Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:49 ADT
Mike Rosing (eresrch@msn.fullfeed.com)
Wed, 22 Jul 1998 09:12:51 -0500 (CDT)
On Tue, 21 Jul 1998, Steve Salkin wrote:
> First of all, I want to know if this is legal for me to do at all. If I
> leave the country
> and write the code there, does that free me from all the legal problems that
> I would have if I wrote it here and emailed it?
No. You transfering information and teaching them technology. That falls
under the E classification of the BXA regs. If you want to keep US
citizenship, you had better fill out the forms.
that's the legal aspects, it doesn't mean you can't do the work over
there, it just means you have to tell somebody in the US Commerce
department what you are planning on doing. Then you have to wait for
them to OK it.
> Secondly, my understanding from someplace is that if the cryptographic system
> is used only for authentication (encrypting the authentication stream etc.)
> and not
> as a general purpose communication system, then the export restrictions do
> not apply.
> Can anyone correct this, expand this, or otherwise throw some more light on
> it?
That is correct. If the data is sent in the clear and the crypto is only
used to verify, then that's explicitly exempt.
> And finally, they have a product which is close to completion. If they
> email it to me,
> I work on it, and email back my changes (either the modified code or just
> the alterations)
> does that count as exporting it? It's not as if they will send me a system
> with no
> crypto and I will add it all. I would just be fixing, extending, modifying,
> etc. Would
> export restrictions apply to source patch files?
That's called "re-export". Are you adding technological improvements?
If so, you'll need to fill out forms (if it isn't exempt). What they're
trying to prevent is a direct technology transfer without their control.
> Sorry this is so long. I hate dealing with this kind of nonsense, and now
> it seems to me
> that I may lose a valuable opportunity to this.
Join the club. The big boys are losing billions. I've lost a really
nice $100k opportunity due to this crap. After digging thru all the god
damn Commerce rules, I finally found that I'd have to go thru the State
department first, and if they said it's ok, then Commerce would say it's
ok. But State would take it to DoD because it might be classified as
"dual use". The net end result is that I'd have to send something like
15 copies of the same damn form and wait 6 to 12 months to find out if I
could do a 3 month project.
I told the customer to go elsewhere, they'd get the job done sooner with
a lot less hassles (and they have crypto *import* rules to deal with!)
the key for your task is to ensure you're exempt. *DOCUMENT* the fact
that you're exempt, that's one of the rules too. If you can show 'em
after the jobs done that you checked the rules and found in 154CFR section
3 par 2 part i that you're exempt, you've fulfilled all their
requirements.
I'm still kind of steamed about it, so if you want some help send me
private e-mail and I'll burn off some energy showing you the pertenet
regs.
Patience, persistence, truth,
Dr. mike
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:20:49 ADT