Re: crypto restrictions

["Timothy C. May" <tcmay@got.net>]

At 11:51 AM -0800 2/14/97, anand abhyankar wrote:
>Jeremiah A Blatz wrote:
>
>thanx for ur answer but then i have another question.
>
>1) is it illegal to develop an encryption tool (s/w) outside the US
>which uses > 40 bit size session keys and then import that s/w inside of
>the US.

There are no import restrictions at this time. The IDEA cipher, for
example, was developed in Europe and U.S. developers can import it and put
in products.

However, once imported it becomes controlled for export again!

Also, it may be a violation of the EAR regs to deliberately seek to bypass
the export laws by arranging for foreign development of a module which is
then "dropped in" when the product is shipped outside the U.S. It may also
be illegal to include "software hooks" for crypto modules to be attached to.

Exactly how far one can go, or what it might take to trigger a government
prosecution for such actions, is unclear. The laws are not very precise,
and court precedents are lacking.

(There are many wrinkles here; you seem to have a lot of questions, which
is good. However, it is best for you to read a comprehensive article on
these issues--use a Web search engine to find the latest versions.)

--Tim May

Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."