Well, you can try calling the NAI number at 972-308-9960, and see what kind of story you get. I'm still trying to get an upgrade, which is what I called about in the first place. I've been having trouble dealing with one of their resellers, so had to go back to the source. This matter came up when the rep told me that I had to answer "yes" to the three export questions, and I asked "Do you really think that such software can be kept out of the hands of those black-listed countires?" He told me that it could because even if the people in those countries got the software, that it would be useless to them because nobody in the US could receive encrypted messages from those countries. Why, I asked. There's nothing in the EARs to prohibit reception of encrypted messages. There's no big filter at the borders checking for messages. After all, (quoting Tim May) national borders aren't even speed bumps on the information superhighway. He conceded that while there was no big filter at the border, ISPs wouldn't accept such email. Which ISPs, I asked. He mentioned AOL. Any others? He didn't know. I asked under what law they were required to filter such incoming messages. He didn't know, but replied this is what the customer support people had been told by NAI management. I suggested (more than once) that he ask the NAI legal department if this was indeed the case. Might be also worthwhile to call AOL corporate. This could evolve into a very interesting PR incident for them if they are indeed blocking such messages, when it's pointed out that PGP usage is essential to the work of human rights, relief, charitable, and even religious organizations in those countries. On the other hand, what's one more nasty PR incident to AOL? --CH
Of course there is no law or regulation that prohibits individuals from accepting encrypted email from the blacklist countries (or an ISP from forwarding it).
Though perhaps government pressure or simple misunderstanding can explain the situation you encountered. I'd be interested in any verifiable info on this.
-Declan
On Mon, Jul 16, 2001 at 02:29:16PM -0700, codehead@ix.netcom.com wrote:
I just got off the phone with one of the customer service people at NAI, who informed me that "Encrypted e-mails from certain countries aren't accepted in the US" and that accepting encrypted email from one of the "black list" (i.e., North Korea, Libya, Iran, Iraq, China, etc.) is illegal under US law.
When queried about the issue of *accepting* encrypted e-mail from a "black-list" country, the customer rep stated that this is what he was told by higher-ups in the company.
Never mind the issue of web-based email, mail originating from the dot-com, dot-edu, dot-net or dot-org TLDs, spoofed headers or open relays. It was impossible to resist quoting Tim May on the transparency of national borders, and to point out that so far, anyway, there was no ubiquitous filter at the borders. The rep backpedaled and stated that "some" ISPs, specifically AOL, were choosing not to accept such email.
Anyone have any idea if any ISPs are refusing to accept encrypted email from "black-listed" countries?
Or is this just a matter of NAI cluelessness?