[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crypto Legality Question

Hash: SHA1

At 01:25 PM 9/29/97 +0000, Jim Burnes wrote:
>I have a theoretical situation which some person or
>lawyer might know the answer to.  (not that lawyers are
>not people...oh never mind).
>ACME corporation, a mostly Canadian outfit with a major
>subsidiary in the US, wants to roll out corporate wide crypto.
>Most of their network operations are in the US except one
>of their offices in Ireland.
>Question (1): Can they buy a strong crypto package in the
>US and physically roll it out to both Canada and Ireland.

Nope. Though Canada allows export of strong crypto generally, 
Canadians may not re-export US products once they enter the country.

>Question (2): If Canada is OK, but Ireland is out of the
>question, can Irish employees simply procure a compatible
>strong crypto package from, say, Finland?  This assumes
>that the message traffic from the Irish office to the US is
>not covered by commerce dept regs, just the export of
>software.  Since software isnt being exported, is everything

Yup. As you could imagine, US export laws are set up to try to avoid 
such compatibility whenever possible. This is also a reason why PGP 
Inc.'s recent shift to crypto services and away from relying on 
crypto sales exclusively is a relatively big deal. If everyone has 
the software, PGP Inc. can provide services to those folks a lot more 
easily. PGP 5.0, of course, is out there on the Net for the taking 


Will Rodger
Washington Bureau Chief
[email protected] Week
Version: PGP for Personal Privacy 5.0
Charset: noconv