1997-01-29 - Re: More Circumventing the ITAR

Header Data

From: Anil Das <das@sgi.com>
To: cypherpunks@toad.com
Message Hash: cf82216d16fca1c23d342748e3dad80a5e107f0f983db6889bdcec6ea58bacf8
Message ID: <199701290926.BAA25555@toad.com>
Reply To: N/A
UTC Datetime: 1997-01-29 09:26:00 UTC
Raw Date: Wed, 29 Jan 1997 01:26:00 -0800 (PST)

Raw message

From: Anil Das <das@sgi.com>
Date: Wed, 29 Jan 1997 01:26:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: More Circumventing the ITAR
Message-ID: <199701290926.BAA25555@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Mark Rosen wrote:
> 
>         I'm curious as to exactly what the ITAR/EAR/Whatever says specifically
> about "unrestricted FTP sites." My program, Kremlin, is available for
> download at the web page below. On my web page, I have some stuff in bold
> print that informs about the ITAR and tells people to go away if they're
> not from the US or Canada. Does this count as an unrestricted FTP site?
> It's not all that much different from what MIT has up for PGP.

	What you need to do to provide FTP access to crypto
software is spelled out in the EAR regulations. Here is a
summary. I am not a lawyer.

1) Users (downloaders) should be asked to answer some
questions to indicate that:

	They are aware of the crypto export regulations.
	They and their computers are in the US/Canada.
	They intend to follow the the crypto export regulations
		and not export the software they download.
	They are US persons as defined in the EAR regulations.

2) The server should check that the client site requesting the
download is in the US or Canada.

In other words, just displaying a warning is not enough.

>         Also, back to the question of registration numbers. A registration number
> is just a string of letters and numbers, and is essentially the same as a
> friendly letter; it contains no cryptographic code. For all anyone knows, I
> could just be charging for pseudo-random numbers, again, nothing of
> cryptographic significance. Is it illegal for me to mail someone outside of
> the US or Canada a registration code? Thanks for any help.

	I wouldn't try to circumvent the regulations by trying
to follow the letter of the law while ignoring its spirit. You
don't have to be convicted of a crime to make life a lot difficult.
Ask Phil Zimmerman, who never even uploaded pgp to the Internet.

--
Anil Das






Thread