Ok. The government of the USA classifies encryption code as a munition, ie a tool of war; presumably because it is in fact used during wars to stop the enemy from recieving messages intended for your own side. Ok. So, there is also this law about not exporting munitions from the USA. Also a USA-specific law. What this means is that the US government can come down _hard_ on anyone making encryption software (or hardware) available to non-US citizens. Since, if you put, say, a copy of PGP on a ftp server in the US, you cannot (easily) verify that the person(s) downloading it are US citizens without violating a federal law, all encryption-related software must be distributed from sources outside the US. Importing encryption software into the US is not an issue.
Note that the actual law states that no encryption stronger than 40 bits may be exported- 40 bits or lower is ok to export. This makes it very hard to get copies of, say, pgp (1024+ bits == not ok to export) - which was written in the US - outside the US border legally. Very hard, but not impossible- the law in question does not prohibit written or printed copies. So, a printed copy of PGP was shipped outside the country, where it was scanned, OCR'd and proofred for errors. At which point it was distributed on a global scale, from outside the US, legally- since the country it was being distributed from didn't have any ack-basswords laws about exporting strong encryption products. Yes, you are correct. The law(s) are pointless. Lobby your local representative. On Fri, Jun 26, 1998 at 01:16:43AM -0400, [EMAIL PROTECTED] wrote: > Ok, so the gov't thinks strong encryption is munitions so you can't export it. > Why have non-us.debian.org: You can't import it either? Or you just can't use > it at all in the US? > > .....Not like making _rules_ about import and export can actually stop what > people do with source available on the net?..... Surely if you are a criminial > of the sort that the govt is so intent on stopping, then you would have no > problem with using illegally electronically exported/imported encryption > code? > > Any good sites explaining the matter? > Thanks, > Timothy > ---------------------------------- > E-Mail: [EMAIL PROTECTED] > Date: 26-Jun-98 > Time: 01:12:04 > > This message was sent by XFMail. > Powered by GNU/Linux 2.0. > ---------------------------------- > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- ______________________________________________________________ | ian eure, network admin, freelance security consultant, and | | manically depressed paranoid schizophrenic, at your service. | ; <[EMAIL PROTECTED]> - http://minion.org ; : raw speed = 105.6 wpm with 4.5% errors : . . . . . . . . . . . . . . . . . . . . . . -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]