58ef71507801f9f13da2534e5a66a6c611ce5fd11e5c6cd9d08
Message ID: <3.0.32.19970113210258.006ade10@192.100.81.126>
Reply To: N/A
UTC Datetime: 1997-01-14 05:39:11 UTC
Raw Date: Mon, 13 Jan 1997 21:39:11 -0800 (PST)

Raw message

From: Lucky Green <shamrock@netcom.com>
Date: Mon, 13 Jan 1997 21:39:11 -0800 (PST)
To: Ian Goldberg <risks@CSL.sri.com
Subject: Re: New US regs ban downloadable data-security software
Message-ID: <3.0.32.19970113210258.006ade10@192.100.81.126>
MIME-Version: 1.0
Content-Type: text/plain


At 05:45 PM 1/13/97 -0800, Ian Goldberg wrote:
>After _very_ careful reading of the Export Administration Regulations (EAR)
>(though IANAL), it would seem that the above is slightly inaccurate.
[...]
>Therefore, it would seem that, as long as the security software on your ftp
>or WWW site is free of cost, it is OK to keep it there.  Commercial
>security software, however, remains export-restricted.

I concur with Ian Goldberg's careful analysis (thanks, Ian!) that
*freeware* data security software that does not use cryptography is indeed
not covered under the new regs.

Commercial data security software of any kind, regardless if it uses crypto
or not, is however prohibited from being distributed via the Internet or
being exported by any other means. Note that such software was explicitly
exempt from export regulations under the old ITAR. Now it is explicitly
included in the EAR.

I fail to see a rationale behind this change. But then, I fail to see the
rationale behind the entire ITAR/EAR scheme.

As always, IANAL,



-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://www.mersenne.org/prime.htm





Thread