crypto restrictions
hi guys, i am a bit confused. what exactly are the us govt crypto regulations. what i mean is that : 1) is it illegal to develop an encryption tool (s/w) in the US which uses > 40 bit size session keys and then export that s/w outside of the US. 2) is it illegal to encrypt some data inside the us with a key > 40 bit in size and then send that data outside the US. thanx. anand....
-----BEGIN PGP SIGNED MESSAGE----- anand abhyankar <anand@querisoft.com> writes:
i am a bit confused. what exactly are the us govt crypto regulations.
Hard to tell, really...
what i mean is that :
Oh, this is one of those easy questions!
1) is it illegal to develop an encryption tool (s/w) in the US which uses > 40 bit size session keys and then export that s/w outside of the US.
Yes.
2) is it illegal to encrypt some data inside the us with a key > 40 bit in size and then send that data outside the US.
No. HTH, Jer "standing on top of the world/ never knew how you never could/ never knew why you never could live/ innocent life that everyone did" -Wormhole -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMwPcx8kz/YzIV3P5AQHqgwMAgCzNC8JCGJ4hY98Xk5UB4UtSRtx4VBfv bCD1AeE/1qLLJThi187hCEQRxzm4gAC+jCG6B+WSghvplrnkkfdMRn+3d8/+3F/y X/o7Khg9WqZcfm2uzOt9RSkaLXvl6Pk4 =WVv3 -----END PGP SIGNATURE-----
Jeremiah A Blatz wrote: thanx for ur answer but then i have another question. 1) is it illegal to develop an encryption tool (s/w) outside the US which uses > 40 bit size session keys and then import that s/w inside of the US. anand....
-----BEGIN PGP SIGNED MESSAGE----- anand abhyankar <anand@querisoft.com> writes:
Jeremiah A Blatz wrote:
thanx for ur answer but then i have another question.
1) is it illegal to develop an encryption tool (s/w) outside the US which uses > 40 bit size session keys and then import that s/w inside of the US.
It's legal in the US, but other countries have export restrictions, too. They're usually pretty hard to find out about, especially considering that the people who passed the laws don't have a clue what the law means. Your best place to check is the Crypto Law Survey at http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm The disclamer states that the findings may not be "exaustive or legally reliable," and given the opacity of crypto laws, you'd better belive it. That said, it is an excellent resource. cypherpunks newbie patrol, Jer "standing on top of the world/ never knew how you never could/ never knew why you never could live/ innocent life that everyone did" -Wormhole -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMwQOAckz/YzIV3P5AQFUJgL+KhGiQ/N6Nrt95d4UhF+MFUtTxsbWUTDx 5cKtCz2HEG4TqoHQJ0vt/njOMqzBdNgVma9vqC/cWoczOgRXHEmcPuXN0Zd2fOKT KxMOtZzLwvCUSJEYY8q9PZ5lY4NIDcyQ =W32O -----END PGP SIGNATURE-----
At 11:51 AM -0800 2/14/97, anand abhyankar wrote:
Jeremiah A Blatz wrote:
thanx for ur answer but then i have another question.
1) is it illegal to develop an encryption tool (s/w) outside the US which uses > 40 bit size session keys and then import that s/w inside of the US.
There are no import restrictions at this time. The IDEA cipher, for example, was developed in Europe and U.S. developers can import it and put in products. However, once imported it becomes controlled for export again! Also, it may be a violation of the EAR regs to deliberately seek to bypass the export laws by arranging for foreign development of a module which is then "dropped in" when the product is shipped outside the U.S. It may also be illegal to include "software hooks" for crypto modules to be attached to. Exactly how far one can go, or what it might take to trigger a government prosecution for such actions, is unclear. The laws are not very precise, and court precedents are lacking. (There are many wrinkles here; you seem to have a lot of questions, which is good. However, it is best for you to read a comprehensive article on these issues--use a Web search engine to find the latest versions.) --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
-----BEGIN PGP SIGNED MESSAGE----- At 05:20 AM 2/14/97 -0800, anand abhyankar wrote:
1) is it illegal to develop an encryption tool (s/w) in the US which uses > 40 bit size session keys and then export that s/w outside of the US.
Yes, that's illegal, unless you get permission for the export. Getting permission requires jumping through many hoops, and is far from a sure thing. (It's easier to count on not getting permission. You almost certainly won't get permission if you want to use >40 bits and you're not going to force your customers to share their keys with the government.) Consequently, the US is a bad place to write crypto software if you want to make it available worldwide.
2) is it illegal to encrypt some data inside the us with a key > 40 bit in size and then send that data outside the US.
Data which may be exported as plaintext may be exported as ciphertext. Data which may not be exported as plaintext may not be exported as ciphertext. But in the latter case, it's harder to catch you. :) -----BEGIN PGP SIGNATURE----- Version: 4.5 iQEVAgUBMwQZ6f37pMWUJFlhAQFbUAf/SWehrYRT4wGzPUNTDvF5wQEOBiuq0cZu pOcqcOHHYiUKdD2txkT4abb7uV2z6E1TAN0q8r5QULkwV/+A3I2ARChHjYeZqyv4 ZvrbIb6UXLxdkz0xTBjGShjfAwGsegJDb9lb83Ha4UaXBAJSV/KdK2Hr7QFJwd5p gSokXHH8VUb/EF5am/5PvQc0rvXsgHeAx2k77wKNclodVy3E62ymaOt/wf/FIPXW ZLo9h18b5TtyRqpmqBHvG8h/YVq6edMFf7zcBmPgw1yzh9/LSH3+M7uhJ0JceT6d fTT6jQUz3+dKDa7rs0s6Kf+X/e10Y0AeJ+kVQgsqsfPqRpFsUjvyLw== =a1sX -----END PGP SIGNATURE----- -- Greg Broiles | US crypto export control policy in a nutshell: gbroiles@netbox.com | http://www.io.com/~gbroiles | Export jobs, not crypto. |
participants (4)
-
anand abhyankar -
Greg Broiles -
Jeremiah A Blatz -
Timothy C. May