Export laws revisited

Ethan M. O'Connor (zudark@mit.edu)
Wed, 30 Apr 1997 23:07:47 -0400


This is all pretty much moot until we consult
a lawyer, but if someone wants to go ahead and
take whatever risk there is in making the client
internationally available, the following section
from the export comment (available on Rocke's page)
might be of some encouragement:

>Encryption software can be used to maintain the secrecy of
>information, and thereby may be used by persons abroad to harm national
>security, foreign policy and law enforcement interests. As the
>President indicated in E.O. 13026 and in his Memorandum of November 15,
>1996, export of encryption software, like export of encryption
>hardware, is controlled because of this functional capacity to encrypt
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>information on a computer system, and not because of any informational
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>or theoretical value that such software may reflect, contain, or
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>represent, or that its export may convey to others abroad. For this
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>reason, export controls on encryption software are distinguished from
>other software regulated under the EAR.

So it seems like current export guidelines are based not on the ideas
conveyed, but on encryption functionality. Since the clients distributions
are just binary which can't do anything but participate in this search,
even if someone extracted the algortithm from the machine code, that
would just be "informational or theoretical value" and ...

Opinions?

-Ethan O'Connor