I apologize if this has already been posted to the list, as I have been extremely busy the past couple of days and have not had the luxury of reading every message that has been posted. If this is old news -- sorry. ,-) Begin excerpted message ---------------------------
Subject: Cu Digest, #5.74 - More on Moby Crypto
------------------------------ Date: Tue, 21 Sep 1993 21:13:17 GMT From: Grady Ward <grady@netcom.com> Subject: File 2--NEW State Dept FLASH on Moby Clipper (Grady Ward) (please edit follow-ups) In a fresh (to me, stunning) development, the Austin Code Works received a letter today (Tuesday 9/21/93) from the State Department, Bureau of Politico Military Affairs, Office of Defense Trade Controls advising them, in part, of their need to register as an International Arms Trafficker *even if* their crypto material is intended solely for *domestic* publication, regardless of whether they are selling executables, source, descriptions, algorithms of any crypto (and presumably viral detection) software or documentation, as defined by ITAR. This requirement literally implies that a Cereal manufacturer is required to register as an arms trafficker if it wants to include a secret de/coder ring in the box, has a cardboard outline of a de/coder printed on the box, or even a description how to construct or use a de/coder ring. Complete text of the letter follows: (State Department Seal) United States Department of State Bureau of Politico-Military Affairs Office of Defense Trade Controls Washington, D.C. 20522-0602 AUG 31 1993 Austin Code Works 11100 Leafwood Lane Austin, TX 78750-3587 Dear Sir: It has come to the attention of this office that your company is making cryptographic source code and technical data available for commercial export claiming a technical data exemption from the International Traffic in Arms Regulations. Cryptographic software, including source code, is a munitions article as defined in 22 CFR # 120.1, category XIII(b). Further, the exemptions listed in 22 CFR # 125.4 for technical data do not apply to cryptographic software and source code. A valid Department of State license is required to export cryptographic source code. As such, it would be a violation of the International Traffic in Arms Regulations to export cryptographic source code without a valid Department of State export license. We take this opportunity of advise you that any company or individual who engages in the United State in the business of either manufacturing or exporting defense articles or furnishing defense services is required to register for a fee with the Office of Defense Trade Controls (DTC) pursuant to 22 U.S.C. # 2778(b)(1)(A) and 22 C.F.R. Part 122. Furthermore, the export of such defense articles and related technical data must be licensed by the Department of State in accordance with 22 U.S.C # 2778(b)(1)(B)(2) and 22 D.F.R. Parts 120-130 (International Traffic in Arms Regulations). A booklet entitled "REGISTRATION: The First Step in Defense Trade" is enclosed. If you are unsure whether an article is on the U.S. Munitions List, you may send five (5) copies of descriptive literature about the product and request a commodity jurisdiction determination from this office according to 22 C.F.R # 120.5 of the ITAR. If you have any questions regarding the matters discussed in this letter, please do not hesitate to contact this office at (703) 875-6650. Sincerely, (signed) Clyde G. Bryant, Jr., Chief Compliance and Enforcement Branch ++++++++++++++++ I guess this means that all FTP sites who implement the GET command and have anything to do with crypto or viral detection, including RFCs, overviews or discussions of specific techniques or algorithms, etc. must be registered as International Arms Traffickers *even if* they disallow all but domestic FTP connections. What to do now. My advice to this new twist of the NSA and State Department regulating activities *within* the United States is twofold: (1) GET and FAMILIARIZE yourself with PGP sources or other crypto options NOW and upload it to your local BBS (if you deem it still legal for you to do these things) and (2) Consider supporting the Electronic Freedom Foundation. PGP sites: black.ox.ac.uk (129.67.1.165) src.doc.ic.ac.uk (146.169.2.1) ftp.demon.co.uk (158.152.1.65) ghost.dsi.unimi.it (149.132.2.1) nic.funet.fi (128.214.6.100) soda.berkeley.edu (128.32.149.19) Electronic Freedom Foundation 1001 G Street, NW Suite 950 East Washington, D.C. 20001 202/347-5400 voice 202/393-5509 FAX FTP ftp.eff.org End excerpted message ------------------------------