Bill Frantz <frantz@netcom.com> writes:
2. Suppose someone writes a program Z that has no expicit crypto code in it, but has hooks for installing one or another version of PGP. Given a copy of Z, someone in this country could install PGP he got from MIT, whereas someone in Europe could install the international version. Would export of Z violate ITAR restrictions?
Yes
I agree. However let me elaborate for Rollo: with ITAR there are at least three aspects: - what ITAR says It says for instance that you can not _talk_ to a foreign national in the US about crypto, that you can not show them books, that you can not export books etc. We know this is not enforced (they tried it a few times and gave up). We know books are allowed to be exported, examples: Bruce Schneier's Applied Crypto (crypto source code, never mind technical descriptions, which ITAR says are illegal to export or disclose to foreigners "Disclosing (including oral or visual disclosure)" Phil Zimmermann/MIT's PGP source code and internals book, the full source code to PGP itself in an OCR font) They don't enforce books or discussions anymore because of the clear 1st ammendment case against this behaviour. - and what the NSA, and US government care to interpret ITAR as meaning today (they change to suit the case at hand, keeping their interpretation purposefully vague) - what they care to enforce NCSA Mosaic had a PGP signature checking hook, they were told to take it out. Microsoft's CAPI arrangement is that they will not sign non-US CAPI compliant crypto modules (Examples of enforcement of no-hooks interpretation). emacs mailcrypt is exported form the US (Emacs RMAIL/GNUS interface to PGP - just plug in pgp263i or mit pgp262, an example of non-enforcement of no-hooks interpretation) Adam -- #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)