Lifting Some Restrictions on Encryption Exports

Allen netsecurity at sound-by-design.com
Sat Dec 6 06:51:24 EST 2008


Hi gang,

Actually that notice is out of date. There is a new one dated 
October 3, 2008 (73 FR 57495) and it can be seen at:

http://www.bis.doc.gov/encryption/default.htm

The part of this that is of particular interest is the following:

> § 740.17(b)(2) ENC “Restricted”
> Review required with 30 day wait
> 
>     * Applies to 5A002, 5B002, and 5D002
> 
>     * Products authorized under (b)(2) include:
>           o network infrastructure products
>           o source code that is not “publicly available”
>           o certain specialized commodities and software

So open source bypasses the requirement for export control on 
cryptography, which is classified as 5D002.

You also might want to consult:

http://www.access.gpo.gov/bis/ear/pdf/ccl5-pt2.pdf

which goes into some details, especially on page 5, second 
column, were reference is made to:

> Note: Encryption software is controlled
> because of its functional capacity, and not
> because of any informational value of such
> software; such software is not accorded the same
> treatment under the EAR as other “software”; and
> for export licensing purposes, encryption software
> is treated under the EAR in the same manner as a
> commodity included in ECCN 5A002. 
>
> Note: Encryption software controlled for “EI”
> reasons under this entry remains subject to the
> EAR even when made publicly available in
> accordance with part 734 of the EAR. See
> §740.13(e) of the EAR for information on
> releasing certain source code (and corresponding
> object code) which would be considered publicly
> available from “EI” controls.

Allen

Ali, Saqib wrote:
> Does anyone have more info on the following:
> http://snurl.com/75m3f
> 
> I couldn't find any other article that talked about it. The pay per
> news is the only item I found.
> 
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
> 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list