I have a theoretical situation which some person or lawyer might know the answer to. (not that lawyers are not people...oh never mind). Anyway.. ACME corporation, a mostly Canadian outfit with a major subsidiary in the US, wants to roll out corporate wide crypto. Most of their network operations are in the US except one of their offices in Ireland. Question (1): Can they buy a strong crypto package in the US and physically roll it out to both Canada and Ireland. Question (2): If Canada is OK, but Ireland is out of the question, can Irish employees simply procure a compatible strong crypto package from, say, Finland? This assumes that the message traffic from the Irish office to the US is not covered by commerce dept regs, just the export of software. Since software isnt being exported, is everything legal? Thanks, Jim Burnes Jim Burnes Engineer, Western Security, SSDS Inc jim.burnes@ssds.com ---- When the world is running down Make the best of what's still around - Sting