[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: US Crypto policy shift.
At 09:56 AM 1/13/2000 , M Taylor wrote:
>This looks like a major change, OpenBSD does not have to be quite so
>Canada-centric, and we can hopefully expect an increase of strong
>cryptography enhancements from US programmers.
I hope you're right. Alas, I've been poring over the proposed new crypto
regulations, and think I see a serious problem vis-a-vis open source. The
provision that allows the export of source code, quoted at
http://www.cdt.org/crypto/admin/000110cryptoregs.shtml, says (caps added
>Also in §740.13, to, in part, take into account the "open source" approach
>to software development, UNRESTRICTED encryption source code not subject
>to an express agreement for the payment of a licensing fee or royalty for
>commercial production or sale of any product developed using the source
>code can, without review, be released from "EI" controls and exported and
>reexported under License Exception TSU.
Note the use of the qualifier "unrestricted" in the paragraph above. So,
what's "unrestricted?" The text one paragraph above gives what appears to
be the Administration's answer:
>In §740.13, Technology and Software UNRESTRICTED, changes are made to
>reflect amendments to the Wassenaar Arrangement. Specifically, encryption
>software is no longer eligible for mass market treatment under the General
>Software Note. Encryption commodities and software are now eligible for
>mass market treatment under the new Cryptography Note in Category 5 - Part
>2 of the CCL. This Note multilaterally decontrols mass market encryption
>commodities and software UP TO AND INCLUDING 64-BITS.
So, if I read the draft correctly, no open source crypto software that's
strong enough to protect anyone's privacy against a marginally competent
code cracker can be exported, even under the new rules. Am I off base here?
I hope I am, but I fear I'm not.
I'm reminded, as was one poster on Slashdot, of Lucy, Charlie Brown, and a