[112149] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: Question on export issues

daemon@ATHENA.MIT.EDU (=?UTF-8?Q?Ivan_Krsti=C4=87?=)
Wed Jan 2 11:37:43 2008

Cc: cryptography@metzdowd.com
From: =?UTF-8?Q?Ivan_Krsti=C4=87?= <krstic@solarsail.hcs.harvard.edu>
To: Sidney Markowitz <sidney@sidney.com>
In-Reply-To: <477951F4.4070609@sidney.com>
Date: Mon, 31 Dec 2007 17:46:44 -0500

On Dec 31, 2007, at 3:32 PM, Sidney Markowitz wrote:
> I find that very strange considering this from a BIS FAQ
> What hoops did you have to jump through?


Here's one relevant excerpt from an internal e-mail exchange, as =20
written up by a colleague:

"1) Encryption is a dual-use technology under the Wassenaar Agreement.
This means that it is illegal to export products containing
cryptographic technology without first satisfying the requirements of
the EAR (the export regulations).

2) There are several ways to satisfy the requirements of the EAR. Of
particular interest are the "Technologies and Software - Unrestricted"
(TSU) licensing exception, the "Encryption commodities and software"
(ENC) licensing exception, and the "mass market encryption" designation.

3) Our software contains both "Open Cryptographic Interfaces" and is
designed to be cryptographically extended by the end user. These two
features prohibit us from qualifying for either the 'ENC' licensing
exception or the mass-market encryption "No License Required" (NLR)
designation.

4) Essentially all open source projects use the TSU licensing exception.

5) Essentially none of them publish the details of their experience of
the process of satisfying the export control requirements.

6) I have not been able to locate any example responses to the
Encryption Questionnaire against which I can judge what level of detail
is required and how the 'third party components' question (no. 8) was
answered."

We encountered other hassles. I intend to ask our legal intern, who =20
did a phenomenal job rounding this all up, to write up the process in =20=

some detail.

Cheers,

--
Ivan Krsti=C4=87 <krstic@solarsail.hcs.harvard.edu> | http://radian.org

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post