[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New US regs ban downloadable data-security software



At 05:45 PM 1/13/97 -0800, Ian Goldberg wrote:
>After _very_ careful reading of the Export Administration Regulations (EAR)
>(though IANAL), it would seem that the above is slightly inaccurate.
[...]
>Therefore, it would seem that, as long as the security software on your ftp
>or WWW site is free of cost, it is OK to keep it there.  Commercial
>security software, however, remains export-restricted.

I concur with Ian Goldberg's careful analysis (thanks, Ian!) that
*freeware* data security software that does not use cryptography is indeed
not covered under the new regs.

Commercial data security software of any kind, regardless if it uses crypto
or not, is however prohibited from being distributed via the Internet or
being exported by any other means. Note that such software was explicitly
exempt from export regulations under the old ITAR. Now it is explicitly
included in the EAR.

I fail to see a rationale behind this change. But then, I fail to see the
rationale behind the entire ITAR/EAR scheme.

As always, IANAL,



-- Lucky Green <mailto:[email protected]> PGP encrypted mail preferred
   Make your mark in the history of mathematics. Use the spare cycles of
   your PC/PPC/UNIX box to help find a new prime.
   http://www.mersenne.org/prime.htm