[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Red Ryder decoder rings declared illegal (fwd)



I apologize if this has already been posted to the list, as I have
been extremely busy the past couple of days and have not had the
luxury of reading every message that has been posted. If this
is old news -- sorry. ,-)

Begin excerpted message ---------------------------

> Subject:      Cu Digest, #5.74 - More on Moby Crypto

------------------------------

Date: Tue, 21 Sep 1993 21:13:17 GMT
From: Grady Ward <[email protected]>
Subject: File 2--NEW State Dept FLASH on Moby Clipper (Grady Ward)

(please edit follow-ups)

In a fresh (to me, stunning) development, the Austin Code Works
received a letter today (Tuesday 9/21/93) from the State Department,
Bureau of Politico Military Affairs, Office of Defense Trade Controls
advising them, in part, of their need to register as an International
Arms Trafficker *even if* their crypto material is intended solely for
*domestic* publication, regardless of whether they are selling
executables, source, descriptions, algorithms of any crypto (and
presumably viral detection) software or documentation, as defined by
ITAR.

This requirement literally implies that a Cereal manufacturer is
required to register as an arms trafficker if it wants to include a
secret de/coder ring in the box, has a cardboard outline of a de/coder
printed on the box, or even a description how to construct or use a
de/coder ring.

Complete text of the letter follows:

(State Department Seal)
United States Department of State

Bureau of Politico-Military Affairs
Office of Defense Trade Controls

Washington, D.C. 20522-0602

AUG 31 1993

Austin Code Works
11100 Leafwood Lane
Austin, TX  78750-3587

Dear Sir:

It has come to the attention of this office that your company is
making cryptographic source code and technical data available
for commercial export claiming a technical data exemption
from the International Traffic in Arms Regulations.
Cryptographic software, including source code, is a munitions
article as defined in 22 CFR # 120.1, category XIII(b).  Further,
the exemptions listed in 22 CFR # 125.4 for technical data do
not apply to cryptographic software and source code.  A valid
Department of State license is required to export cryptographic
source code.  As such, it would be a violation of the
International Traffic in Arms Regulations to export
cryptographic source code without a valid Department of State
export license.

We take this opportunity of advise you that any company or
individual who engages in the United State in the business of
either manufacturing or exporting defense articles or
furnishing defense services is required to register for a fee
with the Office of Defense Trade Controls (DTC) pursuant to 22
U.S.C. # 2778(b)(1)(A) and 22 C.F.R. Part 122.  Furthermore, the
export of such defense articles and related technical data must
be licensed by the Department of State in accordance with 22
U.S.C # 2778(b)(1)(B)(2) and 22 D.F.R. Parts 120-130
(International Traffic in Arms Regulations).  A booklet entitled
"REGISTRATION: The First Step in Defense Trade" is enclosed.

If you are unsure whether an article is on the U.S. Munitions
List, you may send five (5) copies of descriptive literature
about the product and request a commodity jurisdiction
determination from this office according to 22 C.F.R # 120.5 of
the ITAR.

If you have any questions regarding the matters discussed in
this letter, please do not hesitate to contact this office at (703)
875-6650.

Sincerely,

(signed) Clyde G. Bryant, Jr., Chief
Compliance and Enforcement Branch

++++++++++++++++

I guess this means that all FTP sites who implement the GET command
and have anything to do with crypto or viral detection, including
RFCs, overviews or discussions of specific techniques or algorithms,
etc. must be registered as International Arms Traffickers *even if*
they disallow all but domestic FTP connections.

What to do now.

My advice to this new twist of the NSA and State Department regulating
activities *within* the United States is twofold:

(1) GET and FAMILIARIZE yourself with PGP sources or other crypto
options NOW and upload it to your local BBS (if you deem it still
legal for you to do these things) and

(2) Consider supporting the Electronic Freedom Foundation.


PGP sites:

        black.ox.ac.uk          (129.67.1.165)
        src.doc.ic.ac.uk        (146.169.2.1)
        ftp.demon.co.uk         (158.152.1.65)
        ghost.dsi.unimi.it      (149.132.2.1)
        nic.funet.fi            (128.214.6.100)
        soda.berkeley.edu       (128.32.149.19)

Electronic Freedom Foundation
1001 G Street, NW
Suite 950 East
Washington, D.C.  20001
202/347-5400 voice
202/393-5509 FAX
FTP  ftp.eff.org

End excerpted message ------------------------------