ITAR financial crypto exception?
Bill Frantz
frantz at netcom.com
Sat Nov 2 10:06:15 PST 1996
At 8:25 PM 11/1/96 -0800, Greg Broiles quoted:
>According to the "United States Munitions List", 22 CFR 121.1, Category
>XIII, "Auxiliary Military Equipment":
>
>"Information Security Systems and equipment, cryptographic devices,
>software, and components specifically designed or modified therefor" are
>included in the munitions list; but not if they are
>
>"[s]pecially designed, developed or modified for use in machines for
>banking or money transactions, and restricted to use only in such
>transactions. Machines for banking or money transactions include automatic
>teller machines, self-service statement printers, point of sale terminals
>or equipment for the encryption of interbanking transactions." (22 CFR
>121.1, Category XIII (b)(1)(ii)),
>
>or if they are
>
>"[l]imited to access control, such as automatic teller machines,
>self-service statement printers or point of sale terminals, which protects
>password or personal identification numbers (PIN) or similar data to prevent
>unauthorized access to facilities but does not allow for encryption of
>files or
>text, except as directly related to the password of PIN protection." (22
>CFR 121.1, Category XIII (b)(1)(v)).
I don't think either of these exclusions would cover the reference
implementation of the SET protocol. I don't think it would cover an
electronic commerce application running on a personal computer/workstation
either. Therefore I conclude that the ITAR is contributing to the
vulnerability of our emerging electronic commerce infrastructure.
-------------------------------------------------------------------------
Bill Frantz | Tired of Dole/Clinton? | Periwinkle -- Consulting
(408)356-8506 | Vote 3rd party. I'm | 16345 Englewood Ave.
frantz at netcom.com | Voting for Harry Browne | Los Gatos, CA 95032, USA
More information about the cypherpunks-legacy
mailing list