m5@dev.tivoli.com (Mike McNally) writes:
Isn't it the case that there are loopholes or explicit exceptions in crypto export regulations that allow American businesses to supply their overseas operatives with tools for secure communication back home? We were discussing today some stuff about our web server, and there's some desire to provide secure access for our sales people to internal junk. Nobody was sure whether it'd be OK for our people in the Evil Empire (Europe) to have the 128-bit-RC4 Netscape for that purpose.
At the December NIST Key Escrow/GAK export meeting, Mike Nelson said that there are rules that allow US companies to "easily" export strong encryption to their overseas operations. The important (key :-) idea is that the export is to protect the corporate assetts of US companies. He seemed to imply that exporting, say PGP, for internal corporate use was fine and easily done. Other folks later claimed that this wasn't quite as easy as he claimed. For more, see, http://www.isse.gmu.edu/~pfarrell/nist/pdf.nist2.html Pat Pat Farrell Grad Student http://www.isse.gmu.edu/students/pfarrell Info. Systems & Software Engineering, George Mason University, Fairfax, VA PGP key available on homepage #include <standard.disclaimer>