[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Netscape download requirements



Adam Shostack wrote:
> 
> First off, I applaud Netscape for making the US version available for
> download.  All of my comments here should be taken as questioning the
> why's, not suggesting that the implementation is so onerous Netscape
> shouldn't have done it.  Although, you might want to add a link to a
> page decrying the kafka-esque experience; perhaps Matt's 'My life as
> an arms smuggler?'
> 
> My question is, under what lawful authority would you release the
> data?  The ITARs don't seem to contain anything special, so would you
> hand out lists on a subpeona?  Individual names on a subpeona?  Lists
> on a warrant?

  This is from our US download FAQ at
http://home.netscape.com/eng/US-Current/faq.html

	The information users provide when applying to download the 128-bit
	encryption software is used ONLY to verify eligibility. The U.S.
	government requires Netscape to maintain a log of software downloads
	should they deem it necessary under court order, to use this
information
	in their investigations of illegal use or misrepresentation of
	information. 

  If law enforcement got a court order to get the entire list, we would
fight it in court as being over broad.

> Incidentally, they seem to be doing a credit check sort of
> verification; I gave a decade old address, and it worked fine.  I feel
> free to do this because I'm legally entitled to download strong crypto
> software, and see no need to hand out my unlisted phone number in
> doing so.

  We are not doing any type of credit check.  We are doing some address
verification using local databases, so these queries don't go into
anyones tracking database.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
[email protected] - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.