Question on export issues
Ivan Krstić
krstic at solarsail.hcs.harvard.edu
Sun Dec 30 18:48:13 EST 2007
On Dec 30, 2007, at 12:06 AM, dan at geer.org wrote:
> never be permitted to export to the embargoed country
> list (Cuba, Iran, Sudan, Syria, North Korea, and Libya).
Not Libya. See 15 C.F.R §740Spir[0], country group E: Cuba, Iran,
North Korea, Sudan, Syria.
Interestingly, 15 C.F.R. §746.8[1] also lists Rwanda: "an embargo
applies to the sale or supply to Rwanda of arms and related matériel
of all types and regardless of origin, including weapons and
ammunition." I am not a lawyer, and cannot tell whether this applies
to encryption.
We've recently had to jump through the BIS crypto export hoops at
OLPC. Our systems both ship with crypto built-in and, due to their
Fedora underpinnings, allow end-user installation of various crypto
libraries -- all open-source -- through our servers. It was a
nightmare; the regulations and paperwork appear to be designed for the
use case of individual applications that utilize a handful of
primitives and attempt to keep the user from examining or modifying
the utilized crypto. Trying to fit a Linux distribution into this
model proved, er, challenging. (We also found that projects that we
expected would know the drill cold, such as Fedora and Mozilla, were
actually not very familiar with the processes involved.)
Cheers,
Ivan.
[0] http://www.access.gpo.gov/bis/ear/pdf/740spir.pdf
[1] http://www.access.gpo.gov/bis/ear/pdf/746.pdf
--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list