[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Distributing cryptographic code
Greg Broiles <[email protected]> writes:
> [...]
> Also, one person commented within the coderpunks thread:
> >>>>
> A disclaimer would be adeqate protection if I remember correctly.
> I don`t recall what the situation is in the US, is it the case that
> the provider of the information is guilty of export, or the person
> that actually downloads it, if it is available via anonymous FTP???
> <<<<
>
> A disclaimer is not good enough. Both are potentially liable under US law
> (modulo arguments about constitutionality, vagueness, etc). The downloader
> is guilty of an illegal export, and the person who made the software
> available is (using the definition in 15 CFR 734.2) guilty of an export,
> and also has potential liability for conspiracy and/or aiding and abetting,
> depending on the facts of the particular case.
The downloader by definition is restricted by his own national laws
not by US laws. US attempted world policeman attitude does not mean
that US laws apply outside the US, particularly not to non-US citizens
outside the US.
(Yeah, I know tell that to Noriega, but that was simple kidnap).
(The UK has recently introduced a few laws which they claim apply to
UK nationals outside when resident outside UK also... bad trend.)
The counter argument is that say Iraq says that you must not show
pictures of women's faces. Do you similarly honour Iraqs request to
extradite the news media in the US?
Extradition treaties to my understanding tend rely on the crime being
a crime in both countries. For illegality of exporting crypto code on
the Internet the US is largely on it's own. And anyway, I'm
_importing_ crypto, you're exporting it, or at least allowing me to
import it. There are even fewer examples of import restrictions than
of export restrictions.
Personally I would feel no compunction in downloading anything I
choose from any US site on the basis of US laws; they do not apply to
me.
However out of politeness to the operators of the US archives I would
generally not recommend this for the simple reason that it might get
the archive operator in trouble. This is my only consideration.
For a giggle a while back I had a go at downloading Netscape 128 bit
browser using anonymizer.com. Found a handy US zip code, phone number
street address (I used a US bank's, which I found handily on the web).
Damn would've worked too, only it tried to open an SSL session through
anonymizer.com for the download and anonymizer doesn't support SSL
sessions (or didn't then). Bummer :-) So I had to download it from
Alex de Joode's site ftp.replay.com in the Netherlands instead which
was faster anyway.
Self appointed world policemen are fooling themselves if they think
they have any control over bit flow.
Adam
--
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`