[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: crypto (semi-)export issue



  [email protected] (Mike McNally)  writes:

> Isn't it the case that there are loopholes or explicit exceptions in
> crypto export regulations that allow American businesses to supply
> their overseas operatives with tools for secure communication back
> home?  We were discussing today some stuff about our web server, and
> there's some desire to provide secure access for our sales people to
> internal junk.  Nobody was sure whether it'd be OK for our people in
> the Evil Empire (Europe) to have the 128-bit-RC4 Netscape for that
> purpose.


At the December NIST Key Escrow/GAK export meeting, Mike Nelson said that
there are rules that allow US companies to "easily" export strong encryption
to their overseas operations. The important (key :-) idea
is that the export is to protect the corporate assetts of US companies.

He seemed to imply that exporting, say PGP, for internal corporate use
was fine and easily done.

Other folks later claimed that this wasn't quite as easy as he claimed.

For more, see, http://www.isse.gmu.edu/~pfarrell/nist/pdf.nist2.html

Pat

Pat Farrell    Grad Student      http://www.isse.gmu.edu/students/pfarrell
Info. Systems & Software Engineering, George Mason University, Fairfax, VA
PGP key available on homepage               #include <standard.disclaimer>