From: jim@mentat.com (Jim Gillogly)
Date: Tue, 30 Sep 1997 06:17:16 +0800
To: cypherpunks@toad.com
Subject: Re: Crypto Legality Question
Message-ID: <9709292137.AA18592@mentat.com>
MIME-Version: 1.0
Content-Type: text/plain



Jim Burnes writes:
> ACME corporation, a mostly Canadian outfit with a major
> subsidiary in the US, wants to roll out corporate wide crypto.
> 
> Most of their network operations are in the US except one
> of their offices in Ireland.
> 
> Question (1): Can they buy a strong crypto package in the
> US and physically roll it out to both Canada and Ireland.

I suspect not.  Re-exporting US crypto to Ireland without a license
doesn't make it.  Perhaps the fact that they're only using it within
their company would make it OK, but I'd check with the attorneys.

> Question (2): If Canada is OK, but Ireland is out of the
> question, can Irish employees simply procure a compatible
> strong crypto package from, say, Finland?  This assumes

Very likely.  An American would want to be careful not to give any
Sekrit Data to the furriners, but perhaps the rules are different
for Canadians.

Easier yet, they can buy Canadian-grown strong Crypto from Entrust, for
example, and ship it both to their Irish and U.S. branches.  A guy from
Entrust told me last week that there was some consternation from Ft.
Meade when they first started shipping overseas this year, and after
they were shown the details and legalities they backed off.

	Jim Gillogly
	jim@acm.org