Re: Export Strong Crypto (was: reference)

Anonymous (nobody@replay.com)
Sat, 21 Mar 1998 08:25:11 +0100 (MET)

• Next message: Ben Laurie: "Re: Export Strong Crypto (was: reference)"
• Previous message: James A. Donald: "Re: Export Strong Crypto (was: reference)"
• In reply to: Stephen Zander: "Re: Export Strong Crypto (was: reference)"
• Next in thread: Ben Laurie: "Re: Export Strong Crypto (was: reference)"
• Reply: Ben Laurie: "Re: Export Strong Crypto (was: reference)"
• Reply: James A. Donald: "Re: Export Strong Crypto (was: reference)"

>From the CFRs, part 734.2(b):

    (9) Export of encryption source code and object code software. (i)
For purposes of the EAR, the export of encryption source code and object
code software means:
    (A) An actual shipment, transfer, or transmission out of the United
States (see also paragraph (b)(9)(ii) of this section); or
    (B) A transfer of such software in the United States to an embassy
or affiliate of a foreign country.
    (ii) The export of encryption source code and object code software
controlled for EI reasons under ECCN 5D002 on the Commerce Control List
(see Supplement No. 1 to part 774 of the EAR) includes downloading, or
causing the downloading of, such software to locations (including
electronic bulletin boards, Internet file transfer protocol, and World
Wide Web sites) outside the U.S., or making such software available for
transfer outside the United States, over wire, cable, radio,
electromagnetic, photooptical, photoelectric or other comparable
communications facilities accessible to persons outside the United
States, including transfers from electronic bulletin boards, Internet
file transfer protocol and World Wide Web sites, unless the person
making the software available takes precautions adequate to prevent
unauthorized transfer of such code outside the United States. Such
precautions shall include:
    (A) Ensuring that the facility from which the software is available
controls the access to and transfers of such software through such
measures as:
    (1) The access control system, either through automated means or
human intervention, checks the address of every system requesting or
receiving a transfer and verifies that such systems are located within
the United States;
    (2) The access control system, provides every requesting or
receiving party with notice that the transfer includes or would include
cryptographic software subject to export controls under the Export
Administration Act, and that anyone receiving such a transfer cannot
export the software without a license; and
    (3) Every party requesting or receiving a transfer of such software
must acknowledge affirmatively that he or she understands that the
cryptographic software is subject to export controls under the Export
Administration Act and that anyone receiving the transfer cannot export
the software without a license; or
    (B) Taking other precautions, approved in writing by the Bureau of
Export Administration, to prevent transfer of such software outside the
U.S. without a license.

• Next message: Ben Laurie: "Re: Export Strong Crypto (was: reference)"
• Previous message: James A. Donald: "Re: Export Strong Crypto (was: reference)"
• In reply to: Stephen Zander: "Re: Export Strong Crypto (was: reference)"
• Next in thread: Ben Laurie: "Re: Export Strong Crypto (was: reference)"
• Reply: Ben Laurie: "Re: Export Strong Crypto (was: reference)"
• Reply: James A. Donald: "Re: Export Strong Crypto (was: reference)"