Re: New US regs ban downloadable data-security software
At 05:45 PM 1/13/97 -0800, Ian Goldberg wrote:
After _very_ careful reading of the Export Administration Regulations (EAR) (though IANAL), it would seem that the above is slightly inaccurate. [...] Therefore, it would seem that, as long as the security software on your ftp or WWW site is free of cost, it is OK to keep it there. Commercial security software, however, remains export-restricted.
I concur with Ian Goldberg's careful analysis (thanks, Ian!) that *freeware* data security software that does not use cryptography is indeed not covered under the new regs. Commercial data security software of any kind, regardless if it uses crypto or not, is however prohibited from being distributed via the Internet or being exported by any other means. Note that such software was explicitly exempt from export regulations under the old ITAR. Now it is explicitly included in the EAR. I fail to see a rationale behind this change. But then, I fail to see the rationale behind the entire ITAR/EAR scheme. As always, IANAL, -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred Make your mark in the history of mathematics. Use the spare cycles of your PC/PPC/UNIX box to help find a new prime. http://www.mersenne.org/prime.htm
shamrock@netcom.com (Lucky Green) writes:
Commercial data security software of any kind, regardless if it uses crypto or not, is however prohibited from being distributed via the Internet or being exported by any other means.
I can at least vaguely understand the rationale behind restricting the export of cryptography. But I don't even begin to comprehend restricting the export of data security software. What is going on here? Whose idea is this, what is the agenda? Is the US government really prepared to take on all the producers of virus protection software? Symantec and IBM are pretty big players to upset. And they don't even have the "drug dealers and terrorists" bugbear to defend this particular export restriction. In my more cynical mood I'm afraid that what's going on is the US government is trying to protect its capability to wage information warfare. Could they get away with this?
shamrock@netcom.com (Lucky Green) writes:
Commercial data security software of any kind, regardless if it uses crypto or not, is however prohibited from being distributed via the Internet or being exported by any other means.
I can at least vaguely understand the rationale behind restricting the export of cryptography. But I don't even begin to comprehend restricting the export of data security software. What is going on here? Whose idea is this, what is the agenda?
If you read ITAR you will see that State explicity bans export of any operating system with a security rating of B2 or above. The adgenda is pretty obvious. Cheers, Julian <proff@iq.org>
Subject: Re: New US regs ban downloadable data-security software Nelson Minar <nelson@media.mit.edu> writes:
shamrock@netcom.com (Lucky Green) writes:
Commercial data security software of any kind, regardless if it uses crypto or not, is however prohibited from being distributed via the Internet or being exported by any other means.
I can at least vaguely understand the rationale behind restricting the export of cryptography. But I don't even begin to comprehend restricting the export of data security software. What is going on here? Whose idea is this, what is the agenda?
Is the US government really prepared to take on all the producers of virus protection software? Symantec and IBM are pretty big players to upset. And they don't even have the "drug dealers and terrorists" bugbear to defend this particular export restriction.
They don't have to. They will almost certainly approve almost any non-crypto data security product for export (well, unless they want to punish a company for domestic crypto products :-(, but I think the commerce department can deny actually deny all a comany's exports even without EAR). What's really going on here is that the NSA wants to know exactly what's out there in terms of virus protection and security software, so that if they need to release a virus or something they know exactly how to work around the defenses people are using. You're not going to too many export applications denied for this kind of stuff. It's more just a way for them to know exactly what's going on in that realm.
Anonymous wrote:
What's really going on here is that the NSA wants to know exactly what's out there in terms of virus protection and security software, so that if they need to release a virus or something they know exactly how to work around the defenses people are using. You're not going to too many export applications denied for this kind of stuff. It's more just a way for them to know exactly what's going on in that realm.
Regulation for the purpose of knowing 'everything'. The original purpose of the InterNet was for the DOD to be able to eavesdrop on and monitor the movement and communications of scientists, educators, and other hi-level movers and shakers in the world of the intellect. When some of those using the InterNet refused to place their 'trust' in the DOD's benevolence in making this technology available, choosing to use it only for low-level communications, the DOD began exhorting the wonders of 'data encryption', as a way to ensure InterNet users of the privacy and security of their hi-level communications. With 'encryption', even the 'doubters' felt secure in the knowledge that they could now communicate anything, at any level, and know that their communications were 'safe' from unwanted disclosure. Then came a 'fly in the ointment'. A little shit-hole punk, non-DOD-non-NSA-schill named Phil Zimmerman came out with an encrytpion program that the DOD did 'not' already have the capability to read--one that they could 'not' break. All of a sudden, export of cryptography became a grand issue. Why? ?Encryption software was already existent outside of the U.S. ?Encryption software was already being exported from the U.S. ?Encryption software was already available to all of those labeled by the U.S. government as 'enemies' who should be 'denied' use of this software. So why was Phil Zimmerman's 'backyard' encrytion program such a threat to the powers-that-be? Because they didn't already have the key to read it, and they couldn't break it--it wasn't an Enigma. It was the Inaugural Enigma. And export regulations for Virus protection programs? What reason can 'you' think of for the U.S. government not wanting others to have 'full' protection from computer virus'? 'Whose' virus is the U.S. goverment concerned about others having protection from? Now that Phil Zimmerman has his legal problems 'sorted out', I hope that he doesn't decide to write a virus protection program. It might 'work'. Toto
Nelson Minar wrote:
In my more cynical mood I'm afraid that what's going on is the US government is trying to protect its capability to wage information warfare. Could they get away with this?
Nelson, With a paranoid mind-set such as you seem to be displaying, the next thing I expect is for you to be rambling on about some ludicrous scenario involving the CIA being involved in distributing cocaine in ghetto areas. Toto
participants (5)
-
Lucky Green -
Nelson Minar -
nobody@replay.com -
proff@suburbia.net -
Toto