[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Exporting Code the Easy Way

In <[email protected][]>, on 01/28/98 
   at 01:46 AM, Tim May <[email protected]> said:

>At 9:44 PM -0800 1/27/98, Alan Olsen wrote:
>>At 07:26 PM 1/26/98 -0800, Tom Weinstein wrote:
>>>Don't hold your breath.  We're still bound by US export regulations, so
>>>we won't be able to export crypto-relevant source code.  We'll release what
>>>we can, but you probably won't be satisfied.
>>>Of course, there's always the option for some enterprising individuals
>>>outside the US to replace the missing pieces.
>>Or you could just publish the source code in a big book...  ]:>

>Or even easier option:

>Dispense with the actual scanning and OCRing and simply _say_ the code
>was OCRed. Or, for that matter, don't even bother to say. U.S. Customs
>and the ITARs/EARs have no provisions for asking international users if
>the version they are using was compiled from source code printed in

>(This was my recommended approach for the PGP job...use the code off the
>CD-ROM, carried out in someone's luggage or mailed or sent over the Net,
>and then _say_ the OCRing was done....it's not as if U.S. Customs has any
>authority to question someone in Amsterdam or Denmark and demand proof
>that they really spent those hundreds of hours laboriously scanning and
>OCRing and proofreading....)

>Why do things the hard way?

>Seriously, when the code people use internationally is used, just who the
>hell cares whether it was ever scanned from a book or not? That only
>affects the issue of _export_, which is mooted anyway by the utter
>triviality of exporting software on CD-ROMs, DATs, through the mail, via
>FedEx and Airborne, through remailers, and on and on and on. Nobodu using
>"PGP International Version" has to worry one whit, no pun intended, about
>whether the code came from an original PGP distribution, or source code
>scanned and OCRed, so long as it checks out properly.

I think that this was a legal decision by PGP, Inc. not out of concern by
the people doing the scanning overseas. I believe that they were trying to
sheild themselves from another lenghty court battle with the Feds but
still be able to make the source code available.

Unfortunatly PGP is nolonger the product of crypto-anarchists but is now
owned by the "suits" who tend to tread lightly in such matters
(shareholders realy don't care about crypto-anarchy principles unless
there is financial gain in doing so).

William H. Geiger III  http://users.invweb.net/~whgiii
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/pgpmr2.html                        
Tag-O-Matic: "640K ought to be enough for anybody." - Bill Gates, 1981