 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / Security / October 2003encryption
Do the US restrictions on good encryption refer only to electronic communications, or do they also refer to how you encrypt your files for your own use. Would they apply for example if someone visited the country with their files encrypted on a lap top? Do they apply only to electronic communication, or to CD's shipped my mail as well? -- Canadian Mind Products, Roedy Green. Coaching, problem solving, economical contract programming. See http://mindprod.com/jgloss/jgloss.html for The Java Glossary. The law prosecute actions, not consequences. Someone is going on electric chair because he killed a man, not because that man died. The same way export restrictions apply on inscription tools and technology, and not consequences (encrypted data). So if you decide to go to a Taliban-controlled area of Afganistan (I would NOT suggest :-) , you are legally OK to take any encrypted data you like. But it's not OK to bring with you any software to decode this data or to produce another encoded data. > Do the US restrictions on good encryption refer only to electronic > communications, or do they also refer to how you encrypt your files [quoted text clipped - 6 lines] > Coaching, problem solving, economical contract programming. > See http://mindprod.com/jgloss/jgloss.html for The Java Glossary. >But it's not OK to bring with you any software to decode this data or to >produce another encoded data. But if a Canadian, e.g. me, creates the tool, is it illegal for an American to carry that tool around the globe? It is legal to send messages inside or in/out of the USA? Just what is illegal, the exportation of supposedly unique American knowledge about encryption, or using tools that would foil American government snoops? What is the intent of the law? -- Canadian Mind Products, Roedy Green. Coaching, problem solving, economical contract programming. See http://mindprod.com/jgloss/jgloss.html for The Java Glossary. > Do the US restrictions on good encryption refer only to electronic > communications, or do they also refer to how you encrypt your files > for your own use. Would they apply for example if someone visited the > country with their files encrypted on a lap top? Do they apply only > to electronic communication, or to CD's shipped my mail as well? There's an exemption for software you take with you for personal use; if nothing else, most laptops have a 128-bit SSL implementation in a browser. The regulations apply to all exports, although they apply different rules to different media. E.g. AFAIK, nothing in book form is restricted. You seem like the kind of person who could just wade through the regs yourself, starting at http://www.bxa.doc.gov/Encryption/Default.htm. But don't expect to get your answers in one sitting. For a definitive answer, there are lawyers with expertise in this area. --Mike Amling > You seem like the kind of person who could just wade through the regs >yourself, starting at http://www.bxa.doc.gov/Encryption/Default.htm. But >don't expect to get your answers in one sitting. > For a definitive answer, there are lawyers with expertise in this area. The question I am getting at is, would I get in trouble if I invented a one-time pad XOR scheme for both sending secret messages and encrypting personal files that used random FM noise to create the keys. I am a Canadian and live in Canada. The people most likely might use such a thing are Americans who travel a lot. I am not trying to shave the law. I want to understand the spirit of it. -- Canadian Mind Products, Roedy Green. Coaching, problem solving, economical contract programming. See http://mindprod.com/jgloss/jgloss.html for The Java Glossary. >> You seem like the kind of person who could just wade through the regs >>yourself, starting at http://www.bxa.doc.gov/Encryption/Default.htm. But [quoted text clipped - 5 lines] > encrypting personal files that used random FM noise to create the > keys. Well, OTP has its pitfalls. Cheap but effective cryptographic random number generating hardware would also be nice for other uses. Other than distinguishing hardware from software and key lengths equivalent to >56 bits symmetric from key lengths <=56 bits, the regs don't much care what the encryption technique is. > I am a Canadian and live in Canada. The people most likely > might use such a thing are Americans who travel a lot. US export regulations don't apply to you if you're not exporting any crypto from the USA. If your customers tell you credibly that it's for their own use and not for reexport, you're as much off the hook as distributors of 128-bit browsers are. > I am not trying to shave the law. I want to understand the spirit of > it. We would all like to see a concise cogent version of the regulations, a summary, a generalization, a spirit. --Mike Amling Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.