On Dec 19, 3:56pm, L. McCarthy wrote:
The U.S. govt. doesn't want you to get PGP from the U.S., but you are (presumably) not a U.S. resident or citizen, so U.S. laws don't apply to you. As long as _Swedish_ law doesn't bar you from importing strong cryptography into Sweden, you can grab PGP from wherever you like.
As has been discussed many times before, it is not that clear cut. Legal opinion I have gotten said that the US government would almost certainly consider its laws violated if a "foreign national" fetched a piece of ITAR controlled software from a US site, although it's ability to prosecute would be limited _until_that_individual_entered_US_territory_. That's a big gotcha, folks. Let's not forget Phil Z's recent experience with US customs. The legal opinion I have gotten also suggested that traffic passing through the US (but not having a source or destination with that legal juristiction) is a very grey legal area, and even might depend on whether the signal travelled via satellite or cable (there might even be loopholes if it went over US territory - via a satelite link - rather than travelling through it via landlines.) Non-deterministic routing also would make it difficult to prosecute, although the fact that they are investigating Phil for writing the software makes me wonder just how much reality is involved in their decision to proceed with legal action. I personally would be extremely cautious about fetching anything from another country unless that country specifically allowed export of crypto software. Fortunately, most European countries do, and there are several good crypto sites there. Ian. #include <std.disclaimer> "I speak only for myself."