Since I am going to quote portions of the EAR and make some comments on it, let me begin by stating that I Am Not A Lawyer, and none of this is to be taken as legal advice, or even accurate. On May 1, 10:18pm, Tim May wrote:
I hate it when people ask me to go dig up stuff...as I often end up wasting my time doing it, instead of telling them to use their own search tools.
I didn't mean for you to do the search, Tim. I have spent some time reading the EAR. For example, by reading the relevant sections of the EAR and correlating it with the Immigration and Naturlization Act, I figured out that it would be illegal for somebody in the US to give me encryption software, though it would be OK for them to give the same code to a certain class of illegal immigrants. During all this, I didn't come accross a section which said that "hooks" or something similiar (used to be known as a DES shaped hole), cannot be exported without a license. I was hoping that some of the lawyers who frequent cypherpunk, whose job it might to understand these regulations would be generous enough to post a pointer.
But it may have been worth it. While stupidly searching the EARs with my tools, I found this little gem: Sec. 730.5 Coverage of more than exports.
* * * * * (d) * * * The EAR also restrict technical assistance by U.S. persons with respect to encryption commodities or software.
"Restrict", not prohibit. To atone for my sins, I decided to do some searching myself. This is actually expanded on in 744.9. 736.2 (b)(7)(ii) (general prohibition seven) says: (ii) You may not, without a license from BXA, provide certain technical assistance to foreign persons with respect to encryption items, as described in Sec. 744.9 of the EAR.// And in 744.9. // Sec. 744.9. Restrictions on technical assistance by U.S. persons with respect to encryption items. (a) General prohibition. No U.S. person may, without a license from BXA, provide technical assistance (including training) to foreign persons with the intent to aid a foreign person in the development or manufacture outside the United States of encryption commodities and software that, if of United States origin, would be controlled for ``EI'' reasons under ECCN 5A002 or 5D002. These ECCNs (whatever that means) is in http://jya.com/774-ccl05.htm. 5A002 is for hardware modules that do encryption functions. 5D002 applies to software. I won't quote it here, but from my reading it lists only software designed or modified for certain purposes, such as putting it in a hardware module, for one. The general prohibitions in part 736 does not make any other references to technical assistance, so I would think this is all the restriction that is there, but as I said, IANAL, and I haven't read the whole EAR.
Anil, you'll have to do the research on where in the vast amount of stuff on the EARs, the Munitions List, the CCL, etc. this is spelled out. I'm done for the evening.
Good night, Tim. Glad you could find something useful out of all that wasted time, and glad I could do some searcing for you in return. -- Anil Das