At 05:45 PM 1/13/97 -0800, Ian Goldberg wrote:
After _very_ careful reading of the Export Administration Regulations (EAR) (though IANAL), it would seem that the above is slightly inaccurate. [...] Therefore, it would seem that, as long as the security software on your ftp or WWW site is free of cost, it is OK to keep it there. Commercial security software, however, remains export-restricted.
I concur with Ian Goldberg's careful analysis (thanks, Ian!) that *freeware* data security software that does not use cryptography is indeed not covered under the new regs. Commercial data security software of any kind, regardless if it uses crypto or not, is however prohibited from being distributed via the Internet or being exported by any other means. Note that such software was explicitly exempt from export regulations under the old ITAR. Now it is explicitly included in the EAR. I fail to see a rationale behind this change. But then, I fail to see the rationale behind the entire ITAR/EAR scheme. As always, IANAL, -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://www.mersenne.org/prime.htm