Attila <attila@primenet.com> writes:

On Thu, 23 Nov 1995, jim bell wrote:

...

[US companies hiring non-US programmers to avoid ITAR]

<attila sez> I think they have that one covered --not only is it violation of ITAR's intent to send a programmer out of the U.S., but is illegal to hire a foreign national to program for your non-U.S. products.

Having your company legally based outside the US, with just a US office (on paper) would seem to get around this. If all your code is shipped from Sun Corp, Russia (and actually you get CDs in the mail from Russia literally if you order software from them), then it would seem to avoid the problem. They'd probably have to make sure that no programming at all occured in the US otherwise they'd be susceptible to the claim that they were violating ITAR by their US development team exporting software with a hole for crypto to their main development team in Russia. Multinationals could juggle that much easily. The other problem is that multi-nationals don't like stepping on the govts toes, because the govt might retaliate by not buying Sun, or Sun mysteriously losing contracts. Sound right?

the test is going to be with someone like Sun who "bought" a group of Russian crypto programmers and left them in Russia. Now, the problem with ITAR is that if you import that code, you can not then export the code since it is now covered by ITAR.

However this is the real problem, the don't want crypto no matter what. They'll do their damnest to stop it by whatever means: legal or illegal, monetary pressure, threats, FUD, overbroad ITAR, selective enforcement, etc.

secondly, it appears there is a move afoot to make it an ITAR violation to hire the foreign nationals to circumvent ITAR --basically, the Feds want to stop cryptography _everywhere_, including telling Russians they can not work for U.S. companies! Just where do they think they are getting off?

then, when ALL hitech moves out of the U.S. and the DoD needs us, we will not be here, will we?

Something that is puzzling me is how DigiCash is doing. Their software I think is ITAR regulated (or would be if it were shipped from a US ftp site). OK, so they get around it by shipping their software from Digicash, Bv, Netherlands. But, somewhere on their pages it mentions that: "Digicash, Bv is a wholly owned subsidiary of Digicash" (which *is* based in the US). Does that make them a counter example who is currently getting away with it? Just to complicate things further David Chaum is a US citizen, right? Maybe he himself is ok because he doesn't write the code himself, the digicash development team does. Is Digicash (US) hiring (collectively) Digicash, Bv if it is a wholly owned subsidiary, in US legal terms? Reckon the long term message is for companies to just pull out of the US. Moving to a suitable jurisdiction would be possible for Netscape, and would be a coool blow against ITAR. Adam