Bill Stewart writes:
I had interpreted the suggestion differently - rather than a system with user-accessible crypto hooks, the manufacturer could ship a binary patch upgrade for US customers to install. The internal design would presumably have crypto hooks (i.e. subroutine calls); they can't ban that.
No, they can't *ban* it, but there's no reason to suspect that they won't revoke the export license after the scheme becomes clear. And of course the patch itself would not be exportable. If there's a "wink wink nudge nudge" implication that the patch would make its way overseas, I don't understand why that's really any more likely than the US-only version getting out. Note that the USGov puts definite explicit heat on corporations to make it clear that they're serious about this stuff. The responsible VP for such things at one company with which I'm familiar was explicitly reminded that he could personally be held criminally liable for any transgressions of the export laws. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~