Current State of Exporting Open-Source Encryption?

Jay Maynard asks: "The project team is getting ready to release a new version of the Hercules IBM mainframe emulator. Part of the update is support for new instructions IBM added in their latest z/990 system, and two of those do encryption. The Bureau of Industry and Security (formerly the Bureau of Export Administration) changed their regulations on June 6, 2002 to grant a license to export open-source encryption code to anyone but the usual suspects (denied persons and banned countries). They went on to recently clarify that putting up code for download did not in itself constitute exporting to those banned countries or persons. There are many open-source projects that still host encryption code outside the US because of past rules. Is there still a reason for doing so?"

Yes, very much!

[shfted!]

There are many open-source projects that still host encryption code outside the US because of past rules. Is there still a reason for doing so?" DeCSS is the obvious example. Without code based on it, I could not watch DVDs I rent on Linux. As DeCSS is made illegal by the DMCA, the only choice for projects using that code is to host outside the US.

It is hopeless.

[Mensa+Babe]

The current state of exporting free software encryption is so "wonderful" that I have to manually type each and every sample program from Schneier's Applied Cryptography book listings to try it out, because a disc with exactly the very same software would be illegal and, by ex tention, evil. We all know that terrorists cannot type, so thank god we are entirely safe that way. I just love it. I feel like in the days, when I was typing C64 games in BASIC from '80s' computer magazines. *sigh*

off the top?

[mikecarrmikecarr]

"There are many open-source projects that still host encryption code outside the US because of past rules. Is there still a reason for doing so?"

uhm... why should anyone outside the US believe that the US will continue with its current position? Does the current political climate of the US, as observed by other nations (i.e. Canada), suggest that open-source encryption (read: tools to aid and abet terrorists) will continue to enjoy the lack of restrictions?

i dunno, it seems like a whole shwack of 'once bitten, twice shy' to me.

not trying to flame, i just can't see anything (from this side of the border) to suggest that we should be trusting the US not to change their position. *shrugs*

Of course. BSD.

[mirabilos]

The BSD spirit means we want to make stuff available
to anyone, free to use. This does include Microsoft,
Irak, Afghanistan and others.

Please don't feel offended - this is just the way
the BSD spirit works, and it's intended.

From an European's viewpoint, the US is one of the
most unfree countries around the world.

Re:Of course. BSD.

[necrognome]

From an European's viewpoint, the US is one of the most unfree countries around the world.

Similar things could be said about Europe, you know (and this is from a leftist), given the following European phenomena:

1. Oppressive gun control laws.
2. Useless anti-hate speech laws
3. Identity cards and a love of surveillance

Anytime you cross the Atlantic (in either direction), it seems you trade in some freedoms in exchange for others.

Re:one good reason to continue

[SETIGuy]

The rules will change again.. trapping the code inside the borders.

It's even worse than that. The change is an administrative change, not a change to the law. (IANAL, but I have worked under ITAR exemptions in the past and so have made myself familiar with the implications.) Should the administrative change be reversed at some time, and you have exported encryption technology, you have suddenly become guilty of a crime.

Because the law didn't change, it's not a case of ex post facto. It's uncertain whether the appeals courts would uphold a conviction in such a case. However, the DOJ could make your life unpleasant for quite some time.

In other words, if you choose to export, don't get on Ashcroft's bad side.