Hi,
IANAL, but I'm pretty sure there is no requirement for requesting any
permit for exporting OpenPGP.js. Debian is registered as some kind of
non-profit organization in the US. What exactly makes OpenPGP.js
American? American export laws only apply to Americans. Either way:
Zimmermann was freed from similar charges: "After a report from RSA Data
Security, Inc., who were in a licensing dispute with regard to use of
the RSA algorithm in PGP, the United States Customs Service started a
criminal investigation of Zimmermann, for allegedly violating the Arms
Export Control Act.[3] The United States Government had long regarded
cryptographic software as a munition, and thus subject to arms
trafficking export controls. At that time, the boundary between what
cryptography was permitted ("low-strength") and impermissible
("high-strength") for export from the United States was placed such that
PGP well on the too-strong-to-export side of the boundary. The boundary
for legal export has since been raised and now allows PGP to be
exported. The investigation lasted three years, but was finally dropped
without filing charges." -
http://en.wikipedia.org/wiki/Phil_Zimmermann#Criminal_investigation
6. In ยง742.15, the licensing policy section for exports and reexports of
encryption items is changed as follows:
a. Review and classification are required by BXA before certain
encryption items can be released from "EI" and "NS" controls under ECCNs
5A992, 5D992 and 5E992. These items include: 64-bit mass market
encryption commodities and software; certain encryption items up to and
including 56-bits; and asymmetric key exchange algorithms not exceeding
512 bits or an elliptic curve at 112 bits. *Encryption items under these
ECCNs do not require a license or license exception and may be exported
and reexported as "NLR" (No License Required).*
"Legal challenges by Peter Junger and other civil libertarians and
privacy advocates, the widespread availability of encryption software
outside the U.S., and the perception by many companies that adverse
publicity about weak encryption was limiting their sales and the growth
of e-commerce, led to a series of relaxations in US export controls,
culminating in 1996 in President Bill Clinton signing the Executive
order 13026[7] transferring the commercial encryption from the Munition
List to the Commerce Control List. Furthermore, the order stated that,
"the software shall not be considered or treated as 'technology'" in the
sense of Export Administration Regulations. This order permitted the
United States Department of Commerce to implement rules that greatly
simplified the export of commercial and open source software containing
cryptography, which they did in 2000." -
http://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States#PC_era
On 10/29/2013 08:18 AM, [email protected] wrote:
>
> Contributors based in the United States are required by US law to
> notify the Bureau of Export Administration when making open-source
> encryption code available publicly. This may also applly for projects
> hosted in the US.
>
> See this Debian notification for an
> example: http://www.debian.org/legal/notificationforarchive.en.html
>
> /Has this been done for openpgpjs yet?/ If not, should this task be
> added to the list?
>
> (More information available from EPIC
> here: http://epic.org/crypto/export_controls/regs_1_00.html )
>
>
>
> _______________________________________________
>
> http://openpgpjs.org
> Subscribe/unsubscribe: http://list.openpgpjs.org
_______________________________________________
http://openpgpjs.org
Subscribe/unsubscribe: http://list.openpgpjs.org
