Re: [TCLUG:20008] Import/Export Encyrption laws (OT?)

[Mike Hicks <hick0088@tc.umn.edu>]

Jonathan Kline wrote:
> 
> Does anyone know the current US encyrption laws? I would like to mirror a
> strong encyption iso, and possibly have people from other countries dl it.
> I'm trying to mirror Gibraltar, but here is an excerpt from its owner:
> 
>     Is it a problem that Gibraltar contains strong encryption ? I do not
> know the
> legal situation in the USA at the moment. Is it now possible to "export"
> such
> software from the USA when it was originally put together outside and is
> only
> mirrored in the USA ?
> 
> TIA:
>     Also if its leagal to mirror it like this, would RT be interested in
> hosting the mirror?

I'm not 100% sure how this works.  In fact, I'm sure than very few
people know how it works.  You can post encryption software in the US,
and you can export 128bit (and higher?) encryption.  However, I believe
you have to put a small effort into blocking countries like China, Iran,
Iraq, etc. from accessing your server (you could probably just put those
country codes in /etc/hosts.deny).  From what I understand, it's just a
matter of e-mailing someone in the government and telling them that you
have encryption software on your site.  I'm not sure _who_ you have to
send that e-mail to, but you could ask the kernel.org maintainers if you
can't find that information anywhere else.

Of course, if the encryption algorithms you use are patented or
copyrighted, life gets a bit more difficult.  You might be able to do
this if your are in a non-profit organization (school, library, etc), as
they are exempt from some of the restrictions surrounding those things..

-- 
 _  _  _  _ _  ___    _ _  _  ___ _ _  __   Who is "they" anyway? 
/ \/ \(_)| ' // ._\  / - \(_)/ ./| ' /(__                              
\_||_/|_||_|_\\___/  \_-_/|_|\__\|_|_\ __)                             
[ Mike Hicks | http://umn.edu/~hick0088/ | mailto:hick0088@tc.umn.edu ]