From: “Perry E. Metzger” <perry@piermont.com>
To: cypherpunks@toad.com
Message Hash: f222c7e62ff125e8e185447f27fd39fb015e2b11ea95f1b9e86e2b2311fa6ec7
Message ID: <199601120242.VAA19147@jekyll.piermont.com>
Reply To: N/A
UTC Datetime: 1996-01-12 02:42:52 UTC
Raw Date: Thu, 11 Jan 96 18:42:52 PST
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 11 Jan 96 18:42:52 PST
To: cypherpunks@toad.com
Subject: legal question
Message-ID: <199601120242.VAA19147@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain
A question for our local attorneys.
There have been several times in the past where people have questioned
whether cryptographic hash functions like SHA and the like are
exportable under the ITAR?
In a joint declaration of facts not in dispute as part of Karn
v. State Department, the following was agreed by the government:
(see http://www.qualcomm.com/people/pkarn/export/karnsf.html)
34. Three of the source code listings on the diskette and in Part
Five of the Applied Cryptography book, MD-5, N-HASH, and SHS
are "hashing routines" that perform a data authentication
function and, by themselves, are not controlled for export
under the ITAR because cryptographic software that is solely
limited to a data authentication function is excluded from
Category XIII(b) of the United States Munitions List. See 22
C.F.R. 121.1 XIII(b)(vi).
Would this not mean that the government is estopped from ever again
claiming that hash functions are export controlled under the ITAR?
Just curious as to whether or not things have been made more clear...
Perry
PS they also admit in the same declaration to having broken Enigma in
WWII. A shocking revelation.
Return to January 1996
Return to ““Perry E. Metzger” <perry@piermont.com>”
1996-01-12 (Thu, 11 Jan 96 18:42:52 PST) - legal question - “Perry E. Metzger” <perry@piermont.com>