Re: Pgp in Europe

["Ian Farquhar" <ianf@sydney.sgi.com>]

On Dec 19,  3:56pm, L. McCarthy wrote:
> The U.S. govt. doesn't want you to get PGP from the U.S., but you are
> (presumably) not a U.S. resident or citizen, so U.S. laws don't apply to you.
> As long as _Swedish_ law doesn't bar you from importing strong cryptography
> into Sweden, you can grab PGP from wherever you like.

As has been discussed many times before, it is not that clear cut.  Legal
opinion I have gotten said that the US government would almost certainly
consider its laws violated if a "foreign national" fetched a piece of ITAR
controlled software from a US site, although it's ability to prosecute
would be limited _until_that_individual_entered_US_territory_.

That's a big gotcha, folks.  Let's not forget Phil Z's recent experience
with US customs.

The legal opinion I have gotten also suggested that traffic passing through the
US (but not having a source or destination with that legal juristiction)
is a very grey legal area, and even might depend on whether the signal
travelled via satellite or cable (there might even be loopholes if it went
over US territory - via a satelite link - rather than travelling through it
via landlines.)  Non-deterministic routing also would make it difficult
to prosecute, although the fact that they are investigating Phil for writing
the software makes me wonder just how much reality is involved in their
decision to proceed with legal action.

I personally would be extremely cautious about fetching anything from another
country unless that country specifically allowed export of crypto software.
Fortunately, most European countries do, and there are several good crypto
sites there.

							Ian.

#include <std.disclaimer>  "I speak only for myself."