********
>Date: Tue, 18 Jan 2000 10:01:49 -0500
>From: "JIM LEWIS" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
>Cc: "EUGENE COTTILLI" <[EMAIL PROTECTED]>
>Subject: Re: FC: Is this man a crypto-criminal? The Feds won't say...
>
>Declan: This point is worth clarifying. The new regs remove restrictions
>from the posting of publicly available encryption source code for
>downloading. The regs say:
>
>a) If you post encryption source code to a site on the net and anyone can
>access it, you do not need to have it reviewed by BXA or obtain a license.
>
>b) Simply posting this "publicly available" encryption source code does
>not count as an export and does not trigger all the terrorist sanctions
>and other requirements created by various Federal sanctions laws.
>
>(what this means is that if you post some code and Saddam Hussein
>downloads it, you are not liable. If Saddam calls you up and asks you to
>e-mail him the code, and you send the e-mail without applying for and
>receiving a license, you are liable).
>
>c) You do need to send BXA an E-mail with the internet location of the
>posted source code and you are prohibited from sending (as opposed to
>posting) the encryption source code to a terrorist country or an
>individual on one of our denial lists.
>
>d) if a foreign person makes a new product with the source code you've
>posted, there are no review or licensing requirements for that foreign
>product. If they pay you a royalty or licensing fee for a product they've
>developed for commercial sale, however, you may have to report some
>information to BXA.
>
>It appears that the only requirement for Mr. Young is to notify us of the
>location of the source code (http://jya.com/crypto.htm).
>
>I've attached the relevant section of the regs (from Page 2497 of the
>Federal Register) below. The entire reg (including the sections on
>commercial source code and reporting) can be found at http://www.bxa.doc.gov/
>
>ŻBegin reg
>text---------------------------------------------------------------------------------------------------------------------------------------------------
>(e) Unrestricted encryption source code.
>
> (1) Encryption source code controlled under 5D002, which
> would be considered publicly available under §734.3(b)(3) and which is
> not subject to an express agreement for the payment of a licensing fee or
> royalty for commercial production or sale of any product developed with
> the source code, is released from "EI" controls and may be exported or
> reexported without review under License Exception TSU, provided you have
> submitted written notification to BXA of the Internet location (e.g. URL
> or Internet address) or a copy of the source code by the time of
> export. Submit the notification to BXA and send a copy to ENC Encryption
> Request Coordinator (see §740.17(g)(5) for mailing
> addresses). Intellectual property protection (e.g., copyright, patent or
> trademark) will not, by itself, be construed as an express agreement for
> the payment of a licensing fee or royalty for commercial production or
> sale of any product developed using the source code.
>
> (2) You may not knowingly export or reexport source code
> or products developed with this source code to Cuba, Iran, Iraq, Libya,
> North Korea, Sudan or Syria.
>
> (3) Posting of the source code on the Internet (e.g., FTP
> or World Wide Web site) where the source code may be downloaded by
> anyone would not establish "knowledge" of a prohibited export or
> reexport, including that described in paragraph (e)(2) of this
> section. In addition, such posting would not trigger "red flags"
> necessitating the affirmative duty to inquire under the "Know Your
> Customer" guidance provided in Supplement No. 3 to Part 732.
>
>ŻEnd Reg
>text----------------------------------------------------------------------------------------------------------------------------------------------------
>
> >>> Declan McCullagh <[EMAIL PROTECTED]> 01/15/00 10:02AM >>>
>*********
>
>http://www.wired.com/news/politics/0,1283,33672,00.html
>
> Is This Man a Crypto Criminal?
> by Declan McCullagh ([EMAIL PROTECTED])
>
> 3:00 a.m. 15.Jan.2000 PST
> Crypto maven John Young has a problem.
>
> He may be a felon, guilty of a federal
> crime punishable by years in prison. Or he
> may not be. He'd just like to know one
> way or another.
--------------------------------------------------------------------------
POLITECH -- the moderated mailing list of politics and technology
To subscribe: send a message to [EMAIL PROTECTED] with this text:
subscribe politech
More information is at http://www.well.com/~declan/politech/
--------------------------------------------------------------------------