On May 2, 2011, at 7:16 PM, Scott Ehrlich wrote: > > In light of all this, where does responsibility lie if someone in the > US encrypts data in a manner that prohibits export, places said data > into the cloud, and any of the bits land on a server in a country on > the prohibited list? How does this get handled/managed/addressed?
US export regulations do not prohibit the export of encrypted data. They prohibit the export of strong crypto. That is: live, functioning code. It is unlikely that a company operating in the US is going to have data centers in nations on the US enemies list. At the least, those nations tend not to be conducive towards long-term stability. Beyond that, service providers have safe harbor protections as long as they operate and provide their services in good faith. Any liability is yours alone. --Rich P. _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss