1997-01-31 - Re: Complying with the EAR [was: More Circumventing the ITAR]

Header Data

From: Sean Roach <roach_s@alph.swosu.edu>
To: cypherpunks@toad.com
Message Hash: 584d35e97fbfddf280684f00e373c17d79654c5bb63266cf29467777e8879d1e
Message ID: <199701310504.VAA04649@toad.com>
Reply To: N/A
UTC Datetime: 1997-01-31 05:04:34 UTC
Raw Date: Thu, 30 Jan 1997 21:04:34 -0800 (PST)

Raw message

From: Sean Roach <roach_s@alph.swosu.edu>
Date: Thu, 30 Jan 1997 21:04:34 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Complying with the EAR [was: More Circumventing the ITAR]
Message-ID: <199701310504.VAA04649@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:14 AM 1/29/97 -0700, Michael Paul Johnson wrote:
>On Tue, 28 Jan 1997, Mark Rosen wrote:
>
>> 	I'm curious as to exactly what the ITAR/EAR/Whatever says specifically
>> about "unrestricted FTP sites." My program, Kremlin, is available for
>
>You should check the exact text yourself, but the way I read the EAR, you
>are not "exporting" strong cryptographic software without a license (exept
>to Canada, which needs no license) if you do things "such as"
>(1) have the guests to your site acknowledge that the EAR restricts
>export, (2) have the guests affirm that they can legally get the software
>(proper citizenship or residency & location), and (3) "check the address
>of the destination computer to see if it is in the USA" or Canada. The
>last one, I interpret rather loosely to mean that if the guest's email
>address domain isn't one commonly used in the USA or Canada, then I deny
>access. We all know that not all .com addresses are North American, but
>chances are really good that if the address ends in .ru, then the
>destination machine is probably not in North America. This is not a
>perfect way to prevent export, of course, but it is what the regulations
>say, as I read them. For a pointer to the regulations and to my access
>request form and crypto site, see http://www.sni.net/~mpj/crypto.htm
...
An easy crack to that would be to request access from a hotmail, or
similair, account.  This account would show up as being on US soil while the
account holder would not necessarily be so.  In this way, someone with an
account ending in your .ru would get through because h[is/er] e-mail request
originated from inside the U.S.







Thread