[3796] in cryptography@c2.net mail archive
Re: Text of Wassenaar regulations, with comments
daemon@ATHENA.MIT.EDU (Arnold G. Reinhold)
Sun Dec 13 19:21:50 1998
In-Reply-To: <v04020a17b295d8ee311a@[139.167.130.248]>
Date: Fri, 11 Dec 1998 04:57:47 -0500
To: Robert Hettinga <rah@shipwright.com>, dcsb@ai.mit.edu
From: "Arnold G. Reinhold" <reinhold@world.std.com>
Cc: cypherpunks@cyberpass.net, cryptography@c2.net
At 3:00 PM -0500 12/10/98, Robert Hettinga wrote:
>--- begin forwarded text
>
>
>Date: Thu, 10 Dec 1998 20:26:04 +0100
>From: Anonymous <nobody@replay.com>
>Comments: This message did not originate from the Sender address above.
> It was remailed automatically by anonymizing remailer software.
> Please report problems or inappropriate use to the
> remailer administrator at <abuse@replay.com>.
>Subject: Text of Wassenaar regulations, with comments
>To: cypherpunks@cyberpass.net, cryptography@c2.net
>Sender: owner-cypherpunks@cyberpass.net
>Precedence: first-class
>Reply-To: Anonymous <nobody@replay.com>
>X-Loop: cypherpunks@cyberpass.net
>
>> Web version:
>> http://www.fitug.de/news/wa/
>>
>> Word- or RTF-version:
>> http://www.wassenaar.org/List/
>
>Here are the contents of Category 5, Part 2, of the Wassenaar list,
>which controls information security. It has been converted to text,
>somewhat clumsily, so pay attention to the use of numbers and letters
>to depict the outline format. Some comments are included.
>
>The summary is that there are no exemptions for public domain or
>mass market products; PGP and similar software would not be legal for
>export under these rules. The exemptions are narrowly drawn and could
>not reasonably be used to allow for exporting cryptographic software.
>It is a very restrictive set of rules. One possible loophole is the
>question of what constitutes export, and whether it includes transmission
>of information.
>
The above comment seems to be seriously misleading. The exemption for
public domain software is contained quite clearly in Wassenaar's "General
Software Note," reproduced below. Also the General Technology Note says:
>Controls do not apply to "technology" "in the public domain", to "basic
>scientific research" or to the minimum necessary information for patent
>applications.
I am not a lawyer and different administrations could issue more
restrictive rules (as the US does), but the new Wassenaar regulations
themselves do not seem to affect free distribution of programs like PGP and
Linux as long as they qualify as "public domain" as Wassenaar defines it.
I think this is a big boost for the open software movement. Large
organizations have been reluctant to trust critical systems to open
software. If open sofware is the only way to achive stong security
world-wide, that reluctance may be overcome.
There is a very strong case that open software development is vital to
future US software leadership. Perhaps it time to demand that the US
harmonize its export regulation to Wassenaar and permit export of public
domain crypto, lest the center of gravity for open software development
shift further overseas.
Arnold Reinhold
Got crypto? http://ciphersaber.gurus.com
>
> GENERAL SOFTWARE NOTE
>
>
>
>The Lists do not control "software" which is either:
>
> 1. Generally available to the public by being:
>
> a. Sold from stock at retail selling points without
>restriction, by means of:
>
> 1. Over-the-counter transactions;
>
> 2. Mail order transactions; or
>
> 3. Telephone call transactions; and
>
> b. Designed for installation by the user without further
>substantial support by the supplier; or
>
> N.B. Entry 1 of the General Software Note does not
>release "software" controlled by Category 5 - Part 2.
>
> 2. "In the public domain".
