[2306] in cryptography@c2.net mail archive
How PGP bypassed U.S. export rules, from Netly/AL
daemon@ATHENA.MIT.EDU (Declan McCullagh)
Fri Mar 20 19:36:37 1998
Date: Fri, 20 Mar 1998 14:29:02 -0800 (PST)
From: Declan McCullagh <declan@well.com>
To: cryptography@c2.net
*****
http://cgi.pathfinder.com/netly/afternoon/0,1012,1835,00.html
The Netly News / Afternoon Line
March 20, 1998
Crypto By the Book
In the long-standing tussle with the government over exports of
encryption products, software companies have an little-known
advantage: the U.S. Constitution. Currently a presidential executive
order restricts firms from exporting software without backdoors for
government surveillance. But the First Amendment allows them to
publish it in book form. Therein lies the loophole Network Associates
is using to sell strong, 128-bit PGP encryption products
internationally through its Dutch subsidiary. For PGP published the
"source code" innards of its software as a book. "We gave out copies
at a meeting on U.S. soil," says a source within PGP. "We were not
actually directly involved in the shipment overseas." One of the books
eventually ended up in the hands of Norway's International PGP Users
Group, which promptly scanned in the code and published it at
pgpi.com. Sources say cryptographers at Network Associaties' European
partner simply downloaded the files and now are hawking PGP worldwide.
It's a cunning dodge around U.S. rules -- but is it legal? Sure, says
Ken Bass, an attorney who specializes in export regulations: "The
current regulatory regime and the presidental executive order
expressly distinguish between books and non-books." Score one for PGP.
--By Declan McCullagh/Washington
