[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

US crypto export regs (was Re: Use of Debian For Non-Profits)



on Wed, Aug 06, 2003 at 07:13:34AM -0400, James M. Nugent (JamesMNugent@covad.net) wrote:
> Hello,
> 
> I work with a non-profit in N. Virginia (Computer CORE) that provides
> refurbished computers to low-income adults and other non-profits that
> use them for various applications. We're currently working with a
> church group that wants to distribute out old P-I systems to Liberia.
> Normally we would have them buy $5 versions of Win 98 which we would
> install on the systems, but they're not in a position to spend the
> $160 to do this. We're trying to find a version of Linux that we could
> install, but we are being told that we can't export systems with
> current encryption. Do you have a version of Linux with 56-bit
> encryption that we could obtain?

This is my understanding of latest crypto regs.  The situation is fluid,
and since Sept. 11, 2001, the environment in the US is changing
somewhat.  To the best of my knowledge it's accurate.  

The US Department of Commerce regulates cryptography export.  The
current regulations are detailed at:

    http://www.bxa.doc.gov/Encryption/
    http://www.bxa.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html
    (yes, it's "Nofify", not "Notify".  Security through obscurity?)


For "publicly available" encryption source code, the requirement is
notification of intent to export.  This notification can be provided by
email, and in fact both instructions and links for doing so are provided
at the second link above.  This is sufficient to allow export of
publicly available encryption products, in both source and object
versions:

    Encryption source code that would be considered publicly available
    is eligible for this provision of License Exception TSU even if it
    is subject to an express agreement for the payment of a license fee
    or royalty for commercial production or sale of any product
    developed using the source code. Corresponding object code resulting
    from the compiling of such source code is also eligible for License
    Exception TSU if it is also made publicly available.

IANAL, TINLA, YADA.

Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    Ceterum censeo, Caldera delenda est.
		        SCO vs IBM Linux lawsuit info:  http://sco.iwethey.org

Attachment: pgpA22hBqQMpj.pgp
Description: PGP signature


Reply to: