From: jbaber@mi.leeds.ac.uk
Date: Tue, 24 Oct 95 04:04:50 PDT
To: aba@atlas.ex.ac.uk
Subject: Re: crypto export from the UK
Message-ID: <208.9510241158@misun2.mi.leeds.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain


Adam <aba@atlas.ex.ac.uk> writes:
> Jon Baber <jbaber@mi.leeds.ac.uk> writes: 
> > I believe that the laws regarding the export of crypto from the UK are
> > very similar to the ITAR regs in the US.
> 
> I thought they were markedly different!
> 
> I always understood there were NO restrictions on crypto export,
> import or use to western countries.  There used to be COCOM agreements
> which said that you should get approval to send commercially produced
> crypto to some blacklisted countries (Iraq, etc).  I also read that
> the COCOM restrictions did not claim to apply to free software.

I think that it was the COCOM restrictions that I was thinking about. The
blacklist was fairly large (including the USSR) and I believe that it did apply
to software (although I do not know about free software).

> Anyway, I read that the COCOM agreement has expired, so none of this
> applies anymore, even.

Now this I did not know. Do you know when it expired and why it was not renued?
We must still have some export restrictions for Munitions does this no-longer 
cover crypo?

> > However our Government seems to take the view that putting crypto
> > software on the net is not exporting it, the exporting is done
> > whenever anyone from an export restricted country downloads the
> > software and is done by them rather than by the person who made the
> > software available.

> I also have heard this.

I can not remember where I heard this though. I don't suppose you know whether
this was an official policy statement or just a comment like 'well it may technically be illegal but we would hold the downloader liable rather than the
supplier'?

> I think he would be safe emailing it, putting it on the WWW, or
> posting it to USENET.  There are no selective access restrictions on
> *any* crypto ftp/http sites that I know of in the UK (like various
> ones in the US which make a sho of enforcing the export restriction by
> not allowing export to non-US domain names.)
> 
> Adam

I do not know of any crypto sites in this country with access restrictions but
I would still probably make any software available via the WWW or an FTP site
(or maybe post it to USENET via a host in this country) rather than actively
mail it abroad... but then again I am paranoid (at least it does not involve
shipping larges pipes out of the country).

Jon
jbaber@mi.leeds.ac.uk
http://www.chem.surrey:80/~ch02jb/