Original URL: 
http://www.theregister.co.uk/2005/11/25/symantec_l0phtcrack_export_controver
sy/
Symantec refuses to sell audit tool outside the US
By John Leyden
Published Friday 25th November 2005 12:12 GMT

Exclusive Symantec has stopped selling a password auditing tool to customers
outside the US and Canada, citing US Government export regulations.

A Reg reader who works for a large UK supermarket was this month unable to
buy a copy of LC 5, a tool developed by @stake prior to its recent
acquisition by Symantec. LC 5 is the commercial version of a password
auditing / breaking tool better known as L0phtCrack.

"A month ago I could have bought it from the @stake web site, that website
has gone and the product has not appeared on the Symantec web site. I
inquired if I could purchase the product, only to be told that it will only
be sold to US and Canadian customers," our correspondent informs us. "I
guess I'll just have to go back to using John the Ripper."

Symantec's restrictions recall the dark days of the crypto wars when users
outside the US were not entitled to buy products featuring strong ciphers.
These rules, relaxed by the Clinton administration and following a long
running campaign by cryptography experts and net activists, are once again
rearing their head. Symantec's response to our reader (below) suggests the
policy was imposed on it by the US government.

    Unfortunately, due to strict US Government export regulations Symantec
is only able to fulfill new LC5 orders or offer technical support directly
with end-users located in the United States and commercial entities in
Canada, provided all screening is successful.

    Commodities, technology or software is subject to U.S. Dept. of
Commerce, Bureau of Industry and Security control if exported or
electronically transferred outside of the USA. Commodities, technology or
software are controlled under ECCN 5A002.c.1, cryptanalytic.

    You can also access further information on our web site at the following
address: 
http://www.symantec.com/region/reg_eu/techsupp/enterprise/index.html

Beyond confirming that "the statement you have received from your reader is
correct", Symantec declined to field questions on the rationale for its
policy and whether it applies to other products. Any US government policy to
impose export regulations on security technologies would be futile since, to
cite only one reason, many security firms are based outside the US and
therefore unaffected by such regulations. ®



You are a subscribed member of the infowarrior list. Visit
www.infowarrior.org for list information or to unsubscribe. This message
may be redistributed freely in its entirety. Any and all copyrights
appearing in list messages are maintained by their respective owners.

Reply via email to