-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 01:25 PM 9/29/97 +0000, Jim Burnes wrote:
I have a theoretical situation which some person or lawyer might know the answer to. (not that lawyers are not people...oh never mind).
Anyway..
ACME corporation, a mostly Canadian outfit with a major subsidiary in the US, wants to roll out corporate wide crypto.
Most of their network operations are in the US except one of their offices in Ireland.
Question (1): Can they buy a strong crypto package in the US and physically roll it out to both Canada and Ireland.
Nope. Though Canada allows export of strong crypto generally, Canadians may not re-export US products once they enter the country.
Question (2): If Canada is OK, but Ireland is out of the question, can Irish employees simply procure a compatible strong crypto package from, say, Finland? This assumes that the message traffic from the Irish office to the US is not covered by commerce dept regs, just the export of software. Since software isnt being exported, is everything legal?
Yup. As you could imagine, US export laws are set up to try to avoid such compatibility whenever possible. This is also a reason why PGP Inc.'s recent shift to crypto services and away from relying on crypto sales exclusively is a relatively big deal. If everyone has the software, PGP Inc. can provide services to those folks a lot more easily. PGP 5.0, of course, is out there on the Net for the taking worldwide. Cheers. Will Rodger Washington Bureau Chief Inter@ctive Week -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQA/AwUBNDAVmNZgKT/Hvj9iEQIemwCeMsUUiMuPRE2we6t8WiPxQ9TGSAIAoPwN O5C/FTnLEuGrJC2mY+DMb0IC =5f31 -----END PGP SIGNATURE-----