Date: Tue, 25 Jul 1995 22:58:54 -0700 (PDT) From: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com> To: sef@kithrup.com (Sean Eric Fagan) Cc: security@freebsd.org, mark@grondar.za, pst@stupi.se Subject: Re: secure/ changes... Message-ID: <199507260558.WAA24037@gndrsh.aac.dev.com> In-Reply-To: <199507260318.UAA20861@kithrup.com> from "Sean Eric Fagan" at Jul 25, 95 08:18:06 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > In article <199507260200.TAA23061.kithrup.freebsd.security@gndrsh.aac.dev.com> you write: > You're a bright guy, Rod, and it's hard for me to say this, but: almost > everything in your message was WRONG. > > >PGP is a one way hash function, it is not encryption software, thus it > >does not fall on the munitions lists, thus it is not restricted. > > PGP is encryption software. It uses RSA. It is a munition. This is why > Zimmerman is currently facing a possible Grand Jury indictment, for ITAR > violations -- exporting munitions. :-( > Perhaps you're thinking of MD5, which is a checksum function, and cannot be > used to `decrypt.' (PGP does use MD5, admittedly.) Yes, your right, I was thinking of MD5. > >DES is encryption software, it is on the munitions lists, munitions export > >AND import is regulated by the US federal government, both the State > >Department, and the Bureau of Alcohol, Tobacco and Firearmgs (ATF) have > >regulations controlling imports to the US of any and all ``munitions''. > > The first line is correct. The first part of the second line is incorrect. No, it is NOT wrong. import is regulated, period, ALL imports are regulated, they must pass through US customs. Many things are not restricted for import, but non the less, importing is a regulated operation, period. I may be wrong that munitions are restricted from import, but I am not wrong that they are regulated. > You can import as much encryption software as you want, *PROVIDED* it wasn't > illegal exported. (I don't understand why that is the case.) > > I verified this today with someone who makes his living working on > encryption software, and I promise you: he's dealt with all of the > regulations and paperwork before, and has even *gotten* the correct > paperwork to export certain items. He is A) not a lawyer, B) not a AFT representive and C) not a State Department representitive. His ``interpretation'' of the law, though probably carrying more weith than mine, is not a statement of fact, it is one of his opinion. He may have done export, but has he looked at the import issue, it probably takes just as much paper work :-(. Also you have to look at the applicable laws from where the goods originate, even if US law does not restrict the import of DES, the laws of many other contries forbid it's export. > >Various import and export paper work from UPS, Federal Express, and DLH > >all state that ``firearms'' and or ``munitions'' are regulated for import > >and export and require special paper work. Generally this reads: > >``We accept shipments of firearms when either the shipper or recipient > >is a lincensed manufacturer, licensed importer, licensed dealer or licensed > >collector who is not prohibited from such shipments by federal, state or > >local regulations.'' > > UPS, Federal Express, and DLH are not the federal government. In addition, > "firearms" are a subset of "munitions," and what all the couriers (and the > post office) mean by "munitions" are the hardware kind, not software of any > sort. No, that is why they add that final all cover sentence, they are protecting theselves with ``who is not prohibited from such shipments by federal, state or local regulations.'' I am prohibited by Federal law from exporting DES, so UPS/FedEX and all the others have covered there ass with the above. > >I do not have a direct reference to the State Department munitions list, > >or the applicable ATF regulations, but I do assure you they exists, and > >they are inforced (reference, Austin Code Works was indited in 1994 by > >the US State Department for shipping DES software out of the US on CDROM). > > I don't think anyone has denied that it is illegal to export DES source > code. (It is legal to export binary software that uses DES in certain > circumstances.) Agreed. > It is not illegal to import DES. Or PGP. Or any other software that does > encryption (given the caveat above). I disagree. > It is not illegal or forbidden to ship encryption software domesticly, via > the US Postal Service, or any of the couriers. If I understand things > correctly, Canada and Mexico may also be allowed, but I'm not sure. I didn't even mention domestic, I was quoteing chapter and verse from the internation shippers guide of Fed Ex. My UPS internation guide has very similiar statements in it. Canada and Mexico still go through customs, so though it may be allowed, it will be regulated. > I verified all of this today with someone who's had to deal with the > regulations. Have you? See above. And no, but I do deal with US customs paper work on a weekly basis, just ask a few of my international customers. And if you want to make a real point, go get the AFT and State department's import/export stuff, and talk with _THEM_ about imports. Not some one who has done DES exporting, I know that can be done, it just takes paper work (on a per copy basis, I know all about it, been there done that, is what _NO_ one has done is go try to find out exactly what paper work customs want to allow the stuff accross the boarder if you clearly point them at the fact this stuff _is_ on the munitions list). You might just be in for a very big suprize, or I might be all wet. But I am not willing to risk Grand Jury indictment on this here say information. -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Reliable computers for FreeBSD
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199507260558.WAA24037>