On Mon, 16 Jul 2001 16:46:20 -0700, Eric Murray <ericm@lne.com> wrote:
On Mon, Jul 16, 2001 at 06:41:22PM -0500, Aimee Farr wrote:
Companies with products or applications relevant to defense are wary of email from certain sovereigns. This is because they don't want clueless reps giving away bacon in an email pretext attack. The government has been harping on it lately. Maybe the rep got a talkie and is confused ...or something.
I'm just guessing.
What is the answer?
~Aimee
It's a mis-interpretation of the US export laws. It's common for people to think that they limit sending (or receiving in this case) encrypted data in addition to encryption devices and info.
That's exactly what I insisted to the NAI rep. I suggested that he talk to their corporate attorneys, pointing out that there was nothing in the EARs that prevented reception of such encrypted email by anyone in the US; that the EARs specifically prohibited *export* of encrypting *software*--not encrypted messages--to the black-listed countries. He, however, kept falling back on the Nuremburg defense ("I'm just following orders."). No indication that he would make any attempt to ask in spite of several suggestions. (Employment must still be pretty good in Silicon Valley, I suppose, if such people can hold a job.) It's very disheartening to see what NAI is doing/has done to PGP. It's especially disgusting in light of the pride that Phil Zimmerman and PGP, Inc., once took in enabling communications for human-rights activists in such "black-listed" countries. Now such activists, according to the NAI rep, can no longer be heard in the US if they communicate by encrypted email--which, of course, may be the only means by which they can communicate safely. Back to the original question: It's obvious that NAI is operating under the belief that some ISPs are complying with some unspoken BXA idea/wannabe-law and blocking encrypted messages from "no-no" originating domains. Is this really the case, or is NAI also full of it on this one?