At 04:06 AM 7/11/96 +0000, Paul Elliott wrote:

What is to prevent a U.S company to licence a foreign company to sublicence and distribute a Crypto product abroad, if that foreign company obtains that product on the pirate market?

I am not a lawyer, but I look at the definition of "export" on page 612 of Applied Cryptography and nothing seems to obviously apply.

The scenario I imagine is this: U.S. company produces a crypto product. To be generally useful, the product supports all languages. (Those CDROMs really do hold a lot of data.) After all, Americans do need to do business with foreigners. The company licences and distributes the product in the U.S. taking special care not to distribute the product to any foreign persons. When inevitability, the product appears in the pirate market outside the U.S., the company makes a contract with a foreign company allowing it to distribute it and sublicence it. The foreign company can get their copy from the pirate market, being authorized to get the copy by the U.S. company. When this deal is cut copies have already been exported and are already being sold by the pirates, against the will of the U.S. company.

I raised this type of idea on CP, twice, and didn't hear a peep about it! (As recently as a couple of days ago.) It doesn't entirely eliminate the illegality; it merely transfers that illegality to an unknown and thus unprosecutable person. But yes, it appears that nothing would prevent this technique from working very well. Any attempted prosecution would fare even less well than the example of Zimmermann and PGP 1.0: There would be no illusion that an encryption product sold in hundreds of stores nationwide could be kept within the borders of the US, so the domestic manufacturer is safe. The foreign distributor isn't violating any of his own country's laws, and probably not arguably any of the US. Both companies could enthusiastically invite the USG to prosecute whoever actually exported the software, laughing all the way to the bank. Jim Bell jimbell@pacifier.com