From: greg@ideath.goldenbear.com (Greg Broiles)
To: cypherpunks@toad.com
Message Hash: 0c6b1968463302b5263e129a282995797428ea8891dbb914e1c768cae7a99540
Message ID: <qsq00B3w164w@ideath.goldenbear.com>
Reply To: <9309220314.AA12039@longs.lance.colostate.edu>
UTC Datetime: 1993-09-22 08:10:15 UTC
Raw Date: Wed, 22 Sep 93 01:10:15 PDT
From: greg@ideath.goldenbear.com (Greg Broiles)
Date: Wed, 22 Sep 93 01:10:15 PDT
To: cypherpunks@toad.com
Subject: Re: the $64K question?
In-Reply-To: <9309220314.AA12039@longs.lance.colostate.edu>
Message-ID: <qsq00B3w164w@ideath.goldenbear.com>
MIME-Version: 1.0
Content-Type: text/plain
"L. Detweiler" <uunet!longs.lance.colostate.edu!ld231782> writes:
> *wow* -- we find that (1) `computer software and documentation'
> `related to [verb1,verb2,verb3 ad infinitum] of defense articles' is
> *banned*. but in the same paragraph, (2) `general scientific or
> commonly taught mathematical or engineering principles' are *not*
> banned. Surely, (1) is the clause that Bidzos would claim applies --
> restricting the export of technical data in the form of software.
ITAR seems to contemplate (at least) two different classes of things relevant
here: "defense articles" and "technical data". While RSA and IDEA
implementations may well escape being technical data by way of the academic
exemption, they are pretty clearly defense articles.
$121.1 General. The United States Muntions List.
(a) The following articles, services, and related technical data are
designated as defense articles and defense services pursuant to sections 38
and 47(7) of the Arms Export Control Act (22 USC 2778 and 2794(7)). Changes
in designations will be published in the Federal Register.
[ . . .]
(c)
[. . .]
Category XIII - Auxiliary Military Equipment
(b) Information Security Systems and equipment, cryptographic devices,
software, and components, specifically designed or modified therefore,
including:
(1) Cryptographic (including key management) systems, equipment, assemblies,
modules, integrated circuits, components or software with the capability of
maintaining secrecy or confidentiality of information or information
systems, except cryptographic equipment of software as follows:
(long list of narrow applications of crypto deleted, none seem relevant.)
(2) [Crypto systems making use of spread spectrum tech.]
(3) Cryptanalytic systems, equipment, assemblies, modules, integrated
circuits, components, or software.
(4) [Systems for multiuser security of B2 or better, or certification
software]
(5) Ancillary equipment specifically designed or modified for paragraphs (b)
(1), (2), (3), (4), or (5) of this category;
[. . .]
[end of quoted ITAR text]
Sorry if the subdivisions/deleted text there is confusing - will snarf the
full ITAR text tomorrow, perhaps it'll be more nicely formatted.
--
Greg Broiles
greg@goldenbear.com Baked, not fried.
Return to September 1993
Return to “Timothy Newsham <newsham@wiliki.eng.hawaii.edu>”