Crypto Legality Question

[Will Rodger]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 01:25 PM 9/29/97 +0000, Jim Burnes wrote:
>
>I have a theoretical situation which some person or
>lawyer might know the answer to.  (not that lawyers are
>not people...oh never mind).
>
>Anyway..
>
>ACME corporation, a mostly Canadian outfit with a major
>subsidiary in the US, wants to roll out corporate wide crypto.
>
>Most of their network operations are in the US except one
>of their offices in Ireland.
>
>Question (1): Can they buy a strong crypto package in the
>US and physically roll it out to both Canada and Ireland.

Nope. Though Canada allows export of strong crypto generally, 
Canadians may not re-export US products once they enter the country.

>Question (2): If Canada is OK, but Ireland is out of the
>question, can Irish employees simply procure a compatible
>strong crypto package from, say, Finland?  This assumes
>that the message traffic from the Irish office to the US is
>not covered by commerce dept regs, just the export of
>software.  Since software isnt being exported, is everything
>legal?

Yup. As you could imagine, US export laws are set up to try to avoid 
such compatibility whenever possible. This is also a reason why PGP 
Inc.'s recent shift to crypto services and away from relying on 
crypto sales exclusively is a relatively big deal. If everyone has 
the software, PGP Inc. can provide services to those folks a lot more 
easily. PGP 5.0, of course, is out there on the Net for the taking 
worldwide.

Cheers.

Will Rodger
Washington Bureau Chief
Inter at ctive Week
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQA/AwUBNDAVmNZgKT/Hvj9iEQIemwCeMsUUiMuPRE2we6t8WiPxQ9TGSAIAoPwN
O5C/FTnLEuGrJC2mY+DMb0IC
=5f31
-----END PGP SIGNATURE-----