On Sun, Feb 06, 2000 at 02:47:42PM -0800, H. Peter Anvin wrote:
> Followup to: <20000206124232.H20611@alcove.wittsend.com>
> By author: "Michael H. Warfield" <mhw@wittsend.com>
> In newsgroup: linux.dev.kernel
> > As of January 14, the US export restrictions on cryptopgraphy
> > were relaxed (outside of one minor reporting irritation which does NOT
> > affect Open Source Software - only commercial software). We are in a 120
> > day "comment period" but the changes in the regulations themselves are in
> > effect, NOW. The regulations on Open Source Software SOURCES was almost
> > totally relaxed with no real restrictions on download sites and no reporting
> > requirements (please note emphasis on SOURCES - binaries are still
> > restricted somewhat). The policy at kernel.org has now changed to
> > allow cryptography and they are in the process of making crypto available
> > from their sites and mirrors. One gotcha was the loss of one or more
> > mirror sites that reside in the T-7 countries (7 countries listed as
> > restricted due to Terrorist activities) because the kernel.org gang do
> > want to include some binaries on the sites. I know we lost at least one.
> Actually, we're changing policy on Feb 15. Our lawyer adviced us to
> give some space between filing the paperwork and letting it take
> effect.
Hmmm... You're lucky. You have that option. Because one of the
changes to the regs to "reduce" the complexity eliminated a reporting
exemption, we've had to change our reporting proceedures for crypto exports
at Internet Security Systems. That had to be done immediately, since the
regs took effect immediately upon publication. So we had a chinese
firedrill to try and get our reporting proceedures and record keeping
in line with the new regs. That was the one spot that "inadvertantly"
got worse. :-(
> The biggest issue in the new U.S. regulations is the "foreign
> government" provision. I intend to file a comment recommending that
> this provision be removed, since it is inherently unworkable. This
> provision prohibits someone in the U.S. from "knowingly" export to a
> foreign government end-user (*any* foreign government, not just T-7.)
> This is of course idiotic, since it just takes someone *else* in that
> country downloading the stuff and giving to their government -- or the
> government getting an ISP account making them look like someone else.
> Whomever does that would be breaking U.S. law, but that's meaningless
> since they're outside U.S. jurisdiction.
I saw that... Things like checking for .mil and .gov client sites.
How BOGUS! Still, only applies to binaries and not to open source software
SOURCES but that's little solace since Linus said that you planned to
include some binaries on the site.
> [N.B.: I'm not a lawyer. Thanks God.]
Amen!
> -hpa
> --
> <hpa@transmeta.com> at work, <hpa@zytor.com> in private!
> "Unix gives you enough rope to shoot yourself in the foot."
Mike
-- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Feb 07 2000 - 21:00:14 EST