domestic laws/policies
hello: I have been following the controversy regarding cryptographic software for some time now, and I am hoping that someone on the list could clarify a point for me: If I wanted to develop software that employs cryptography, or a new cryptographic algorithm, strictly for domestic use and sale, does this algorithm have to be registered with any domestic agency? There is a great deal of information on Gak, and the controversy surrounding it, but as of yet I have not been able to find out this type of information. thanks jg
At 7:49 PM -0800 12/23/96, bobbi wrote:
If I wanted to develop software that employs cryptography, or a new cryptographic algorithm, strictly for domestic use and sale, does this algorithm have to be registered with any domestic agency?
If your algorithm is only for domestic use, then there are no restrictions and no need to register. However, if even a single copy is illegally exported, and even if there is no evidence that you helped in its export, then you may experience a situation similar to Phill Zimmerman's where the government persecuted him until the statue of limitations ran out. However judge Patell's decision, if it is applied to you, may make the export of an academic or even source code description of your algorithm legal. YMMV. IMHO, the bottom line is that if you publish in this area you are stepping onto a battle ground. If you don't want any risk of getting shot at, the only safe place is not publishing/selling. If you do publish or sell, and take reasonable precautions to stay within the law, you are fairly safe, but government harassment can not be ruled out. ------------------------------------------------------------------------- Bill Frantz | Client in California, POP3 | Periwinkle -- Consulting (408)356-8506 | in Pittsburgh, Packets in | 16345 Englewood Ave. frantz@netcom.com | Pakistan. - me | Los Gatos, CA 95032, USA
My understanding goes with along with your statements. I got asked a question the other day and that person emphatically stated you "must" register the algorithm with the NSA(for domestic use). I was not aware of this even for exporting software that has cryptographic capability. If you export software do you have to "register" the algorithm? Or maybe I should ask - are there any situations where you do have to register the algorithm? For export I'm only aware that the strength of the algoritm has to be equal to or less than 40-bit DES. I think he was getting confused with GAK. bobbi kluge voice: 619.945.6248 rkluge@nunic.nu.edu fax: 619.945.6397 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj "Once more $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1 into the lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/) breach.." WS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
At 4:02 PM -0800 12/24/96, bobbi wrote:
I got asked a question the other day and that person emphatically stated you "must" register the algorithm with the NSA(for domestic use). I was not aware of this even for exporting software that has cryptographic capability. If you export software do you have to "register" the algorithm? Or maybe I should ask - are there any situations where you do have to register the algorithm? For export I'm only aware that the strength of the algoritm has to be equal to or less than 40-bit DES.
You have to describe the algorithm as part of getting an export license, or commodity jurisdiction. Since this description must be in sufficient detail so a reader can implement the algorithm, this description might properly be described as "registration". ------------------------------------------------------------------------- Bill Frantz | Client in California, POP3 | Periwinkle -- Consulting (408)356-8506 | in Pittsburgh, Packets in | 16345 Englewood Ave. frantz@netcom.com | Pakistan. - me | Los Gatos, CA 95032, USA
Thank you. That is pretty clear. bobbi kluge voice: 619.945.6248 rkluge@nunic.nu.edu fax: 619.945.6397
participants (2)
-
Bill Frantz -
bobbi