[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crypto Legality Question

Will Rodger <[email protected]> writes:
> At 01:25 PM 9/29/97 +0000, Jim Burnes wrote:
> >
> >ACME corporation, a mostly Canadian outfit with a major
> >subsidiary in the US, wants to roll out corporate wide crypto.
> >
> >Most of their network operations are in the US except one
> >of their offices in Ireland.
> >
> >Question (1): Can they buy a strong crypto package in the
> >US and physically roll it out to both Canada and Ireland.
> Nope. Though Canada allows export of strong crypto generally, 
> Canadians may not re-export US products once they enter the country.

This is not the way I understand it.

You can re-export strong crypto from Canada, you just have to inform
the appropriate Canadian government department that you have done so.

So procedure is: 1) import software from US, 2) write appropriate
Canadian export department telling "I'm going to export blah to xyz
corp offices in Ireland", 3) export it.

That is, there is a loop-hole, you don't have to ask permission for
export, you just have to inform them you're going to do it.  (You
might want to check this out with a Canadian lawyer familiar with the
rules, and loop-holes).

So you informed them.  They can't do anything about it.  They won't
like it, but they don't have to.

I'm told Kerebos was exported by this route.  US -> Canada -> UK.
100% legally.

Now officially an EAR violation...
Have *you* violated EAR today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\[email protected]{$/=$z;[(pop,pop,unpack"H*",<>