[11] in cryptography@c2.net mail archive
Crypto regs do ban data security s/w.
daemon@ATHENA.MIT.EDU (Lucky Green)
Wed Jan 1 17:31:05 1997
Date: Tue, 31 Dec 1996 19:05:04 -0800
To: cryptography@c2.net
From: Lucky Green <shamrock@netcom.com>
I erroneously stated in a previous post that the prohibitions against
non-crypto data security software included in the draft did not make it
into the official regs. I would like to thank Ian Goldberg for catching my
mistake.
The new US crypto export regulations do control the export of non-crypto
data security software. In fact, the paragraph is unchanged from the
paragraph in the draft:
c.3. ``Software'' designed or modified to protect against malicious
computer damage, e.g., viruses;
See http://www.epic.org/crypto/export_controls/interim_regs_12_96.html
This certainly controls virus checkers, firewalls, and other security
software. There are substantial penalties involved for violating the EAR.
The US can assess daily penalties and block all exports of a company's
non-violating products. Criminal penalties apply as well.
"Export" as defined in the new regs, includes making software available on
the web or via ftp.
If you have a virus checker or similar software available for ftp inside
the US, you are most likely in violation of the new EAR. I would advise you
to consult an attorney immediately and remove all data security software
from your server.
IANAL,
-- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred
Make your mark in the history of mathematics. Use the spare cycles of
your PC/PPC/UNIX box to help find a new prime.
http://www.mersenne.org/prime.htm
