The Men in Black made Lucky Green <shamrock@netcom.com> write:
[Listing specific software prohibited from export] "c.2. "Software" to certify "software" controlled by 5D002.c.1; "
And, btw, virus checkers are also prohibited from export. Makes you wonder.
"c.3. "Software" designed or modified to protect against malicious computer damage, e.g., viruses;"
That includes every firewall product, every virus checker, every data security product, and this regardless if the product uses crypto or not. The new regulations go way beyond controlling crypto. The USG, in a massive power grip, has put data security as a whole on the export control list.
These aren't new regulations, they're old regulations which have resurfaced. I've managed to obtain a copy of part of the old pre-Wassenaar COCOM regulations, which contain the magic lines: 5.D.2.c Specific "software" as follows: 1. "Software" having the characteristics, or performing or simulating the functions of the equipment embargoed by 5.A.2 or 5.B.2. 2. "Software" to certify "software" embargoed by 5.D.2.c.1. 3. "Software" designed or modified to protect against malicious computer damage, e.g. viruses. This is from the October 1991 version. By October 1996 this had changed to: 5D002 c Specific "software" as follows: 1. "Software" having the characteristics, or performing or simulating the functions of the equipment embargoed by 5A002 or 5B002. 2. "Software" to certify "software" specified in 5D002.c.1. It looks like someone used the old COCOM regs as the basis for the EAR rather than the newer Wassenaar ones. The two are almost identical anyway except for a few minor points. It's likely that the anti-virus clause is due to bureaucratic bungling rather than malicious intent. Peter.