US revises crypto regulations in your favor--mostly don't notice.

To: debian-legal@lists.debian.org
Subject: US revises crypto regulations in your favor--mostly don't notice.
From: Sam Hartman <hartmans@mit.edu>
Date: Tue, 18 Jun 2002 09:43:24 -0400
Message-id: <[🔎] tsly9dcu2gz.fsf@konishi-polis.mit.edu>

I see two interesting things in these revisions:

1)  The NSA got an email address so we could stop sending them paper mail if we  think that would reduce effort we spend processing crypto.

2) We could now have crypto source code in non-free.  I think we could
     probably also have binary packages containing crypto in non-free,
     but I'm not sure.  Honestly I have no desire to spend effort on
     crypto-in-non-free; just don't see the benefits.


Quoting the revised EAR section 740.13(e)(5)

    (5) Notification requirement. You must provide BIS written
    notification of the Internet location (e.g., URL or Internet address)
    of the source code or a copy of the source code by the time of export.
    Submit the notification by email to BIS at crypt@bis.doc.gov, and
    provide a copy of the notification to the ENC Encryption Request
    Coordinator at enc@ncsc.mil.

--- Begin Message ---

To: cryptography@wasabisystems.com
Subject: US Mass Market Crypto Exportable
From: John Young <jya@pipeline.com>
Date: Thu, 06 Jun 2002 08:11:52 -0700
Message-id: <E17Fw95-0004F9-00@hall.mail.mindspring.net>

The US Bureau of Industry and Security published today:

  http://cryptome.org/bis060602.txt  (108KB)

Revisions and Clarifications to Encryption Controls in the Export
Administration Regulations--Implementation of Changes in Category 5,
Part 2 (``Information Security''), of the Wassenaar Arrangement List of
Dual-Use Goods and Other Technologies

SUMMARY: This rule amends the Export Administration Regulations (EAR)
to reflect changes made to the Wassenaar Arrangement List of dual-use
items, and to update and clarify other provisions of the EAR pertaining
to encryption export controls. Consistent with the Wassenaar changes,
Note No. 3 (``Cryptography Note'') to Category 5--part II (Information
Security) of the Commerce Control List (CCL) is amended to allow mass
market treatment for all encryption products, including products with
symmetric algorithms employing key lengths greater than 64-bits, that
previously were not eligible for mass market treatment. As a result,
for the first time, mass market encryption commodities and software
with symmetric key lengths exceeding 64 bits may be exported and
reexported to most destinations without a license under Export Control
Classification Numbers (ECCNs) 5A992 and 5D992, following a 30-day
review by the Bureau of Industry and Security (BIS) (formerly the
Bureau of Export Administration (BXA)). In addition, this rule, for the
first time, allows equipment controlled under ECCN 5B002 to be exported
and reexported under License Exception ENC. For all other information
security items, including encryption source code that would be
considered publicly available, this rule updates and clarifies existing
notification, review, licensing and post-export reporting requirements.
Restrictions on exports and reexports of encryption items to terrorist-
supporting states (Cuba, Iran, Iraq, Libya, North Korea, Sudan and
Syria), their nationals and other sanctioned persons (individuals and
entities) are not changed by this rule.

DATES: This rule is effective June 6, 2002.



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com

--- End Message ---

Reply to:

Prev by Date: Re: GNU FDL 1.2 draft comment summary posted, and RFD
Next by Date: Re: AW: Licesing question regarding a new package named isdn2h323
Previous by thread: Re: AW: Licesing question regarding a new package named isdn2h323
Next by thread: [no subject]
Index(es):
- Date
- Thread