From: attila <attila@primenet.com>
Date: Fri, 24 Nov 1995 23:59:44 +0800
To: sameer <sameer@c2.org>
Subject: "lack" of export control rules
In-Reply-To: <199511240523.VAA03642@infinity.c2.org>
Message-ID: <Pine.BSD.3.91.951124054104.12402A-100000@usr4.primenet.com>
MIME-Version: 1.0
Content-Type: text/plain



On Thu, 23 Nov 1995, sameer wrote:

 a> The feds have never established a general policy.
 a> 

    in other words, business as usual with the Feds. If there is no "book"
on what is or is not legal v/v ITAR, and the agency responsible will not
communicate, it empirically says:  "...well, be reasonable to meet the
intent of the law, but we will not tell you what is really expected;
however, if, in the futute, we decide what we really want, we will bust
you if you did not fully comply despite your good intentions --and, if
that does not fly, we'll charge you with conspiracy...." 

    having been down the road a couple times including being charged with 
technology export for things which are essentially combinations of common 
knowledge, if nothing else works for the Feds, conspiracy will --and it 
carries the same penalties as the "crime" itself.  No small wonder the 
Europeans, including the British, laugh at our "legal" system.

 a> > if a solid (or reasonably accurate given the feds refusal
 a> > to put anything in writing) FAQ can be assembled, it would be worth
 a> > posting as a resource.
 a> >
 a> >     I had thought the feds were requiring that you at least verify the
 a> > address of the party requesting the code --at least as far as screening
 a> > out the obvious ones like .uk or .de and the like --which is far from
 a> > foolproof.  There has been mention someplace that they also expect some
 a> > screening by verifying numbers, not just names.
 a> >
 a> >     I guess the real question, just how much checking do they expect?
 a> > checking for country domains is easy enough, and the 'foolers' in 
 a> > .edu group can be listed, but there are plenty of other deceptions 
 a> > if you control the machine since communication inevitably works by 
 a> > the numbers which is a whole new ball of wax.
 a> >
 a> > On Tue, 21 Nov 1995, sameer wrote:
 a> >
 a> > > #!/bin/sh 
 a> > > umask 022
 a> > > DIRNAME=`cat $HOME/.usonlydir`
 a> > > NEWDIRNAME=`/usr/local/bin/pseudo-random | /usr/local/bin/md5sum`
 a> > > cd /u1/ftp/pub/US-only
 a> > > mv I_will_not_export_$DIRNAME I_will_not_export_$NEWDIRNAME
 a> > > cd ..
 a> > > sed -e "s/$DIRNAME/$NEWDIRNAME/" < README.US-only > README.new
 a> > > mv README.new README.US-only
 a> > > echo $NEWDIRNAME > $HOME/.usonlydir
 a> >