[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: itar question
At 05:08 PM 9/11/95 -0400, you wrote:
>If I create a set of patches to a PD or GNU software package (i.e. telnetd,
>httpd) to support encryption (in particular SSL), can i put the patches up
>on an ftp site, Or would i be in violation of itar, and therefore risk
>getting hauled off by the feds? (i'm a us citizen living/working in the
>states).
If you create them in the states, and export them, and they contain crypto,
you can be busted and convicted.
If you put them on an ftp site without preventing or at least discouraging
foreigners from accessing them, you can be busted, but you've at least got
a potentially interesting court case about freedom of speech and the press,
etc.,
for which you will need _very_ good lawyers unless either
a) Phil Zimmermann gets indicted and acquitted first or b) you don't mind
losing.
If you do b) before Phil gets his day in court (as opposed to his
months and months of grand jury), you risk creating a precedent that
can help the Bad Guys convict him.
If you create them in the states, and they contain hooks to call crypto,
but don't actually contain the crypto themselves, then there's a question
of whether they are components of a munition or technical data therefor,
or whether they're just code that calls subroutines named "SSL_init()",
"DES()", "RSA()", etc., which is behavior that's at least been threatened
with FUD,
but may be defendable in court. Your case is definitely stronger if your
code is public domain (by the ITAR definitions, which are rather different
than the copyright-related definitions), and of course if it's part of a working
system of purely non-munitions code that just happens to have routines like
"Do_Everything_Slowly()", "Reliability_Supporting_Algorithm(), and
"SUPDUP_Simulation_Library" -- might even be fun to write a library like that,
though I suppose certain companies might be upset if you called your
Really_Special_Arithmetic library RSAREF :-)
#---
# Bill Stewart, Freelance Information Architect, [email protected]
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---