[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: US Crypto policy shift.

To: M Taylor <mctylr@privacy.nb.ca>, David Terrell <dbt@meat.net>
Subject: Re: US Crypto policy shift.
From: Brett Glass <brett@lariat.org>
Date: Thu, 13 Jan 2000 20:49:27 -0700
Cc: advocacy@openbsd.org
References: <20000112234430.A13034@pianosa.catch22.org>

At 09:56 AM 1/13/2000 , M Taylor wrote:

>This looks like a major change, OpenBSD does not have to be quite so
>Canada-centric, and we can hopefully expect an increase of strong
>cryptography enhancements from US programmers.

I hope you're right. Alas, I've been poring over the proposed new crypto 
regulations, and think I see a serious problem vis-a-vis open source. The 
provision that allows the export of source code, quoted at 
http://www.cdt.org/crypto/admin/000110cryptoregs.shtml, says (caps added 
for emphasis):

>Also in §740.13, to, in part, take into account the "open source" approach 
>to software development, UNRESTRICTED encryption source code not subject 
>to an express agreement for the payment of a licensing fee or royalty for 
>commercial production or sale of any product developed using the source 
>code can, without review, be released from "EI" controls and exported and 
>reexported under License Exception TSU.

Note the use of the qualifier "unrestricted" in the paragraph above. So, 
what's "unrestricted?" The text one paragraph above gives what appears to 
be the Administration's answer:

>In §740.13, Technology and Software UNRESTRICTED, changes are made to 
>reflect amendments to the Wassenaar Arrangement. Specifically, encryption 
>software is no longer eligible for mass market treatment under the General 
>Software Note. Encryption commodities and software are now eligible for 
>mass market treatment under the new Cryptography Note in Category 5 - Part 
>2 of the CCL. This Note multilaterally decontrols mass market encryption 
>commodities and software UP TO AND INCLUDING 64-BITS.

So, if I read the draft correctly, no open source crypto software that's 
strong enough to protect anyone's privacy against a marginally competent 
code cracker can be exported, even under the new rules. Am I off base here? 
I hope I am, but I fear I'm not.

I'm reminded, as was one poster on Slashdot, of Lucy, Charlie Brown, and a 
football....

--Brett Glass

Follow-Ups:
- Re: US Crypto policy shift.
  - From: M Taylor <mctylr@privacy.nb.ca>

References:
- Re: US Crypto policy shift.
  - From: M Taylor <mctylr@privacy.nb.ca>

Prev by Date: Re: US Crypto policy shift.
Next by Date: Re: US Crypto policy shift.
Prev by thread: Re: US Crypto policy shift.
Next by thread: Re: US Crypto policy shift.
Index(es):
- Date
- Thread