[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: software with "hooks" for crypto
At 02:31 PM 4/2/96 -0800, you wrote:
>Hello all,
>
>I'm trying to figure out exactly what the laws are regarding the export of
>software which contains "hooks" for PGP. In various forms, I've heard
>that it's not the ITAR which prevents this, but more a "suggestion" by
>the NSA that we "shouldn't do it." Does anyone have any pointers to
>real legislation/laws regarding this?
There are a number of "PGP Helpers" (If this is Tuesday, it must be PGP) out
there. These are other PGP front end applications such as Private Idaho,
PGPShell and others that do NOT include PGP, nor do they contain any
encryption code within them. These applications are all billed as "freely
exportable". If your software does not contain any encryption code, such
that it simply "invokes" the users separately-obtained-and-installed copy of
PGP, you are not in violation of ITAR. It sounds like this is what you're
doing with your "hooks for PGP".
I would recommend you visit a couple of these helper application sites and
check out what their authors say about the exportability of their code. You
might ask them if they have encountered any legal difficulties because their
code is advertised as freely exportable. Private Idaho is available at
www.eskimo.com/~joelm and (rats) you'll have to hunt PGPShell down yourself.
If you actually include the RSA algorithms, the IDEA algorithm, or any
"cryptographic" code in your software, then yes, you could get in trouble
for exporting it.
Again, remember that I'm not a lawyer and that any legal advice you get from
anyone on the net is worth exactly what you pay for it.
-j, is anyone else finding it harder to say the "Pledge of Allegiance" to
this country these days?