[263] in cryptography@c2.net mail archive
Re: UK Encryption Policy
daemon@ATHENA.MIT.EDU (Adam Back)
Fri Feb 21 05:18:44 1997
Date: Wed, 19 Feb 1997 21:59:18 GMT
From: Adam Back <aba@dcs.ex.ac.uk>
To: ben@algroup.co.uk
CC: mikec@cobweb.co.uk, cryptography@c2.net
In-reply-to: <9702201930.aa07900@gonzo.ben.algroup.co.uk> (message from Ben
Laurie on Thu, 20 Feb 1997 19:30:05 +0000 (GMT))
Ben Laurie <ben@algroup.co.uk> writes:
> I wonder if that was the same guy that fed me a pile of interesting documents
> which seemed to say that export is no problem so long as the technology was
> publicly available.
Technology publically available? As long as you're not using
non-publically available algorithms, such as say Red Pike (for which
you'd have to enter into non-disclosure and secrecy agreements
anyway), are you suggesting that you can export any crypto software?
No DTI license required? Mike Cobb seemed to be suggesting that this
was tied to making it available on the internet, and that public
domain status of algorithms (different to publically available)
helped.
> Making the product available to all comers also seems to make export
> OK (and it doesn't have to be free either).
As in available on the internet? Or as in no restrictions on who you
give/sell it to?
> I did all this to try to get a license for Apache-SSL, but dropped
> it, in the end, when Oxford University agreed to host it (so export
> was no longer my problem).
> Of course, the joke is, you can only get a license if it shouldn't
> be exported. - in which case, natch, they are unlikely to grant it.
I don't understand. (Am I being dim, or did you misphrase that bit?).
>From what you and Mike have said it seems that:
1. There are a set of exemptions which allow you to legally export
without a license, the exemptions as reported by Mike and yourself seem
so far to involve:
a) availability on the internet
b) public domain algorithms
c) public domain source code
d) public algorithms (as opposed non-public, so for example _not_ Red Pike)
e) it is the downloader who exports
2. You suggest that you are in any case subject to a set of
restrictions even if you are able to make use of the exemptions given
in 1. The restrictions being (for benefit of others, from Ben
Laurie's Apache-SSL server source code, file EXPORT.SSL):
: 1. The software will not be used, in whole or in part, in connection
: with the development, production, handling, operation, maintenance,
: storage, detection, identification or dissemination of chemical,
: biological or nuclear weapons or the development, production,
: maintenance or storage of missiles capable of delivering such
: weapons.
:
: 2. The software may not be exported to the following countries:
:
: Algeria, Angola, Argentina, Armenia, Azerbaijan, Belarus, Bosnia,
: Bulgaria, Burma, China (Peoples' Republic of), Croatia, Cuba, Egypt,
: Estonia, Georgia, India, Iran, Iraq, Israel, Kazakhstan, Latvia,
: Liberia, Libya, Lithuania, Macedonia, Moldova, Montenegro, Nigeria,
: North Korea, Pakistan, Russia, Rwanda, Serbia, Slovenia, Somalia,
: South Korea, Sudan, Syria, Taiwan, Tajikistan, Turkmenistan,
: Ukraine, Uzbekhistan, Vietnam, Zaire.
3. If you obtain an export license you can export according to the
terms of the license you obtain. This may include exporting to the
countries listed (or one presumes for the uses listed).
4. If you try but fail to obtain a license you are back to the
exemptions and normal restrictions as givein in 1 and 2.
Is that an accurate summary?
The criteria for exemption from needing a license are unclear to me.
> I'd love to see their response, BTW.
I'd also be interested to have the export situation clarified.
Perhaps seeing their response would clarify some of the above
questions. Any possibility of scanning it all in and putting it on
the web?
Adam
--
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
