legal question
Perry E. Metzger
perry at piermont.com
Thu Jan 11 18:42:52 PST 1996
A question for our local attorneys.
There have been several times in the past where people have questioned
whether cryptographic hash functions like SHA and the like are
exportable under the ITAR?
In a joint declaration of facts not in dispute as part of Karn
v. State Department, the following was agreed by the government:
(see http://www.qualcomm.com/people/pkarn/export/karnsf.html)
34. Three of the source code listings on the diskette and in Part
Five of the Applied Cryptography book, MD-5, N-HASH, and SHS
are "hashing routines" that perform a data authentication
function and, by themselves, are not controlled for export
under the ITAR because cryptographic software that is solely
limited to a data authentication function is excluded from
Category XIII(b) of the United States Munitions List. See 22
C.F.R. 121.1 XIII(b)(vi).
Would this not mean that the government is estopped from ever again
claiming that hash functions are export controlled under the ITAR?
Just curious as to whether or not things have been made more clear...
Perry
PS they also admit in the same declaration to having broken Enigma in
WWII. A shocking revelation.
More information about the cypherpunks-legacy
mailing list