[Cryptography] proposed ITAR changes
ianG
iang at iang.org
Thu Jun 11 20:40:28 EDT 2015
(second of two that Peter wanted forward, words his)
Second issue, proposed US ITAR changes. New regs, for comment, not yet
in law or in force.
http://www.washingtonexaminer.com/nra-gun-blogs-videos-web-forums-threatened-by-new-obama-regulation/article/2565762
www.gpo.gov/fdsys/pkg/FR-2015-06-03/pdf/2015-12844.pdf
Actually, it says, for the first time explicitly, that publishing widely
on the internet would be enough to put data into the public domain.
Sounds good?
However, there is a great big kicker: posting technical data for the
first time would be an export, and you wouldn't be allowed to do it
without prior authorization [17].
Reposting already-posted technical data is also making it available, and
you wouldn't be allowed to do that unless the initial posting was
authorised.
Neither would you be allowed to sell a book or magazine or periodical,
even within the US, unless it had been made available with an
authorisation [23].
So, in the US people wouldn't be allowed to make technical data
available even by publishing technical data in book form without prior
authorisation. Phil Zimmerman's trick, publishing the source to PGP in
printed form to put it in the public domain, would no longer work.
In fact, you wouldn't be able to send 100-year-old science textbooks
overseas unless you knew that they have been authorised. Nor could you
sell them in the US if/once you had been reliably informed that they had
not been authorised.
Talk about wildly overinclusive laws ..
There is also some trickery about redefining software as an item, rather
than as data; one effect of which is to put software which is the result
of fundamental research into the control regime.
Of course, as "fundamental research" only means research done in the US
by US centers of learning, or US Government funded ..
I get confused, but it would seem to me that eg if there is a crypto
conference in the US with published proceedings, the publishers would
need export permission for the work of foreign authors, but not the work
of most US authors.
[17] To get pernickity: data which has been made publicly available,
including by widespread posting, would be exempt.
However, data which hadn't been made available with proper authorisation
would not be exempt.
If you saw some posted data or data in a book, and you didn't actually
know that it hadn't been released with proper authorisation, you
couldn't be prosecuted for reposting it, or selling the books it was in.
Though you could be prevented from doing it again, if someone told you
its initial release has not been authorised.
[123]
§ 127.1
Violations.
(a) * * *
(6) To export, reexport, retransfer, or otherwise make available to the
public technical data or software if such person has knowledge that the
technical data or software was made publicly available without an
authorization described in § 120.11(b) of this subchapter.
-- Peter Fairbrother
More information about the cryptography
mailing list